Avatar

Levi Gundert

Technical Lead

Cisco Threat Research, Analysis, and Communications (TRAC)

Over the past decade, Levi Gundert has become an internationally recognized information security and risk management leader and trusted cyber security advisor to leading corporations. As a Technical Leader for Cisco's Threat Research, Analysis & Communications (TRAC) team, he works to identify and analyze threats, share cyber security information to industry, government and the public, and help to continually improve Cisco security technology. Gundert is also a thought leader in the practical application of big data analytics in threat intelligence programs, and is particularly focused on developing solutions to help Cisco efficiently manage, query, and analyze massive volumes of real-time threat data.

 Previous roles

Gundert always had a deep interest in technology and security, and was able to explore both areas in depth during his time as a U.S. Secret Service Special Agent assigned to the Los Angeles Electronic Crimes Task Force (ECTF). Before joining the U.S. Secret Service, Gundert worked as a senior network administrator for a West Coast-based financial institution and prior to that, was a systems administrator for a global consulting firm. He applied his knowledge from these technology roles in different cybercrime investigations that resulted in global arrests and prosecutions.

 As a special agent, Gundert developed new methodologies for proactively analyzing threat intelligence and producing actionable leads. Additionally, he helped gather criminal intelligence by covertly engaging hackers and fraudsters in the Underground. Gundert’s international assignments included embedding with the United Kingdom’s Serious Organized Crime Agency (SOCA), and collaborating with City of London police which resulted in the arrest of multiple threat actors. Additionally, Gundert performed worldwide presidential and diplomatic protection as assigned by the U.S. Secret Service.

Gundert left government service in 2007 so he could devote his time solely to cyber threat research. He joined Team Cymru, a specialized Internet security research firm where he led the Threat Intelligence Group, an international team responsible for proactive threat monitoring, research, and analysis in support of both government and enterprise clients. During his six years at the nonprofit, Gundert supervised and contributed to more than 100 extensive analysis reports, including malware and network forensics on over 30 federal law enforcement investigations.

In 2012 Gundert was recruited by the U.S. Federal Bureau of Investigation Law Enforcement Executive Development Association (FBI-LEEDA) to develop and deliver a comprehensive law enforcement program on identify theft, fraud, and cybercrime. The course was presented to more than 600 federal, state, and local law enforcement officials.

 Gundert’s industry certifications include Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker, and Systems Security Certified Practitioner. Gundert is a frequent contributor to online information security magazines and is a regular lecturer at risk management conferences. Among the many organizations that have engaged Gundert as a guest speaker are INTERPOL, Kaspersky, the Australian Federal Police, and the U.S. Department of Justice.

To read Levi Gundert’s recent posts on security, visit http://blogs.cisco.com/author/levigundert/.

Articles

June 2, 2014

SECURITY

Attack Analysis with a Fast Graph

This post is co-authored by Martin Lee, Armin Pelkmann, and Preetham Raghunanda. Cyber security analysts tend to redundantly perform the same attack queries with different input data. Unfortunately, the search for useful meta-data correlation across proprietary and open source data sets may be labor…

May 19, 2014

SECURITY

Angling for Silverlight Exploits

This post is co-authored by Andrew Tsonchev, Jaeson Schultz, Alex Chiu, Seth Hanford, Craig Williams, Steven Poulson, and Joel Esler. Special thanks to co-author Brandon Stultz for the exploit reverse engineering.  Silverlight exploits are the drive-by flavor of the month. Exploit Kit (EK) owners a…

April 15, 2014

SECURITY

Year-Long Exploit Pack Traffic Campaign Surges After Leveraging CDN

This post is coauthored by Andrew Tsonchev. Anyone can purchase an exploit pack (EP) license or rent time on an existing EP server. The challenge for threat actors is to redirect unsuspecting web browsing victims by force to the exploit landing page with sustained frequency. Naturally, like most cri…

March 20, 2014

SECURITY

Understanding Security Through Probability

This post was also authored by Min-yi Shen and Martin Lee. Security is all about probability. There is a certain probability that something bad will happen to your networks or your systems over the next 24 hours. Hoping that nothing bad will happen is unlikely to change that probability. Investing…

February 11, 2014

SECURITY

Dynamic Detection of Malicious DDNS

  This post was co-authored by Andrew Tsonchev. Two weeks ago we briefly discussed the role of dynamic DNS (DDNS) in a Fiesta exploit pack campaign. Today we further analyze and explore the role of DDNS in the context of cyber attack proliferation and present the case for adding an operational…

January 23, 2014

SECURITY

Fiesta Exploit Pack is No Party for Drive-By Victims

This post was also authored by Andrew Tsonchev and Steven Poulson. Update 2014-05-26: Thank you to Fox-IT for providing the Fiesta logo image. We updated the caption to accurately reflect image attribution. Cisco’s Cloud Web Security (CWS) service provides TRAC researchers with a constant fire hose…

January 13, 2014

SECURITY

Detecting Payment Card Data Breaches Today to Avoid Becoming Tomorrow’s Headline

A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at…

December 13, 2013

SECURITY

Big Data in Security – Part V: Anti-Phishing in the Cloud

In the last chapter of our five part Big Data in Security series, expert Data Scientists Brennan Evans and Mahdi Namazifar join me to discuss their work on a cloud anti-phishing solution. Phishing is a well-known historical threat. Essentially, it’s social engineering via email and it continues to b…

December 12, 2013

SECURITY

Big Data in Security – Part IV: Email Auto Rule Scoring on Hadoop

Following part three of our Big Data in Security series on graph analytics, I’m joined by expert data scientists Dazhuo Li and Jisheng Wang to talk about their work in developing an intelligent anti-spam solution using modern machine learning approaches on Hadoop. What is ARS and what problem is it…