Who is SophosLabs: Peter Szabo, Senior Threat Researcher

Who is SophosLabs

SophosLabs is at the center of Sophos. It’s the place where highly skilled experts in the field work round the clock to build protection from the latest threats.

But who works there?

This week we’re talking to Peter Szabo, aka, Zarubotto-san, Senior Threat Researcher from SophosLabs Vancouver.

peter szaboI’m an Aussie who was born in Eastern Europe and now lives in Vancouver. I moved here two years ago after seven and a half years at SophosLabs in Sydney, Australia.

When I’m not at work, I enjoy puzzles or a good game of billiards over a few pints. I go to the gym regularly and have recently taken up rock climbing and bouldering.

In my previous job, I was a software engineer working on protocol drivers in C and C++. The job required some reverse engineering and documentation of protocols. Turns out that this fits really well with my love of puzzles and finding out how stuff works.

At Sophos, I do reverse engineering (mostly x86 with IDA) and analyst training, and I’m moving more toward vulnerability assessment and discovery. A big part of my job is spotting interesting features in malware, designing new and difficult-to-bypass generic detection strategies, and data mining to find related patterns.

I enjoy the challenge of playing the cat-and-mouse game, with a view to staying ahead of the crooks and making the world a little safer. As I look forward in my career, I’ll continue in security but will probably look to expand my repertoire and lean toward a team lead or managerial role, given the experience I’ve already accumulated.

I’m no clairvoyant, but I can tell you the malware problem isn’t going away any time soon.

No matter how smart security technology gets, we will always need users to be on their guard. For the security industry, the big challenge is dealing with the sheer volume of malware that has been generated since malware matured from a cottage industry to a Henry Ford style production line funded by organised crime.

Data mining, reputation and scalability will be at the forefront of any successful efforts.

I’m a digital hermit, for the most part. I don’t Facebook, I have a Google+ account only to communicate professionally with the general public and I maintain several private email addresses.

I shred and burn anything with personally identifiable information (PII), and my parents have been well versed in doing the same. I will not disclose any information I deem not necessary, and I refuse to do business with merchants that demand information they do not actually need.

I can thank my Eastern Bloc exposure for my radical (realistic) stance on privacy.

I suggest that users concerned about privacy don’t use Facebook and don’t post pictures that may compromise a future job. In short, don’t post a picture you wouldn’t want to share with your parents, spouse or a magistrate. Once it’s out there, it’s never going away.

Do not divulge more than is required, and do not be fooled/trolled into disclosure. The one good thing about the internet is that it is like TV or radio: if you don’t like the show, you are free to change the channel!

Security is a lifestyle; a way of thinking. It takes a lot of dedication. It is definitely not just a 9 to 5 job. But for those of us who have a knack for it, it can be extremely rewarding.

Since being a good researcher implies being able to find your own way, I won’t recommend any specific sources of information, but searchlores, hex-rays and reverse engineering are some good keywords.

Want to know more about SophosLabs?

Read the other articles in this series on Numaan Huq, Joanne Garvey and James Wyke who all work at SophosLabs, check out our YouTube playlist, or see more on the Sophos website.