“The Lab appealed to me because of my interest in science and engineering, and my background in the public sector, mostly research and education. Knowing that the work I do contributes to the advancement of science and society, even in a small way, is a huge part of my motivation.”
– Michael Smitasin, Cybersecurity Engineer, IT Division
The Cyber Security group is responsible for developing and implementing an information security management plan for Berkeley Lab and working with research and operations divisions to ensure that security objectives defined by leadership are met. Michael Smitasin is a Cybersecurity Engineer in the IT Division and a 10-year veteran of the Lab. Learn more about his professional background, career trajectory, and contributions to current projects.
Can you tell us about your professional background and how your journey at Berkeley Lab began?
It all started with a wild idea to move to the San Francisco Bay Area knowing almost no one and having zero plan! I just had a dream one night that I had moved to the Bay Area, and when I woke up, I thought to myself: “Why not?” I’d only visited once before making the decision, but I’d spent some time around Berkeley and really liked the area. After having lived in Oregon for most of my life, I set off in the Summer of 2013 to figure out what was next.
Fortunately, a friend of a friend had been living in Berkeley and working for the Lab’s Engineering Division, so we met up at Triple Rock and he suggested I check the Lab’s jobs page for openings. I spotted a Network Engineering position with LBLnet and applied when I got home, but it’d be a few months before I actually interviewed, so I spent the intermediate time exploring the Bay Area and doing some volunteer work.
The Lab appealed to me because of my interest in science and engineering, and my background in the public sector, mostly research and education. Knowing that the work I do contributes to the advancement of science and society, even in a small way, is a huge part of my motivation. By the time I joined the Lab, I’d spent the majority of my professional career at the University of Oregon and a public transit agency, doing a mixture of desktop support and system administration, with a little taste of networking to get me interested in it.
People are often surprised to learn I don’t have an academic background in networking or cybersecurity. I actually got my degree in digital art and I still try to exercise it to this day with what I like to think of as slightly-above-average network and security diagrams.
I’m happy to say that this August will mark my 10th year at LBNL, the longest I’ve worked at any place in my entire life!
How have you achieved growth in your career trajectory at the Lab?
Formal training like certifications or courses have rarely appealed to me when it comes to acquiring new skills, rather, I prefer a more hands-on and self-guided approach.
In networking and security, “labs” or “proofs of concept” have been my preference. Basically, I’ll spin up a test environment with the technology I’m trying to learn, and see if I can get it working from the ground up with the existing types of equipment or data I have.
Earlier in my career, I would even do this at home, buying used or lower-end enterprise equipment, or using open source software to try to reproduce infrastructure at the Lab but with my home network. At one point, I had a pretty complicated setup: I was running my own routers, switches, and firewalls, authoritative and recursive DNS complete with DNSSEC validation and signing, my own web servers, email servers, network monitoring and telemetry servers, intrusion detection systems, backup systems, and VPNs. I had both physical devices at home and virtual machines in geographically diverse data centers operated by different companies on different continents. Getting all of that working, and troubleshooting things when they’d go wrong was a great way to learn how the various technologies worked together. Plus, not having usable internet connectivity at home was a great motivator to fix a problem!
The other component of my career that’s played a major role in its development has been engaging with other organizations outside of LBNL. This has varied from volunteering on the SCinet team at the Supercomputing Conference, to giving presentations at national conferences, to just discussing problems or solutions on mailing lists and having Zoom meetings with peers at other laboratories or universities to share advice and approaches.
I think that kind of collaboration is unique to research and education, and it’s something that I really value about the Lab: it’s like Team Science for networking and cybersecurity.
The helix sculpture located outside of the Integrated Genomics Building (IGB). (Credit: Thor Swift/Berkeley Lab)
What projects are you currently involved with and how do they impact Lab staff?
Usually, most of the projects I’m involved with are behind the scenes, so if everything goes to plan, folks shouldn’t notice any direct change to their day-to-day work.
Cloud Log Aggregation
One project at the top of my list is cloud log aggregation, where we’re working to gather logs from multiple cloud service providers (Amazon Web Services, Google Cloud Platform, Cloudflare, CrowdStrike, etc) to a single location for cybersecurity analysis, without requiring thousands of people to make changes to their systems.
Where people would notice this is if a security incident occurs: in the past, we’d have to ask them to export the logs themselves and send them to us, hoping that the attackers didn’t delete the logs first, or that they didn’t age-out by the time the incident was detected.
With this project, we’ll have the logs streaming to us in near real time, allowing us to alert on suspicious activity so we can prevent further damage, and to have a fuller picture of what activity an attacker performed, even if they deleted the local logs.
Upgrades to the Lab Network
Another similarly-behind-the-scenes project I’m working on is upgrading the Lab’s tap aggregation infrastructure to enable even higher speed networking. This infrastructure allows cybersecurity to analyze network traffic on the Lab’s campus to detect and prevent intrusions, and conduct forensics on attacks that target Lab computers.
The Networking group (LBLnet) is working to upgrade the Lab’s campus network to higher speeds, up to 400Gbps per connection, which requires the Cyber Security group to be able to ingest all of that data as well. This will enable researchers to use even higher speed Data Transfer Nodes (DTNs), or dedicated servers designed to send and receive huge amounts of data to and from collaborating institutions all over the world.
CrowdStrike Enhancements
A project that I was recently involved with that has more visibility for a lot of people is CrowdStrike, the Lab’s new antivirus software. This has been a large undertaking by many people, and my role was to evaluate its features, capabilities, and fit with the Cyber Security group’s existing tools and workflows. This involved looking at more obscure functions than just virus detection, like the ability to customize Indicators Of Compromise (IOCs, pieces of data tied to suspicious activity) and how to interact with its Application Programming Interface (API, a way for other systems to integrate and automate with Crowdstrike).
Who are you outside of working at Berkeley Lab?
The most obvious answer is a runner and cyclist! Though I haven’t done anything competitive since the start of the COVID-19 pandemic, I at least try to go for a run or hop on the bike every day (or trainer, if it’s raining). I recently got into mountain biking and have been trying to explore new trails whenever the weather is permitting. My partner and I also have aspirations of getting into bikepacking or kayak-camping this summer, and we’re working our way through a map of the national parks, putting pins in each one as we visit them.
Read more IT Staff articles:
in the bottom right or navigate to