Marion Marschalek - Austria
Marion Marschalek is currently working as Malware Analyst and Threat Researcher at Cyphort Inc. Santa Clara, California. Also she teaches basics of malware analysis at University of Applied Sciences St. Pölten and writes articles for security magazines. She has spoken at international conferences such as Defcon Las Vegas, RSA San Francisco and POC Seoul. In March last year she won the Female Reverse Engineering Challenge 2013, organized by RE professional Halvar Flake.
Her Favorite pieces:
- Talk at Defcon21 Las Vegas - https://www.youtube.com/watch?v=AHyy0gQYBxI
- Article on VB6 packed malware for Virus Bulletin - https://www.virusbtn.com/virusbulletin/archive/2014/07/vb201407-VB6
- Bright future ahead - http://0x1338.blogspot.co.at/2014/03/bright-future-ahead.html
One step ahead of the average nerd
Humans naturally fear the unknown, which means the less we know the more afraid we are. Today skills are the essence that make the difference in every field young professionals can enter, no matter if this is construction, health care or information technology. However, no other field is developing as fast as IT, while offering so many new and exciting fields to explore on a daily basis. The information industry is booming more than ever but skilled specialists are hard to find.
In the world we live in today technology is all around us and improves our everyday life. Yet, the more technology we own the less we seem to understand it; this, while understanding is the most entertaining part of it. Without basic understanding any device becomes useless, but as our knowledge improves satisfaction increases as well. A lot of young people are very familiar with the use of technical devices of all sorts, but only few are tempted to dare a deep dive and explore the inner workings. The reasons for this all boil down to a certain fear as I believe, fear of the unknown. We are all facing newspapers, construction sites, we watch TV or listen to music or deal with social problems. Thus students are naturally rather inclined to study publishing, construction, social studies or to become musicians than to go and become microprocessor designers. If we would have to deal with microprocessors every day a lot of people wouldn't think any more they are all ugly and scary.
I personally found fascination in dissecting software. The more I dissect, the better I understand, the more I love to learn more. I think every human is naturally driven to learn, to build and to improve; but when I started this, I admit, all the binaries did not look all that appealing to me.
I had to take a second look, then a third one, understanding a bit more every time, and finally having fun dragging all my new knowledge together. And now.. I do this every day, with passion.
Andrei Avădănei- Romania
Andrei Avădănei is the President of Cyber Security Research Center from Romania – CCSIR, an NGO where he conducts research on topics related to cyber security in order to help the development of new security solutions and services.
His Favorite work:
"To be among the best". With more than eight years of experience in the cyber security field, Andrei has been awarded at more than 60 international and national competitions of web & software development, algorithms and security. He is qualified and has deep experience in topics like Offensive Security, Web Security & Development, Creation & Management of Cyber Attacks/Threats in real & controlled environments. Also, Andrei has a deep passion to combine Artificial Intelligence & Machine Learning with Cyber Security Tools. He is also a regular speaker, mentor or judge at local and international festivals or conferences, such as DCOI. The technical knowledge gained in the last year of work where he developed different projects together with the CCSIR team is doubled by the leadership and management skills. He succeeded to build and successfully develop DefCamp from a local conference (2011) to a high quality international conference where every year almost 600 attendees join. Besides this, he also conducts international competitions - like D-CTF succeeding to get more than 400 teams registered every year. Last but not least, Andrei is the person to have in local TV shows when discussions take the path of security, cyber attacks, hackers and you need somebody endorsed with knowledge in these fields but also with the ability to explain extremely technical things to the large audience. He is already a regular guest for some. "Challenge yourself and learn by participating to DefCamp."
Chris D Doman- UK
His Favorite work:
- In terms of favourite pieces check http://pwc.blogs.com/cyber_security_updates/ <http://pwc.blogs.com/cyber_security_updates/> and there are some older items on my twitter https://twitter.com/chrisdoman <https://twitter.com/chrisdoman>
- personal page http://www.christopherdoman.com/?page_id=2 <http://www.christopherdoman.com/?page_id=2>
Reading Marion's motivation on this page, I can see there are a number of common reasons why people work in this industry but I think the overarching one is a passion for solving new problems that arise daily. I struggle to think of another industry that changes as quickly as this, driven by its adversarial nature and the changes new technologies bring.
It's easiest to describe just how interesting cyber security can be with a couple of stories from projects I've worked on this year.
The first involved a global company providing a number of services to governments, who were informed by law enforcement that their network had been breached by a sophisticated threat. This was the second time in two years that this had happened, giving an indication as to the persistence of the attacker. Within the first few days, our investigation had determined the attackers had full administrative access to our client’s environment globally and had been there for more than 18 months. Our response required the collection and analysis of evidence from five continents and the remediation required a well-planned operation to remove the intruder’s foothold from the network.
Whilst I wrote the previous paragraph with one project in mind, reading it back I realize it could describe the majority of investigations I have worked on. There is a lot of hype around targeted attacks and "Advanced Persistent Threats", in the industry. This can distract from the reality that these attacks are extremely common, though very few are reported upon publicly. The majority of investigations I have worked on involved teams of sophisticated adversaries working 9-5 to steal sensitive information on a mass scale. Working in cyber security can give you a unique perspective into global affairs.
Another project highlighted to me just how wide ranging the industry can be. The team was called in to respond to a breach at a large retailer. We were performing an investigation to find what had been taken, how the attack was executed and how to keep the attacker out of the network. But there was a far wider involvement with specialists helping to create a plan for communicating with the media; lawyers identifying next-steps and interactions with relevant public sector bodies; crisis managers helping to keep the wider business operating and experts provided assurance on how to improve the client's wider security posture. There is a desperate need across the industry for people with a wide variety of skills and backgrounds.
The third project was particularly satisfying as there was an immediate resolution. An employee at a small company had authorized a large fraudulent transaction, on their first day of work. The client's internal investigation had determined the employee's machine was not compromised and police were set to interview the employee, with all evidence pointing to an internal fraud. We were asked to investigate the activity, and thankfully we quickly identified the fraud was in-fact due to a group of malicious attackers that had obtained remote control of the new employee's machine – keeping him out of prison.
When I was initially considering a career in cyber-security, and incident detection and response in particular, I was concerned the skills I would learn would be too niche for a flexible career. I've realized how wrong I was. I work closely with our penetration testing team to help make their simulated attacks more realistic, and the same techniques and tools we have developed to track cyber threats are now being used by our anti-counterfeit team to track organized criminal networks selling counterfeit goods. The development of those tools too requires a strong investment in software development skills.
Without the UK's Cyber Security Challenge I probably wouldn't have found myself in such an exciting position, and campaigns such as ECSM are key to getting more people to realize how much their passions for technology are needed, both right now, and for the foreseeable future.