Meet the Team: Mike Powell, Senior Security Services Engineer

Mike Powell has been working at Corero as a Security Services Engineer for over 4 years. When it comes to DDoS, Mike feels he has learned so much from Corero’s experts. He takes pride in having a hand at blocking DDoS attacks for online gamers and has a knack for network security and staying up to date on new technologies and techniques.

Mike has an MBA and a Bachelor’s degree in Information Science and Technology with a focus in Networking and a minor in Economics from Mercer University. Prior to Corero, Mike worked as a System Administrator for Mercer's Computer Science department and served as a coach for the Cyber Defense Team. A few years later, he received the opportunity to join Corero and knew it would provide him the perfect environment to continue growing and exceling in the industry.

Take a deeper dive into Mike’s life at Corero with the Q&A below:

1. What first interested you in computers and electronics?

I’ve always been interested in technology, but when I was 12 my father bought a computer, which really piqued my interest. You see, the computer he bought did not come with a floppy disk drive, which at the time seemed ludicrous! How could you have a computer and not have a floppy disk drive? So, we purchased a floppy disk and installed it together. We learned that it did matter which way the floppy cable was plugged in. It was a simple distinction but working on that and looking at the inside of a computer kickstarted my interest in IT.

2. How were you introduced to Corero? What was your initial reaction?

I was introduced through a friend who worked at Corero. A year later, there was an opening for a Security Engineer position, and I landed the job here, which was very exciting.

The SmartWall capabilities and technological advancements of Corero’s products in the industry were astounding. Specifically, its quarter RU design that allows you to fit four defense devices in 1RU on a given rack. I was impressed with the technology and was equally impressed with the people who I was going to be working with in the SOC (Security Operations Center). Everyone was extremely smart and had exceptional troubleshooting skills. I knew that Corero would be a place that I could learn and grow.

3. What is your drive to fulfill your role?

Ever since I started college and began to learn about networking, I’ve been interested in network security and learning more about it. Competing on the Cyber Defense Team only increased that desire, as well as attending the world’s largest hacker convention, Defcon, for multiple years while I was at Mercer. So, it’s this interest in network security and learning about new technologies and techniques that primarily drives me.

My connection to gaming and playing online with other people also motivates me. Over the past 10 years DDoS has become a major problem in online gaming where players will try to attack other players so that they can win the game and increase their own rankings unfairly. This is of course highly frustrating to players who are trying to play the game for enjoyment. So, whenever I get to block an attack that I can see is using destination port 3074 (Xbox Port) I get a LOT of satisfaction from knowing I’m preventing someone from cheating in the game and ruining everyone else’s fun.

4. What are you most proud of that you’ve accomplished at Corero? What problems have you solved?

One of the most memorable issues I worked on happened in my first few months at Corero. One of our customers required assistance with four Corero defense devices they had hooked up to a single Netoptics load balancer. They encountered an issue while performing in service software upgrade. Everything worked as expected when upgrading the first three of four units, the traffic automatically balanced to the other units as each individual unit was upgraded so that there was no service downtime. However, when upgrading the fourth unit, the load balancing failed to redistribute the traffic thereby impacting the service. I spent much time learning about the load balancer, Corero devices, and replicating the upgrade process.

I couldn’t reproduce the issue for a long time. Eventually I decided to put switches on either side of the load balancer and set up a LAG between the switches exactly as the customer had done. This time, when I upgraded the fourth unit, the entire LAG went down, and the network became temporarily unusable while the fourth unit was rebooting. I finally figured out that because of the load balancer’s specific algorithm, all of the LAG status packets were being sent over single one of the four participating devices, and that is why when the fourth defense device was rebooted, instead of the expected traffic rebalance, the entire LAG would go down. The fix was to set up a heartbeat mechanism on the load balancer so that it would load balance quickly to the other ports whenever a LAG device was being upgraded. This allowed the customer to have a more resilient network and allowed us to finish all upgrades for that customer. Everyone was very happy with my work and I was very proud of it.

5. What was most helpful when learning about Corero’s DDoS solutions?

Learning all the various types of rules that Corero’s DDoS solutions have and how they work. Also, learning about the order in which the rules fired helped me to better visualize the system and how it blocks DDoS attacks. Since I personally did not have any DDoS experience prior to Corero, gaining insight into the rules enabled me to learn the specifics of DDoS attacks.

6. Have you had an “ah-ha” moment using Corero or working at Corero?

One of the biggest ah-ha moments I’ve had is when I discovered the CLDAP attack one of our customers faced. The coolest thing about it was that the attack was blocked automatically and without any issues, even though up until that point, a reflective CLDAP DDoS attack was not widely known. This protection was further shown to be valuable when one of our customers with 100Gbps of protection received a 70Gbps CLDAP attack a couple of days later, which was also automatically mitigated. This cemented the idea into my head that organizations don’t require a fingerprint of what a particular DDoS attack looks like in order to block it. If you have the right algorithms like our Smart Rules in place, you can block DDoS attacks even if it’s the first time anyone has ever seen a particular attack.

7. What advice would you give to people in your role?

For anyone in my role, I would suggest that they learn both networking and packet analysis. When I arrived here, I had a good idea about networking and even had my CCNA certification, but I didn’t know it to the hands-on level that we use it in the SOC here. For example, I didn’t know protocol numbers such as ICMP=1, TCP=6, UDP=17. I knew a lot about ICMP, TCP, UDP, etc. but when I saw all the protocol numbers in our sFlow messages, I wasn’t sure of what they were. You may know networking well enough to set up a network, manage it, and have it do everything you need, but it’s another thing to do packet analysis on many different networks and to know how to block DDoS and the various parts of the packet that can often be used to block it.

8. What are you passionate about? How did you get into it?

I’m very passionate about motorcycles and enjoying exploring Massachusetts on my Indian Scout 60. I had never ridden a motorcycle before taking a Motorcycle Safety Foundations course, but the class did a very good job of taking me from ground zero to being somewhat comfortable riding in a span of 2 days. After that, I bought my motorcycle and began slowly building my skills and comfort level riding in parking lots and eventually in the quiet streets around my apartment.