Working in Cyber Security: “Have fun with the work and don’t try to learn everything all at once”
What is it like to work in cyber security? We ask some of the members of the team in Symantec. Today, we hear from Jenniffer Capicio, a Senior Quality Assurance Engineer based in Singapore.
How long have you been in this role?
Six years at Symantec. However, a total of 10 years in the same role.
How did you come to work in the field of cyber security?
When I graduated from university in 2007, I was very excited to get my first job. A friend told me that a cyber security company was looking for a quality assurance (QA) engineer. I applied and was lucky enough to be accepted. Everything was new to me, but I became fascinated checking malware behaviors and checking whether the antivirus (AV) product was able to do a proper cleanup. From there, I’ve learned more and more about this field — what excites me is that there is always something new to learn.
What advice would you give to someone who wants a job like yours?
Treat everything as a learning opportunity. There are always new developments in AV and malware techniques that I need to know in order to do my job. To make a malware execute to replicate infection, I constantly have to learn new things and concepts.
No one can know everything from the start, so if you don’t know something, research it. Also, don’t be afraid to ask. One of the good things about working in this industry is that there’s an abundance of very smart people around.
It’s not always about malware, though. In our job, we also need to learn how to analyze data, statistics, and telemetry to find ways to improve different technologies in our product.
“One of the good things about working in this industry is that there’s an abundance of very smart people around”
Is the course you studied at university relevant to the job you have?
Although we studied Assembly Language when I was in university, most of the things I needed for my work I learned on the job. When I was in university, there wasn’t really a course that taught malware analysis or testing cleanup scripts for malware — though that isn’t to say that a college degree didn’t help at all!
What are some qualities someone who wants to work in a role like yours needs to have?
- Eagerness to learn: You need to have that thirst for knowledge to be able to study the different concepts of malware replication and testing. Sometimes you come across new things and you have to do research into them to properly replicate a sample, or to find out why a certain cleanup script isn’t working, or why a detection isn’t triggering.
- Patience: Lots of it. You can’t be impatient about the job (I guess that’s the same for every job). For example, in doing tests, sometimes you need to do different tests that take time and effort. While automation helps, not everything can be automated, and usually an actual person looking at the output and making decisions is needed.
- Attention to detail: You need to be very particular and precise about how to replicate a malware sample or how to test for detections. Some engineers are prone to skipping certain steps because there are some repetitive things about what we do. For example: When running malware to test for behavior, you would usually drop a copy on the desktop of your test machine and just run it. After the test, you check the output and find there isn’t anything on it, as if the malware didn’t run. And then you find out that for it to run, the malware first needed to be on a specific path. Small details like that are easy to miss but are crucial.
Any other advice you would like to add?
Have fun with the work and don’t try to learn everything all at once. Cyber security is such a big field and there are a lot of specializations, you can get overwhelmed if you don’t take things one step at a time.
Check out the Security Response blog and follow Threat Intel on Twitter to keep up-to-date with the latest happenings in the world of threat intelligence and cyber security.
Like this story? Recommend it by hitting the heart button so others on Medium see it, and follow Threat Intel on Medium for more great content.
