What is it like to work in cyber security? We ask some of the members of the team in Symantec. Today, we hear from Sayali Kulkarni, Senior Threat Analysis Engineer.
How long have you been in this role?
I have been in my current role in Dublin, Ireland for the past two and a half years. However, I initially joined Symantec in 2011 in my home city of Pune, India.
How did you come to work in the field of cyber security?
When I first decided to do a Bachelor’s of Computer Science Engineering degree, I saw it as an opportunity to explore the different areas of computer science. I felt a general CS Engineering degree would give me the freedom to work in multiple areas, such as programming, database management, cryptography, and networking, among others. During the last year of my engineering degree, I decided to build an autonomous home device control system for my final year practicum. The project was a combination of networking and assembly/C language programming. In 2011, after I had completed my engineering degree, Symantec began recruiting for junior level software engineering positions in the Security Response department in Pune. The interviews were comprehensive, comprising a series of technical skills requirement tests, including written papers on problem solving and programming, followed by a number of different levels of interview. After what felt like a very long interview process I was offered a position with Symantec’s Security Response department, and that is how I began my career in cyber security.
Joining the Symantec family changed my whole view of industrial work and gave me new perspectives on computer science. One of the first things my hiring manager did was introduce me to the IDA Pro disassembler and debugger. Knowing assembly from my final year project was an advantage, but working with a disassembler was very new to me. At the same time, when most of my classmates were busy programming in Java, .net or C++, or working in database management roles, I was debugging assembly code. At the time, I was unsure if I had made the right decision to begin my career in cyber security, but I gave myself a chance to understand the scope of the field. Analyzing different malware and reading about different cyber security events happening around the world helped me to realize that this was not a typical tech career but that the work would be interesting and important.
Learning about and writing different tools that help with the analysis of different malware was also part of the job. This gave me the opportunity to immediately begin learning more new things and the chance to experiment with a number of different programming languages and tools.
While performing my day-to-day activities, I also wrote a number of research papers on different malware variants I had come across. In 2014, Virus Bulletin selected one of my papers for inclusion in their conference and I flew to Seattle to present my first paper at VB2014. This was my first international trip outside of India. Coming from a typical Indian middle class family, this was a new experience for me. Having an international stage to talk to my peers in the industry and represent the company’s engineering work in front of competitors was a big responsibility. This opportunity helped to build my confidence in my own reverse engineering skills.
Once this trip was complete, I found I wanted more new challenges. I decided to apply for an internal position in Symantec’s Dublin office. After completing a number of interviews, I finally got an offer to move to Symantec’s Security Response Dublin office. Since 2015, I have been working as a Senior Threat Analysis Engineer in Symantec’s security response office in Dublin.
Cyber security gave me the chance to see the world.
Most recently, my role has evolved from analyzing malware as an engineer to automating the everyday work an engineer typically performs. Understanding how malware analysis works in my previous role has been key to helping me build and maintain the systems that automate different parts of the malware analysis process. This includes understanding and building machine learning algorithms, which help drive our automated analysis, but also touches on system administration and site-reliability skills to maintain those systems.
“Every skill you learn adds another block to build on”
What advice would you give to someone who wants a job like yours?
Cyber security is a big field and there will always be a need for good engineers. If you are interested in a career in cyber security, plan your roadmap according to the skills required in the positions that interest you most. Learning the basic skills of cyber security will help to smooth the path to your dream role. No one knows everything at the beginning, so don’t be afraid to apply for jobs. Most companies will understand this and will help their employees to build their skills. Learning new skills is a continuous process and, really, is part of the job. Be curious about what you can’t do, explore more and, most importantly, ask lots and lots of questions! Every skill you learn adds another block to build on.
Opportunities to grow your career do not only mean changing employers. There are often opportunities to work on new projects, in different areas of cyber security, within the same organization.
“A career in cyber security is a lifelong learning process; not the filling of a pail, but the lighting of a fire!”
Is the course you studied at university relevant to the job you have now?
Definitely. I chose a science stream in my high school that focused on mathematics and physics. These subjects helped build a platform for my computer science studies. Focusing on science during high school indirectly benefited me in getting admission to the Computer Engineering Science course in Pune University where I studied most of the core areas of computer science.
I am also currently pursuing a Master’s degree in Digital Investigation and Forensics from University College Dublin; this is equipping me with more relevant skills related to cyber security forensics and information security law and regulations around the world.
What do you think are three qualities someone who wants to work in a role like yours needs to have?
- Innovation is necessary: try to think of different solutions for a problem. You will definitely find the innovative answer somewhere in there. Problem solving skills are a required part of any cyber security role.
- Be happy to learn new things. Every year, we see hundreds of new malware variants and cyber attacks. You need to keep updating your knowledge in line with the current threat landscape. A career in cyber security is a lifelong learning process; not the filling of a pail, but the lighting of a fire!
- Inquisitiveness is very important. You need to be able to ask questions and not worry about being embarrassed in cases when you don’t know the answer and need to ask for help. As a famous female blogger has said: asking questions is a super power!
Any other tips, advice or anecdotes you would like to add?
When I started in Security Response in India, I was one of two women in a department of around 50 engineers. I am happy to say that the ratio has increased over the years. There is no barrier to entry into cyber security.
Understanding the basic principles of security is now not just necessary, it is essential.
@Credits: Medium - Symantec