Source: The State of Security
As a woman who works in cybersecurity, I know that there are many amazing women in my field.
Last time, I had the pleasure of speaking with Cheryl Biswas, who works as a corporate cybersecurity consultant. This time, I spoke to Thaís. She’s been educated on two different continents in both physics and computer science! Now she’s doing some pretty interesting malware research.
Kimberly Crawley: So Thaís, explain what you’re currently doing in cybersecurity.
Thaís: I just graduated in computer science, and I now work with malware analysis and vulnerability hunting.
KC: What did you specialize in when you studied computer science?
T: My thesis was about malware detection and analysis using constraint programming.
KC: Wow, that sounds cool! Did you go to school in Germany?
T: Yes, I did. I studied physics in Brazil before coming to Germany, where I decided to go to school again. It’s a bit different here in Germany. It depends on the university, of course. But you are allowed to start in the first semester with the things that you like.
KC: You started in physics? Which schools did you go to?
T: Oh, yes. I love physics. In fact, I studied Astrophysics. And there I needed to program a lot. I went to the Universidade Federal do Paraná in Brazil, University of Hamburg (Germany), and University of Düsseldorf (Germany).
KC: And you were probably mastering various programming languages at the same time?
T: Yes. I was a bit disappointed with the way people work in physics. I notice that I have a lot of fun programming the tools. Sometimes more fun than really using the data that I got after running the program. Then I decided to focus on automation. My “mother language” is Haskell, but I work a lot in PROLOG and Python.
KC: Speaking of languages, you’re fluent in Portuguese, German, and English, right? That’s also really impressive.
T: Yes, I am. Portuguese, German, and English, and I’m currently learning French.
KC: Now when you were a little girl, were you encouraged to pursue science?
T: Yes. My father is also an engineer and computer scientist. In the beginning, he didn’t believe that I wanted to go through with physics, but after three years, he was really proud of me. The whole time, my mom didn’t understand what I do, but she supported me all the same.
KC: Tell me more about your malware analysis thesis.
T: I focus on the design of a malware detection tool using the SMT solver Z3. More specifically, I have looked into different techniques to explore multiple execution paths for binaries, which were gained through symbolic execution. And I am using the Z3 SMT solver to deobfuscate malware code. Now I am starting to program a tool that I designed.
KC: I notice that a lot more malware attacks on datacenters are fileless these days. Does your thesis and tool help make fileless malware detection better?
T: Not sure yet. I just tried with files.
KC: I recently wrote a report on how a lot of SIEM vendors implement machine learning malware analysis, but one vendor ditched machine learning in favour of something they call “behavioral network detection.” Does your work shed any light on any of those sorts of technologies?
T: Yes. It’s the same idea: training a system with “safe” behaviours and using the complement of these behaviors as “not okay.” I was implementing it in a cloud server so that all customers can use the same database.
KC: Did your thesis work and tool development experience lead you to your current employment?
T: I am working independently right now on my tool. But yes, it led me to focus on malware analysis positions while looking for employment.
KC: Onto endpoint security. What do you think of those people…
Click here to read more
