Sophos Cloud Optix
SophosLabs is at the center of Sophos. It’s the place where highly skilled experts in the field work round the clock to build protection from the latest threats.
But who works there?
This week we’re talking to Peter Szabo, aka, Zarubotto-san, Senior Threat Researcher from SophosLabs Vancouver.
I’m an Aussie who was born in Eastern Europe and now lives in Vancouver. I moved here two years ago after seven and a half years at SophosLabs in Sydney, Australia.
When I’m not at work, I enjoy puzzles or a good game of billiards over a few pints. I go to the gym regularly and have recently taken up rock climbing and bouldering.
In my previous job, I was a software engineer working on protocol drivers in C and C++. The job required some reverse engineering and documentation of protocols. Turns out that this fits really well with my love of puzzles and finding out how stuff works.
At Sophos, I do reverse engineering (mostly x86 with IDA) and analyst training, and I’m moving more toward vulnerability assessment and discovery. A big part of my job is spotting interesting features in malware, designing new and difficult-to-bypass generic detection strategies, and data mining to find related patterns.
I enjoy the challenge of playing the cat-and-mouse game, with a view to staying ahead of the crooks and making the world a little safer. As I look forward in my career, I’ll continue in security but will probably look to expand my repertoire and lean toward a team lead or managerial role, given the experience I’ve already accumulated.
I’m no clairvoyant, but I can tell you the malware problem isn’t going away any time soon.
No matter how smart security technology gets, we will always need users to be on their guard. For the security industry, the big challenge is dealing with the sheer volume of malware that has been generated since malware matured from a cottage industry to a Henry Ford style production line funded by organised crime.
Data mining, reputation and scalability will be at the forefront of any successful efforts.
I’m a digital hermit, for the most part. I don’t Facebook, I have a Google+ account only to communicate professionally with the general public and I maintain several private email addresses.
I shred and burn anything with personally identifiable information (PII), and my parents have been well versed in doing the same. I will not disclose any information I deem not necessary, and I refuse to do business with merchants that demand information they do not actually need.
I can thank my Eastern Bloc exposure for my radical (realistic) stance on privacy.
I suggest that users concerned about privacy don’t use Facebook and don’t post pictures that may compromise a future job. In short, don’t post a picture you wouldn’t want to share with your parents, spouse or a magistrate. Once it’s out there, it’s never going away.
Do not divulge more than is required, and do not be fooled/trolled into disclosure. The one good thing about the internet is that it is like TV or radio: if you don’t like the show, you are free to change the channel!
Security is a lifestyle; a way of thinking. It takes a lot of dedication. It is definitely not just a 9 to 5 job. But for those of us who have a knack for it, it can be extremely rewarding.
Since being a good researcher implies being able to find your own way, I won’t recommend any specific sources of information, but searchlores, hex-rays and reverse engineering are some good keywords.
Want to know more about SophosLabs?
Read the other articles in this series on Numaan Huq, Joanne Garvey and James Wyke who all work at SophosLabs, check out our YouTube playlist, or see more on the Sophos website.
If you are a privacy concerned then why write this blog?
I think there's a difference between telling people some general stuff about yourself and giving them precise details.
Being general might be saying "I like playing billiards," which is what Zarubotto-san did, while being more precise might be uploading pics to Facebook with dates, times and places where you play, the people you hang out with, and your results in the most recent competition.
The former is a tiny bit of use to a social engineer (though it's not hard to guess – playing games like billiards is a fairly commonly-enjoyed recreation by blokes of Peter's age :-); the latter is much more risky, as it lets a crook pretend a familiarity and friendship with you that he doesn't have.
Plus….maybe he doesn't like billiards at all, and it's a trick revelation 🙂
Even the nocturnal elusive recluse, the platypus must on occasion step into the sunlight.
Maxim is right. There is a lot of bad out there and it is going to get you, sooner or later. I keep away from Facebook as much as possible. I don't do Google+. Unfortunately I wouldn't know what is going on with my children or grandchildren without checking in every couple of months or so on Facebook. My own experience with Facebook was a scary episode some time ago. I uploaded a new picture to go with my name which was a unique pin-up drawing, badly scanned that I downloaded well over 10 years ago. After a couple of weeks I did a Google search on my name just to see how many of us are out there. Sure enough the first couple of pages were me with references to my old employer and many telephone listings even some from departments that ceased to exist 10 years ago. But imagine my surprise when, Google pages later, I found another person in the same industry as me on a bio website in the southern states and this man (or woman) was in Atlanta with a professional resume and my new pin-up as her/his photo!
Somewhere, somehow, Facebook sells access to their database to other databases and lo and behold my new pin-up gets attached to a stranger or was it a virtual stranger with my name and picture attached to a business resume culled from many resumes somewhere else. Maybe my Facebook information is now floating about the universe and being attached to strangers and I will get a knock on my door from a friendly CSIS or CIA or Underworld suit who wants to either arrest me or shoot me.
My immediate reaction was to delete my entire Facebook account, but then the information is already out there so for the future I just deleted as much of my information as I could while still keeping the account to see what my kids are doing.
As for internet shopping, I live in a small northern Canadian town as everyone will know if this gets posted and you can't get everything you want from WalMart or Canadian Tire, let alone everything you need to keep the iMac running.
It was curious that Sophos stopped running as soon as I started this diatribe. Coincidence or is my iMac infected right now and Sophos is monitoring my keystrokes? (grin) Time to shut down and restart.
Actually, that was Peter's observation; I just edited and posted his autobiographical profile. 🙂
Thanks for sharing, its interesting to see the cogs and wheels behind Sophos, and their stories.
I like these personal bio's every once in a while. I get information about the back-story, so to speak, of how the people at Sophos have the experience to do their jobs and what Sophos does behind the scenes.
Question for you, Maxim. It's getting harder and harder to even get a good private email address, everybody asks for too much information. Giving bogus information seems the only way to get a private email address, but the IP address still tracks back to me. Any generic suggestions on how to protect privacy?
Good luck to you in your aspirations for the future.
Thomas, privacy is definitely a challenge. It's also more a spectrum than an absolute. It's really about who knows what about you, and how easy is it for others to discover.
As you note, protecting your privacy from an email provider is relatively challenging, since they'll see your IP address when you register and every time you access your email. You could use a privacy proxy, but those bring with them their own sets of challenges. And, most likely, the proxy operator will be able to track you.
For day to day privacy, I think Peter's advice in the original post (that was his profile, posted by me) is sound, if a bit more defensive than my usual stance. In general, maintaining privacy online is all about protecting the four Cs: computer (includes smartphones, tablets, etc.), content, connection, and credentials. If you protect your computer (patches, AV, etc.), encrypt sensitive content and be careful where and with whom you share it, use relatively secure connections like those protected by SSL and VPNs, and use strong, varied passwords, you'll be in better shape than most netizens.