# About

Links:
<a href="https://url.gormo.co/github" title="Github Profile"><img src="_static/github-logo.png" width="20" height="20"></a>
<a href="https://url.gormo.co/twitter" title="Twitter Profile"><img src="_static/twitter-logo.svg" width="22" height="22"></a>
<a href="https://url.gormo.co/linkedin" title="LinkedIn Profile"><img src="_static/linkedin-logo.png" width="20" height="20"></a>
<a href="https://url.gormo.co/14ers" title="14ers.com Profile"><img src="https://www.14ers.com/favicon.ico" width="20" height="20"></a>
<a href="https://url.gormo.co/strava" title="Strava Profile"><img src="_static/strava-logo.png" width="20" height="20"></a>
<a href="https://url.gormo.co/instagram" title="Instagram Profile"><img src="_static/instagram-logo.png" width="20" height="20"></a>

👋 I'm a Senior Security Researcher at [@Microsoft](https://www.microsoft.com/). Former Security Engineer [@datadoghq](https://www.datadoghq.com) and Senior Security Researcher [@Mandiant](https://www.mandiant.com).

I became a Security Analyst straight out of highschool, I spent the next 4 years maintaining a global Cisco FirePOWER IDS fleet and training a team of analysts to respond to the threats they detected. After that, I became an analyst on [Mandiant](https://www.mandiant.com)'s Managed Defense SOC team, responding to breaches perpetrated by the stealthiest APTs and noisiest script-kiddies. I quickly pivoted to the world of research, becoming a Security Researcher for Mandiant's Advanced Practices team. Over 3 years I learned from experts on threat detection and intelligence, hunting for new and novel threats, writing custom research/analysis tools, and investigating some of the most impactful breaches of the time. I spent almost 2 years as a Security Engineer [@datadoghq](https://www.datadoghq.com) focused on Security Intelligence and Incident Response, leading a small, but effective, Security Intelligence team in building a custom [Synapse](https://synapse.docs.vertex.link/en/latest/) instance to provide curated intelligence for [@datadoghq](https://www.datadoghq.com)'s Security Operations and Engineering teams. Today I spend my days hunting for threats at Microsoft.

In my spare time I like writing open-source software, reading maps, and wandering around in the mountains. Sometimes these hobbies even colide! When I get the chance, I like to write about my experiences. Checkout my [blog](https://gormo.co/blog/index.html) for more!

To get an idea of the software projects I maintain, take a look at my [projects page](https://gormo.co/projects.html).

Some public examples of my work:
- [Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor](https://www.mandiant.com/resources/blog/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor)
- [Sunburst Countermeasures](https://github.com/mandiant/sunburst_countermeasures)
- [FireEye Red Team Tool Countermeasures](https://github.com/Mandiant/red_team_tool_countermeasures)
- [CVE-2023-38704](https://nvd.nist.gov/vuln/detail/CVE-2023-38704) (lead Datadog's response)
- [It’s Your Money and They Want It Now — The Cycle of Adversary Pursuit](https://www.mandiant.com/resources/blog/the-cycle-of-adversary-pursuit)

## Contact
Please use [LinkedIn](https://www.linkedin.com/in/johngorman31/) or [Twitter/X](https://twitter.com/_gormaniac_) if you'd like to contact me.

If your comment/question is related to a project of mine, open an issue in the project's Github repo instead.