Home Security Research findings not driven by marketing, says security pro

Research findings not driven by marketing, says security pro

Marketing has no influence on the findings that security researchers make; in fact, it is the other way around, according to Noushin Shabab, a security researcher and software developer at Kaspersky Lab in Melbourne.

Shabab, one of the very few women to work for a top cyber security firm, told iTWire during a recent interview that "if marketing sees my reports to benefit sales, the team will use these reports to spread the message further."

She hails from Iran and worked for that country's largest software company, Amnpardaz Software Corporation, as a senior malware analyst and security software developer, before coming to Australia to work for Kaspersky Lab.

Shabab specialises in user mode and kernel mode malware and rootkit analysis (x86 and x64), such as APTs, botnets, viruses and exploits.

She also has intimate knowledge of advanced malware attack techniques as exemplified by Conficker, Stuxnet, Equation Group, ZeroAccess, BlackEnergy, Necurs, Nimnul/Ramnit and Regin APT.

Edited excerpts from the interview:

iTWire: Have you had a desire to work in a field like this since you were little? 

Noushin Shabab: When I was little, solving puzzle pieces with my sister was always a favourite past time. We would even recreate escape rooms in our homes and challenge each other to find the finish line.

noushin shabab

Or was there some incident or influence in your life that led you to this field?

In university, I was quite good in programming. During my 2nd year, one of my professors asked me to assist him in teaching first year students in learning different technical subjects. Then when I joined the work force, my peers involved me with training people. I then discovered that I had tact in explaining technical lingo to my colleagues outside technical departments. This eventually made me delve further in technical problem solving that led me to research and eventually cyber security.

What is it you like most about your job?

There is never one problem. There are always lots of problems, new problems and new challenges every day and the best part is, even though it’s difficult and tedious, I enjoy the problem solving process.

And what is it that you dislike – or like the least?

I like every aspect of my role. Although many technical people do not like writing reports, I enjoy investing time in writing a comprehensive report. This is because I believe it's important to deliver the knowledge gained from research in a proper way.

Is there a class of malware that is easier to work on, compared to others?  Or can you divide them up by platform as being easier or more difficult to tackle?

In general, the scope of my work is difficult. However, difficult malware easily fall under APTs (advanced persistent threats).

Do you have cases where you find it difficult to analyse something and get really frustrated to the extent that you have to pass on the work to someone else or ask for help?

All of my cases are worked on by myself. The occasional assistance is needed from my peers, but the overall project is under my responsibility.

You mentioned you have a sister who is also in the same field. Is there any professional rivalry between you two?

I would like to have a good story on this, but we don’t have reason to have any rivalry because although we sometimes don’t see eye to eye, we discover further knowledge with the differences in our opinion.

In the A-V field, what counts as a major achievement? Is it different from company to company, or is there some kind of universal standard?

In 2016, Kaspersky Lab products participated in 78 independent tests and reviews. This is the 4th year in a row that Kaspersky Lab has come at the top, awarded 55 first places, 10 second places and five third places and achieved 70 top three finishes. The report also shows independent tests conducted by AV0Comparatives, AV-Test, SELabs, MRG Effitas, VirusBulletin and ICSA Labs.

Tests performed in these programmes assess all protection technologies against known, unknown and advanced threats. Kaspersky Lab growth is also recognised by Gartner positioning Kaspersky Lab a Leader in the Gartner Magic Quadrant for Endpoint Protection Platforms for the sixth time in a row this January. These recognitions are universal and this is something every AV company looks forward to achieving. It does give us great pleasure to be known for our expertise.

Once you receive a piece of malware for analysis what are the steps you follow?

The first five steps of importance include:

  • Doing reverse engineering on malware samples;
  • Adding detection to find similar samples;
  • Analysing other samples;
  • Determining techniques and methods of the malware; and
  • Writing a comprehensive report from all the findings.

Once your part of the work is done, how is it routed to others for incorporation in either the advice offered to clients or to prepare information for the public?

For clients who obtain Kaspersky Lab’s Threat Intelligence Portal and subscribed customers, they receive the comprehensive analysis report. For example, my latest report on a resurgent threat actor targeting South China Sea going by the name Spring Dragon was presented at the recent INTERPOL (in Singapore) and I will also be sharing this with the public at the upcoming Cyber in Business Conference. Securelist is our go-to for all published reports the public can read.

How much influence does marketing have on the way you structure your findings?

Zero. It is actually the other way round. This is because my scope of work, as is known, is very different from marketing. The work behind my research is hours of malware analysis. Once a report is complete and approved, we then share it on Securelist. If marketing sees my reports to benefit sales, the team will use these reports to spread the message further. In the example of Spring Dragon, marketing felt it would be a good presentation for partners and I’ve been invited to present my research at the ARN Edge Conference 2017 to target the channel.

Do companies like Microsoft try to interfere with findings that may cast them in a bad light?

In my time and experience in Kaspersky Lab ANZ this has not happened to me. And also to my knowledge, Microsoft have their own security researchers doing similar researchers as myself.

What about publicity? How does Kaspersky approach the issue and how much freedom do employees have to speak to the media?

As long as I am well equipped with my research I have full freedom to be transparent to the media as they have a right to know the recent happening in security to further inform the people. If there are unfinished reports that still need work, I rather work on it, have all the answers before answering media queries.

The only approach Kaspersky Lab Corporate Communication added for me was coaching me in my presentation skills during media interviews, public appearances and presentations. Naturally, coming from a background of no publicity or media relation experience, that is where my colleagues helped in eliminating stage fright and enabling me to be confident.

LEARN NBN TRICKS AND TRAPS WITH FREE NBN SURVIVAL GUIDE

Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?

DOWNLOAD NOW!

Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.