Research

As much as I like the development process, I think what really makes me love my job is research. To me, that means taking a few different items, be they ideas, tools, or algorithms, and putting them together in a way that accomplishes something unexpected. It could be solving a hard problem a much easier way, or it could be as delightful as taking a huge pile of malware and revealing hidden structure within it that speaks to attribution, intent, or novelty.

Research isn’t about those “Eureka!” moments which are sadly few and far between. Instead, research is about steady intelligent progress, jumping from intellectual rock to rock until you end up somewhere new and completely unexplored. Imagination and intellect are cleared necessary ingredients, but without persistence and, frankly, stubbornness, little of worth gets accomplished. Organization, good note taking, and old fashioned “stick-to-it-ness” are much more important than one would think.

Much of my research over the last two decades has been focused on offensive and defensive cybersecurity. Put simply, I like breaking things, be they offensive techniques or defensive barriers. I firmly believe that it all starts with fundamentally understanding how things work, for once you have that foundation, the sky’s the limit!