New year, new career? How some Sophos experts got into cybersecurity

We asked a number of people working in different roles at Sophos how they made their way into cybersecurity.

1. Music making to malware fighting

Sales Engineer, Benedict Jones

I graduated from university with a first class BSc honours degree in Sound Technology and Digital Music. I have always pertained a profound interest in music and technology, but during my degree it dawned on me that I wasn’t quite “musically creative” enough to be a Music Producer. That’s when logic kicked in, and I decided to tailor my degree more towards my skillset and passion… technology.

I chose to create my own Android application for my dissertation so bought an O’Reilly book on Java and read all 726 pages by the poolside when on holiday in Spain. While creating my application, I managed to cause the device to overheat and/or crash – sometimes intentionally, and others not! This inspired my interest in mobile application malware, which was very much an emerging threat at the time. A year on from this, my dissertation was complete and my very own mobile application was published.

After graduating, I pursued a career in IT and my first job was as a Graduate Network Support Engineer. After 3 years in technical support, I had worked my way up to the top tier as a Senior Technical Support Consultant. I’d received plenty of first-hand insight into the devastating effect that malware can have on an organisation, having spent many an evening dealing with the aftermath of an outbreak. My research into various threats led me to understand how best to remediate security, which was to fix the flaws that had been exploited by the attackers in the first place.

Protecting organisations against cyberthreats left me with a sense of heroic satisfaction that ultimately inspired me to change my career path into cybersecurity. Which takes me to today – I am a Channel Sales Engineer at Sophos and continue to help organisations to protect themselves against cyberthreats.

2. Romancing malware analysis

Threat Researcher, Luca Nagy

The first time I came across programming languages was during high school and it was love at first sight. Our romance continued at university and I decided to dedicate myself to programming. While there, I also developed an interest in IT security and it was a huge dilemma to choose which direction to take my studies in.

For this reason, I started a CEH (Certified Ethical Hacker) course where we studied several techniques and tools to find and exploit weaknesses in various systems. This required prior experience but also creativity to solve new problems. The combination was really appealing, and it helped me to reach the decision to take the IT security route in my career.

During an internship at Telekom, I was working with intrusion detection/prevention systems (IDS/IPS) and became acquainted with malware. I decided to dig deeper, and in my thesis I introduced a malware analysis procedure through a ransomware analysis. I became passionate about malware analysis and have been ever since.

Now at Sophos, I spend my time reverse engineering emerging threats and creating detections against them.

3. Keeping on top of moving targets

Senior Threat Researcher, Rowland Yu

After majoring in Computer and Telecommunication Engineering at Tongji University, I graduated and got my first ‘proper’ job at Siemens Shanghai Mobile Communications Co. I was a Shift Leader and Technical Specialist and was responsibile for a production team working on a rotating schedule, who diagnosed, troubleshot, and repaired mobile equipment.

Two years later I started my postgraduate degree at the University of Wollongong, Australia, and was really attracted to the magic of computer and network security. I dedicated myself to research projects, including the design and analysis of secure systems with an emphasis on network and communication security, under the direction of Professor Reihaneh Safavi-Naini – the first-ever Australian winner of a security funding research grant.

I started as a spam analyst for SophosLabs in 2006, before moving into the role of Virus Threat Researcher for advanced threat research, reverse engineering and remediation. I then led anti-spam and DLP (data loss prevention) research in the Australian SophosLabs. When the first Android malware was discovered in 2012, I believed Android would become ‘the new Windows’ for malware and dedicated most of my time to Android security. Today I am a Senior Threat Researcher L2 at Sophos and the primary researcher leading the Android team for malware analysis and emerging threats.

Cybersecurity is a constantly moving target. Over the past decade, there have been so many different major cyberattacks targeting many different platforms. At the same time, we’ve seen advanced threat prevention techniques introduced too, such as generic detection, behavior monitoring (HIPS), memory scanning, sandbox, EDR (Endpoint Detection and Response), and deep learning.

I’ve had many interesting and unforgettable moments throughout my career. I read a great book called ‘Network Security: Private Communication in a Public World’, and attended an excellent lecture, ‘Advanced Network Security’, and have used both as a learning stepping stone in my career. Ultimately, I’d like to give credit to Sean McDonald (one of SophosLab Directors), who contributed to my career success. It’s great that I have worked with so many truly talented people in Sophos.

4. Discovering a love of cybersecurity

Software Engineer, Bogdana Avadanei

I recently graduated with a degree in Computer Science and, like many students, I didn’t initially know what particular area I wanted to specialise in. Unfortunately, my undergraduate degree didn’t offer a cybersecurity module, and the only reason I discovered how fascinated I was by the topic was because I had to write an essay in my first year that I left until the night before the deadline.

The essay topic was anything computer science related, so I decided the early methods of encryption would be a good idea, as I had just heard about a security breach. I spent all night in the library reading all the interesting books I could find on the subject. I knew then what path I wanted to follow, and my placement year at Sophos was an excellent opportunity to find out more about the industry. I enjoyed it and learned so much that I came back after I graduated as a software engineer.