Challenges of Working in CyberSecurity
In eyes of those working in cybersecurity, Dr. Engin Kirda, the most important key to excelling in data protection is to stay one step ahead of the bad guys. And his opinion comes from both the experience of co-founding a successful cybersecurity company and from his role as a professor at Northwestern University’s College of Computer and Information Science.
Dr. Kirda began his education by earning his combined Bachelor of Science and Masters of Science, as well as his PhD in Computer Science from the Vienna University of Technology in Austria. As a professor, he has been awarded an endowed professorship at Northwestern University—a great honor for in academia—and he’s often asked draw on his expertise working in cybersecurity as a speaker at industry conferences, such as USENIX LEFT, Enterprise Mobility Forum, and most recently SXSW Interactive.
In a commitment to stay more current and innovative in data protection than the hackers he’s up against, Dr. Kirda continues his research in both the academic arena and in the professional realm as the Chief Architect of his cybersecurity company, Lastline. The results of this lifelong pursuit of knowledge is evidenced by his co-authorship of over one hundred peer-reviewed research papers on cybersecurity, as well as his contributions to publications such as Forbes.com, Ars Technica, eWEEK, and CIO.
Keep reading for our full interview with Dr. Engin Kirda, where he discusses his view of the future of the cybersecurity industry and what he thinks are the best ways to stay ahead of the curve when it comes to cyber threats.
Please expand on your background. How did you end up working in cybersecurity and then on to teach in the field?
Over the past two decades, I’ve developed a broad understanding of computer science and focused all of my research, and later my classes, on cybersecurity. More specifically, I’ve developed a passion for in-depth exploration of the subjects of malware analysis and detection, web application security, and social networking security. I believe security is crucial to protecting the privacy and property of individuals and institutions, and is essential to continued innovation in connected devices and networks.
Can you describe network security and what Lastline, the company you co-founded, does for someone who may not be familiar with the field?
Network security is made up of an evolving combination of tools, processes, and people that protect data, devices, intellectual property, and individuals from exploitation, corruption, disruption, and other outcomes of cyber-attacks. Lastline is a global breach detection platform provider headquartered in Silicon Valley that delivers advanced anti-malware technology to enterprises like CKE Restaurants, managed security service providers (MSSPs) like Dell SecureWorks and leading security vendors like Barracuda, Bit9, Tripwire, Blue Coat, Juniper, and WatchGuard.
Can you tell us about your different roles in the IT industry (co-founder of a network security company and a professor) and how one informs the other?
I co-founded Lastline with other researchers and we continue to be deeply engaged in the cybersecurity research community so both roles are constantly informing each other. Academic research in cybersecurity is truly at the cutting-edge of computer science and my experience with an exposure to the latest research in the field has influenced my work at Lastline a great deal. In addition, cybersecurity researchers often develop novel technology in order to study the latest cybersecurity threats, because you need the right observational equipment to effectively analyze malicious code. This has led to the creation of tools like Anubis and Wepawet for our research that informed the development of the Lastline Breach Detection Platform. At the same time, deploying enterprise IT security technology in global businesses at Lastline gives us real-world perspective on how theoretical and advanced research can be applied to protect distributed organizations with thousands of people accessing their networks on any given day. This kind of scale and direct application of tools isn’t usually possible in academic research unless you team up with a business, which is rare.
How did you come to co-found Lastline? How has your entrepreneurial spirit been a benefit in the field of network security?
In some ways, building a body of academic research demands almost as much entrepreneurial spirit as building a company. In research, you must collaborate with people around the world to investigate and produce serious novel technology along with peer-reviewed, published research. At Lastline, we’ve been building a global team of researchers, engineers, analysts, and business people to deliver serious technology and bring it to market. So there are synergies in both paths. I met my co-founders in academic circles and we previously co-founded Secure Systems Lab which is now distributed across 5 countries on 2 continents. This practical experience in building a global organization from scratch helped a great deal as we set out to co-found another organization -- this time an IT security provider.
Many companies from varying industries are revamping their protections strategies in an effort to safeguard their information from being hacked. How do the services your company provides help people or companies stay protected against computer fraud or hacking?
Over the past year, we’ve detected a 2000% increase in evasive malware behavior. Malware is malicious software that enters a network through a number of channels including web traffic, email, applications, and endpoints (e.g. laptops, smartphones). Evasive malware is tailor-made to bypass traditional security defenses like anti-virus scanners and virtual sandboxes, because it senses that it is being monitored and acts like benign code until it gets through the gauntlet of protection set up at the perimeter of networks (e.g. firewalls, gateways). Once this evasive malware gets past the gates, it runs rampant within networks and covers its tracks so it may take months or years to be detected. Or it may never be detected. Lastline is focused on delivering protection against these advanced persistent threats (APTs) and evasive malware with a full-system emulation approach to sandboxing combined with security incident correlation and prioritization as well as real-time threat intelligence. Effectively, Lastline offers stealth enterprise security that protects against advanced and evasive threats to network security.
What are some of the challenges of the profession?
With the number of high profile breaches on the rise, cybersecurity is making headlines like never before. But cyber-criminals have been hacking and attacking people and businesses since before the Internet. It’s now on a massive global scale, with faster machines, more organized and educated adversaries, and there are vulnerabilities across so many more distributed devices now. So I’d say the biggest challenge of the profession is that it moves extremely fast, is very noisy, extremely crowded and there’s no security silver bullet. The two answers to almost every question in network security: it’s complicated and it depends.
What is the most exciting thing about the work you do?
I find this field exciting because it is a huge intellectual challenge due to its adversarial nature. The bad guys are smart, and you need to constantly try to outsmart them. Also, it's an area that needs an excellent general knowledge of computer science. It covers many areas of computer science such as data science, programming languages, systems, databases, and networking.
How has working in cybersecurity field changed since you entered it?
The biggest changes in cybersecurity are reflected in the biggest changes in technology over the past two decades: mobile, social, Internet of things, cloud, and big data. More people and things are connected to the Internet and to each other than ever before. This has caused the number of cyber-attack vectors to multiply exponentially with each new connected gadget, home, and business.
Do you think it’s an ideal time to go into IT or to become an IT specialist. If so, why?
Yes, this is a very exciting, but scary time for everyone in cybersecurity. We have to find a way to attract, train, and retain the best and brightest minds of this and the next generation to protect everyone’s privacy and security. And companies have to overhaul and upgrade their security systems to better protect employees, partners, and customers.
From your experience as a professor in IT, what qualities and skills do you think are necessary for pursuing a career in IT and network security?
I believe diversity in IT and network security is as important as anywhere else, so there’s not one particular set of attributes that make for a more successful career in such a broad category. Given the high and rising demand for talented people and the many varied roles that exist, I think anyone with dedication, problem-solving skills, and the ability to continuously learn can excel in this field. If you want to tackle the more technical roles, you’ll need to learn computer science, gain excellent programming skills, know about data science techniques, and/or all of the above. I’m a firm believer in the need for education, and also for practical, on-the-job experience. The traditional answer of strong math and science skills is somewhat true, but it’s not the only answer. You also have to love what you do to be successful, and the only way to find out if you love it is to try it. (Don’t get me wrong, it’s still hard work, but the field can be extremely fulfilling to some people and incredibly tedious to others.)
What advice do you have for students pursuing a degree in IT or cybersecurity? How can students prepare themselves for the challenges?
Think of it as a marathon, not a sprint. But don’t be intimidated to learn new things. Take it one subject at a time, one day at a time, and keep an open mind. Talk to as many people in the field as you can. When working in cybersecurity, networking is important. Remember, it’s a huge space with plenty of opportunity, so keep your eyes open as no one position, department, product or company is the same—and they each change all the time. And get comfortable with change: it’s the only constant. Also, adapt the attacker’s mindset. A security professional who is able to think like the attacker is more likely to succeed in this complex, fast-changing field where you need to deal with smart adversaries.
The expert interviewed for this article may be compensated to provide opinions on products, services, websites and various other topics. Even though the expert may receive compensation for this interview, the views, opinions, and positions expressed by the expert are his or hers alone, are not endorsed by, and do not necessarily reflect the views, opinions, and positions of [eLearners.com] or EducationDynamics, LLC. [eLearners.com] and EducationDynamics, LLC make no representations as to the accuracy, completeness, timeliness, suitability, or validity of any information in this article and will not be liable for any errors, omissions, or delays in or resulting from this information or any losses or damages arising from its display or use.