For the past six months or so, I have been working in a cyber security lab at UC San Diego, called Sysnet. Throughout my research experience at UC San Diego, as an undergraduate, I have had to learn about how to even navigate through a lab and get the most out of working in a research lab by trial and error. Lab culture is its own beast, and a topic for another post in itself. Anyways, I digress.
I have been learning some exciting insights about cyber security in my beginning stages in my new lab. First and foremost, thinking like a security researcher is a unique experience compared to thinking like any other computer scientist. In cyber security, a researcher must think with a duel mindset. First, as an person protecting information. Second, as an adversary trying to attain that information when they should not have access to it. Based off that mindset, there are vastly different types of work that a researcher can delve into.
One of my friends, a graduate student in the lab, works on researching best practices for software developers so that they can prevent themselves from making software that could be vulnerable to attackers. Some researchers spend time trying to attack different systems in different ways to prove that vulnerabilities exist. It seems these researchers will then get the company involved in their findings so the company can fix the vulnerability before the paper is published.
I am currently exploring research that will allow me to protect precious information. I want to be able to expose instances in which a company may not be as careful as it should be with its users’ information. I want to be the Captain America of data protection, doing the best I can in the name of privacy for all. Maybe that means I have to attack a company system, but I would rather not be that type of hacker. I want to showcase my findings the way Captain America might, for the good of all. Maybe I’m a little naive, or maybe not. Maybe, like Captain America, I’m an old soul of sorts.