Researcher Spotlight: Cyber Viking Nate Warfield is Here to Help

“There are few jobs where I can say, I make two billion people more secure on the internet every single day.”

Childhood Look: Goth kid, all in black

Current Look: Cyber Viking

Childhood hobby: Head banging to Metallica, Marilyn Manson, and Guns N’ Roses

Current hobby: n0x08 DJ’s Live events around the world. Check him out here.

Most Innocent Hack: Finding a backdoor admin interface to his public library. He moved his name to the top of the waitlist on books he wanted to read.

Proudest Achievement: Starting the CTI League

This month’s researcher spotlight is on Nate Warfield. If you’ve heard his name, it’s probably from one of two ways. Warfield is the Chief Technology Officer of Prevailion, a next-generation cyber intelligence company who protect orgs from cyber threats targeting their networks. Or it’s from when Warfield was a member of the MSRC team where he was one of the (unofficial) voices and faces of MSRC to the security researcher community.

For some of you, Warfield’s back story may seem familiar. He didn’t have a lot of money growing up. His family was poor. Warfield squeezed every minute out of free AOL discs that would arrive in the mail. He stumbled upon internet forums teaching him how to generate fake credit card keys. This allowed him to enjoy his free internet ride a little longer. Moments like this unlocked a curiosity within Warfield. At 12 years old, he understood how software and internet services worked. Once, he discovered the superuser password in a BBS software package to help procure more download time. Warfield loved playing Wolfenstein 3D. He knew if he continued to push the limits, he could get whatever he wanted.  

Growing up on the island of Oahu, Warfield stood out. He found solace on his computer. He became the target of bullies, which he had no time for. He retaliated by creating a three-hour pager “bomb” which flooded his targets with pages. Another time it was an email spam campaign aimed at his high school faculty. Eventually, it would all come to an end in the form of expulsion. This was his wakeup call.  Warfield felt the pull of computers leading him off the island. His father on the other hand, suggested he get a job at Taco Bell. Warfield declined. Instead, he channeled his father’s strong work ethic. There were limited opportunities for IT on the islands, but it didn’t stop him from finding work. One of his first roles was working phone support for a dialup ISP. He saved his money and landed in Seattle doing tech support for F5 Networks. These jobs would lay his foundation for helping others.

Warfield’s tenure at MSRC was an interesting period; both for him and the cybersecurity industry. He remembers back when the Shadow Brokers leaked Eternal Blue, which led to the WannaCry attack. Warfield was in his office on the Redmond campus when news of the leak broke. He and another co-worker helped sound the alarm. This was a galvanizing moment for the security response team. “Everyone came together immediately; researchers, analysts, coders.” Warfield recalled. Fueled by pizza and caffeine, engineers across the company worked into the evening to confirm the vulnerabilities in the leak were addressed in the latest patches. Warfield’s responsibility was to quickly ascertain the payloads didn’t contain any additional or unknown exploits.

“It was cool to see a bunch of people across Microsoft immediately come together, focused on the mission, and succeed at the mission at hand, which was figuring out what was in there.”

Although it was a highly stressful, and challenging period, Warfield was left feeling proud of how the company unified and rallied to address the leak and get guidance out to customers.

The Security Servicing Criteria for Windows is another point of pride for Warfield. The impetus for its creation came in part from community feedback. Researchers needed better guidance to understand which boundaries and features qualified for servicing and bounties.  Microsoft’s Matt Miller kicked off the project and helped connect teams from across the company to participate. Warfield then helped author and publish the document that provided transparency with the research community, aligning internal and external people in a way that hadn’t existed until then. The project was a success. Warfield remembers feeling a great sense of accomplishment. The industry responded positively with an acknowledgement of his work and a tip of their hats.

“It was kind of cool to say, this information didn’t exist 5 years ago. And now it does because I worked with a bunch of people, and we got it out there.”

Warfield attributes his growth to mentors he’s had along the way. He learned the power of human connection and engaged with the research community to hear the candid feedback about the challenges. He took the onus to streamline the researcher engagement processes. He leaves behind a positive legacy for his desire to serve those in need. This human connection also went further than just emailing or tweeting him. Warfield was intentional about meeting new people in the community at hacker conventions. From chatting over food and drinks, to hallway chats, he made himself available to connect with anyone who came his way.

Helping people is a part of Warfield’s DNA and a driving force behind the work he does today. While he has never officially submitted a bug, Warfield has been instrumental in supporting hundreds of security researchers and their success. During his time in MSRC, he leaned in on his background in network engineering to help secure the Internet in a different way: cloud network security research. Inspired by a 2016 blog on Redis servers, Warfield began working with the Azure team to help identify compromised virtual machines and coordinate notifications to affected customers. Leveraging tools like Shodan and GreyNoise, he began presenting his techniques and lessons learned at hacker conferences to educate people about the risks of common security mistakes. This same skillset prepared him for a challenge no one saw coming; defending the critical infrastructure of healthcare.

Early in the pandemic, hospitals became the target of ransomware attacks. Ohed Zaidenberg, a cyber intelligence researcher reached out to Warfield via Twitter. They formed a coalition called the Cyber Threat Intelligence League (CTI). He put out the call and hundreds of security researchers and practitioners joined the league. Together they were able to accomplish their mission to keep hospitals secure and teach them how to defend themselves from cyber threats. All the researchers are volunteers. Warfield describes the league as something he is most proud of professionally. Check out Wired’s The Cyber-Avengers Protecting Hospitals from Ransomware. The work he and his colleagues are doing, give him hope for a brighter, safer, future for his children and the world at large. His personal joys come from being a father, snowboarding and traveling the globe spending time with his hacker family. Follow Nate on Twitter at @n0x08.