Working in Cyber Security: “It is fundamental to stay up-to-date with the latest technologies”
What is it like to work in cyber security? We ask some of the members of the team in Symantec. Today, we hear from Fabio Pitino, Senior Software Engineer.
How long have you been in this role?
I joined Symantec in 2010 when I first moved to Ireland from my hometown in Italy. I joined the Content Compliance Automation Engineering team and I’ve been working with this team since.
When I moved to Ireland I had just graduated from college and I was hired as an Associate Software Engineer. In almost eight years I’ve worked with people across the globe, built and maintained a lot of applications, and collected a few promotions. Today I am a Senior Full-Stack Software Engineer and, together with my team, I build applications for security response engineers to improve operations and increase content quality.
How did you come to work in the field of cyber security?
It was 1996 when my dad brought home a bulky PC with Windows 95 on it. I was 11, and I spent long afternoons installing video games from floppy disks. At the age of 15 I wrote my first program with Turbo Pascal while studying programming at high school, where we also used Visual Basic to build simple desktop applications. After high school and during college I worked for a few years as a freelance web developer building web sites and apps in PHP and MySQL.
Once I graduated, I decided to come to Ireland to look for a job. I was thrilled when I got the job interview at Symantec. After a few technical tests I got the job and my journey in the field of cyber security began.
What advice would you give to someone who wants a job like yours?
The software industry, and the cyber security landscape especially, is always evolving. The speed of this evolution is also increasing every year, which makes this type of job very challenging. On top of that, we operate in a competitive market that is also very open to criticism given that our customers expect the best protection from us. It is fundamental to stay up-to-date with the latest technologies: the benefits they bring, the costs and the risks. You must know the trade-offs involved.
Do not limit your knowledge to only what you learn at university. A lot of the things I learned during my career weren’t taught to me by a teacher or university lecturer. Read a lot and constantly! When I started programming, the internet was so slow that you’d be better finding the solution yourself in books than looking it up online. Today we have very well-curated newsletters, feed readers, screencasts and video tutorials, however, do not forget old-fashioned books! They are still my favorite way to dive into a specific technology.
Use your spare time to build things, which could be a toy project to try out a new storage system, a web framework, or a new IoT device. Then try to change them, break and rebuild them again. Toy projects provide you with a safe environment where you can screw things up and it doesn’t matter because your objective is to learn. I remember spending long nights compiling Linux kernels, trying to get the newest Linux distros to work on various hardware. It felt so frustrating at the time but during my first days at Symantec I was a pretty confident Linux system admin.
Is the course you studied at university relevant to the job you have now?
I studied computer science and was pretty sure it was what I wanted to do as I had attended a programming and math high school. The course at university was half focused on math and physics and half on pure computer science subjects. However, in hindsight, I would have preferred if more subjects were project-oriented and team focused.
Nonetheless, the fundamentals of computer science were taught quite well: algorithms, networking, computer architecture, security, and data structures were very tough exams to pass. In fact, most of the security related knowledge I had when I joined Symantec came from that pretty robust module at university.
Some subjects were very hands-on and involved team projects, such as how to design, implement, and deploy software as a team. I learned a lot during those projects. I learned how important commitment from each team member is to the success of a project; how to get things done no matter the technical challenges; how to gather and translate requirements from users, and how to sell the product back to the stakeholders.
What do you think are three qualities someone who wants to work in a role like yours needs to have?
· Be genuinely curious: play with that new cutting edge technology that you read about on Hacker News; learn a new programming language that is completely different to the one you are confident with; try a new software design technique. Also, always question whether there is a better way and what trade-offs it brings.
· Have a passion for mentoring and sharing knowledge. Knowledge is not just gained in university. We are always looking for mentors, whether it’s a developer we follow on Twitter, a blog we enjoy reading, or a YouTube channel that publishes tutorials about a technology we are interested in. Sharing knowledge and mentoring others is the most effective way to contribute to a team and company’s growth.
· Soft skills: this is probably the most important one. It’s extremely important to be able to communicate effectively with your team members, with customers, and with stakeholders in general. Being able to read between the lines what a customer’s needs are, because often customers feel that a new feature is needed but they don’t know what solution is best. Many of the software defects, poor features, or project failures I’ve seen in my career were largely caused by communication issues.
Read more from Fabio on his blog.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cyber security.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
