Back when he started college, Nick Gregory raced over to NYU’s OSIRIS Lab and made some friends for the first couple of days of school. Then his classes got crazy and he didn’t hit the lab for a few weeks—he was adjusting to the workload of his freshman year and the stresses that go along with that.
When he finally got his head above water and walked across campus to the lab, people were surprised to see him. “You ghosted us,” one of his friends said. Couple that with his fair complexion and his new moniker was set: He would forever be known as Ghost. That’s what we call him around Capsule8 every day. We’ve got a couple of Nicks but only one Ghost.
After rising to vice president and infrastructure manager at OSIRIS Lab (which is the student-run Offensive Security, Incident Response, and Internet Security Lab), Ghost came to C8 in the summer of 2018 as an intern and joined the team full time in January of 2019 as a research scientist.
Security has been a passion since Ghost was in high school. So he’s a great fit at C8.
Ghost spends many of his days at C8 flushing out small bugs. “They can manifest themselves in potentially larger ways, but at the end of the day it’s usually a very small bug.”
In his daily work, collaboration is the key to finding and fixing a bug.
“Just finding a small bug can be complex. So if someone else can attack one half, I can start on the other half. In the process, we narrow down where the bug is—whether it’s just pitching ideas back and forth or figuring out the right place to start.”
Every day is an adventure, Ghost says. “I guess there’s two or three different types of days. There are days that are just pure engineering, like when I have a spec for something to write or I’m just writing code all day. Those days are really fun, because I can sit down and at the end of the day be like, ‘Yes, I churned out hundreds of lines of code and this new thing works.’”
Other days, Ghost is on a bug hunt. “We may have a small thing in the product that doesn’t exactly match the behavior we want to see in Linux. So I may spend two or three days back to back just hunting down the location of this tiny discrepancy. At the end of the task, I could end up in a completely different subsystem from where I started. So that takes a lot of time.”
Capsule8 also gives Ghost time to conduct research. “On the research side, we run things almost like academic projects—all with the goal of delivering a better product to our customers. This part of my job is fun. I help build tools that help make our lives a bit easier, sometimes I dig deep into a subject and write an exploit script for a blog post or a demo. Sometimes it’s fun to just hack around on stuff, I guess, and Capsule8 gives me that opportunity.”
As far as the tools Ghost uses, most days he’s got a text editor open in one window and Go’s Tooling in another—or maybe several windows. “Of course, I often work with Kubernetes, especially Kubernetes clusters. When I’m just developing exploits or doing research, I usually end up writing that in Python because I know Python inside and out and it has all the libraries and support that I could ever need. If there’s ever a tool we need, I know that Capsule8 will get it.”
As far as cool projects go, Ghost smiles broadly when asked.
“One of the things that I worked on is a full exploit chain from network access all the way to breaking out of a container and disabling SE Linux on the host. I loved pulling all the parts together—especially the novel stuff it included. That was a lot of fun to work on.”
When it comes time to explain what he does to family and friends, Ghost keeps it simple. “I tell people I make servers more secure. Depending on the technical level that they’re at, I may say I make websites or services more secure instead of servers. If it’s a really high-level discussion, I just say I help keep companies secure.”
Outside of work, Ghost has a number of interests, including that lab where he got his nickname. ”I still float around the OSIRIS Lab at NYU, where I’m now a hacker in residence. It’s kind of come full circle but now I’m advising and helping students with projects. Outside of security, I’ve rekindled my interest in photography. It’s been fun getting back into that. I’ve also been interested in meteorology—weather, prediction of weather, and all of that. I have a side project I’ve been working on related to that, with a beta just around the corner.”
So, whether it’s writing code, finding bugs, advising students, taking photographs, or keeping a weather eye, Ghost is always on the case. And we’re glad Ghost is haunting the halls at Capsule8.
Are you interested in joining the Capsule8 team? You can check out our open listings on the Capsule8 Careers page!
Capsule8 is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure.