August 11, 2025 • 47 mins
Sergey Novikov shares his fascinating journey from early days at Kaspersky Lab through his evolution as a malware analyst and cybersecurity expert, offering unique insights into the changing threat landscape and ethical considerations of security research.
• Started at Kaspersky in 2002 when it was a small startup with fewer than 100 employees
• Applied mathematics background led to research correlating human epidemic models with computer virus propagation
• Worked as a "woodpecker" malware analyst detecting threats 24/7
• Became part of Kaspersky's elite Global Research and Analysis Team (GREAT)
• Team took pride in identifying APTs regardless of national origin to protect customers worldwide
• Described security researchers as "paleontologists" uncovering complex digital threats
• Participated in analysis of sophisticated threats like Stuxnet requiring specialized knowledge
• Left Kaspersky in 2022 after Russia-Ukraine conflict began
• Transitioned to pharmaceutical industry cybersecurity before joining CyberProof
• Observes modern threats have blurred lines between nation-state actors, cybercriminals and hacktivists
• Believes cybersecurity professionals must maintain perpetual learning mindset
• Recommends self-learning and hands-on experience for aspiring security researchers
• Notes AI is enabling more agile, automated attacks rather than quantum computing threats
Connect with Sergey on LinkedIn or visit cyberproof.com to learn more about their security services and research blog.
Follow the Podcast on Social Media!
Tesla Referral Code: https://ts.la/joseph675128
YouTube: https://www.youtube.com/@securityunfilteredpodcast
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
Well, how's it going?
Sergey, it's great to get youon the podcast.
You know we've been talkingabout doing this thing for a
while now, right and veryselfishly.
I think I had to, you know,reschedule a few times because I
have a newborn in my house andyou know she just takes over.
Yeah, thank you.
She just has a way of takingover everything, right?
Speaker 2 (00:22):
I can imagine I'm a father of three boys slightly
older than your kid as well, butstill it's like a lot of
homework with them and a lot ofmanaging at home different stuff
.
But again, thank you very muchfor having me.
Yeah, it was long awaited, buta great honor to join your
podcast.
Speaker 1 (00:40):
Yeah, yeah, absolutely Well, sergey, you
know why don't we start with youtelling my audience?
You know how you got into IT,how you got into security.
What did that journey look like?
Was there something that piquedyour interest early on and then
you started, you know, workingtowards it, or what does that
look like for you?
Speaker 2 (01:06):
that's probably an interesting story, I don't know.
Listen, I was like, even beinga small kid, I was like looking
to different kind oftechnologists.
I was one of the first inschool who had the mobile phone,
back in 90 something, 96, 97and I was again one of the first
who had a kind of an old pc athome, like I try, I.
I was kind of a geeky styleperson looking to different kind
of an old PC at home.
I was kind of a geeky styleperson looking to different kind
(01:28):
of technologies.
And then I was a big fan ofdifferent mathematical classes
and so on and so forth and Iwent to study applied
mathematics at the universityand then again it was not
specifically to the cyber.
I was interested in IT ingeneral and I worked as an IT
administrator in differentorganizations when I was kind of
(01:48):
a student, first in firstcourses, and then somehow again
I found the position at thebeautiful AV vendor classical
legacy AV vendor calledKaspersky and I was like wow,
that's interesting.
And even though even like thatwow is maybe not the really
truth, because I joined thecompany in 2002 when the company
(02:09):
was a family, small startup, tobe honest with you, less than a
hundred people were in thecompany when I joined there and
somehow it was like quiteinteresting, the entire journey
of like protecting informationdata from different customers
all over the world.
That was like come on, quitechallenging on one hand and
interesting on another.
(02:30):
And back in those days, let'ssay after one or two years,
there was like I don't know,maybe you were too, too young
those days, but I don't knowthere were like huge global
epidemics let's say I love you,susser, my doom Bagel, all this
kind of a giant epidemics ofcomputer worms and it was very
(02:52):
again challenging to mitigatethem, to understand how they
work, how they distribute and soon and so forth.
And studying applied mathematics, I did an interesting thesis
about predicting the propagationof malware epidemics and we did
a correlation with the oldmedicine kind of models which we
use from old real humanepidemics and we tried to
(03:15):
correlate it with the computerviruses, which again was quite
interesting and interesting toapply it on a daily, daily work
of being a malware analyst.
So this is how I kind of comefirst in the cybersec industry
and then I become a malwareanalyst and I did like at
kaspersky.
Every malware analyst we callthemselves uh, we call those
(03:35):
guys woodpeckers as soon asthey're like pecking on the
keyboard and trying to identify,detect malware in shifts 24, 7,
365 days a week sorry, 365 daysa year, and so on and so forth.
It was quite quite crazy, crazy, interesting time.
And yeah then, doing differentkind of like malware analysis,
reverse engineering job,different kind of a small
(03:55):
research development project Istarted my PhD related to again
the same, more or less samesubject of spreading and
mitigating computer outbreaks,malware outbreaks and then,
after a few years, whenKaspersky decided to create and
found the famous global researchand analysis team, I become a
(04:16):
member of that team andafterwards like managing that
beautiful global team fromMoscow, being part of an
incredible investigation.
I suppose many of your audiencehave seen, read, listened to
different kind of presentationsat different conferences all
over the world.
Speaker 1 (04:34):
Wow, that is.
That's fascinating.
It's like you know, you kind ofjumped into the deep end,
starting out like right off thebat.
Speaker 2 (04:41):
It sounds like Not necessarily, but yeah, yeah, it
was a journey and kind of adifferent different things,
different milestones, different,very, very interesting research
projects and again being partof a vendor.
Yeah, you know it, it's alwayskind of a why do I like this
kind of work, why do I like thisindustry?
(05:02):
It's like always something youit's on a daily basis.
You're learning, you arechasing those cyber criminals.
You're like looking to, totheir ttps and their behaviors
and you're trying to mitigatethem and be a little bit one
step before, like being beingproactive in in mitigation and
it's it's always.
It's always very interesting.
(05:22):
Especially again, besides allthis kind of vendor stuff,
you're part of the most famousresearch team in the industry,
in my opinion at least, how Isee it, and of course, I suppose
everybody has differentopinions, but I think back in
those days, kaspersky's greatteam was the top-notch
researchers.
Again, a lot of hands-on stuff.
(05:43):
I was more focusing on kind ofa team leadership, management or
a kind of a motivation stuff,but also I had my hands dirty in
a couple of different researchprojects as well.
So, yeah, especially againworking with so smart people
from different countries,different regions, with
different kind of an approach towork, different mentalities.
(06:04):
I was like, come on to behonest, wow, wow, interesting,
good old times.
Today I do not provide anycomments about what the company
looks like today or what thegreat team is today, but it's
not.
It's a completely differentstory.
I left Kaspersky just after thisgeopolitical tensions between
Ukraine and Russia when the warstarted.
(06:25):
So I spent almost 20 years inthe company, starting there in
2002, leaving the company in2022.
The war started at the end ofFebruary and, like again,
everybody has their own kind ofred lines and maybe that
particular crazy stuff was mykind of end of my career in that
(06:48):
beautiful company.
First of all, me and my family.
We relocated from Russia toanother beautiful country called
Israel and that was an obviouskind of reason to leave the
company Kaspersky.
And after being almost 20 yearsthere, I decided to look at the
security domain.
Like being inside the vendorfor so long, I said, like
beautiful, that's maybe a littlebit too much.
(07:09):
Let's look at the securitydomain from like another angle,
from completely different domain.
And I joined one of the biggestpharmaceutical enterprise
companies also doing kind of acybersecurity research.
So I was leading theircybersecurity research center,
which then again consisted ofclassical red team, not so
classical but strategic blueteam and classical threat
(07:31):
intelligence Like it's a giantorganization and they're
investing a lot intocybersecurity as soon as their
intellectual property is one ofthe key asset A lot of crown
jewels, a lot of like importantinformation, critical
information to protect sothey're investing into ISR
jewels a lot of importantinformation, critical
information to protect.
So they're investing into ISRMa lot.
And yeah, it was a completelynew world, new experience for me
(07:51):
.
Being inside the vendor and theninside the giant enterprise
organization was such a crazychange, to be honest with you,
but interesting.
It also based on my knowledgeand my vision and my experience.
It gave me really a lot.
And now I'm very happy to besomewhere in the middle, which
is a security service provider.
(08:12):
We're not a vendor, we're notan enterprise, but we're working
with so many different coolvendors protecting different
giant enterprises all over theworld.
And there's a beautiful MSSPcalled Cyberproof and I'm
responsible for a bunch ofsecurity services we're
providing, including kind of ause case management.
This is mainly like detectionengineering so part of the
(08:35):
detection piece and automationon top of this, providing
response and then advancedthreat hunting and cyber threat
intelligence.
So those kind of three servicesI'm responsible at the moment.
Speaker 1 (08:48):
Wow.
So there's a lot that I want todive into.
With your 20 years at Kaspersky, it's really fascinating to me
because I was actually acustomer of Kaspersky for a long
time and I would get critiquedby it, right, like, why are you
going with this Russian productand everything?
(09:08):
But you know, genuinely, Itrusted that.
You know, even though it was aheadquartered, you know security
product in Russia, I stillbelieved, you know, that Russia
probably wasn't monitoring it or, you know, didn't have like a
backdoor or whatever.
I did trust the product orwhatnot.
(09:29):
And I want to maybe backtrackjust a little bit.
Right, when you wereresearching the malware, did you
ever research, you know, likeStuxnet or any of these, like
infamous pieces of malware orhacking tools, even right, that
was, you know, disclosed bySnowden potentially?
Did you ever like reverseengineer any of those?
(09:49):
You know, what was it likepotentially, if you did?
Speaker 2 (09:53):
Me personally, yes, again, not a lot, I'm more
focusing on kind of a leadershipor guiding the guys of where to
go and why to go there.
And not only that, but again myteam, my folks, they did a lot
of reverse engineering of thosekind of NAPTs and it was one of
the most sophisticated stuffwe've ever seen in our lives.
(10:13):
Again, the most interesting andone of my colleagues called it
like we're doing paleontologythe most interesting piece was
to again to track those kind ofanomalies in the traffic.
We analyzed so many kind ofdifferent logs to hunt for those
anomalies, to hunt for thosekind of interesting, spicy stuff
(10:35):
which is not common.
Yeah, and we were quitesuccessful those days.
Definitely not now and maybenot the last many years, but at
the beginning we were very, verysuccessful in finding maybe the
biggest amount of APTs.
And what I'm again talkingabout geopolitics and talking
about this Russian vendor, whatI'm really proud of and I can
(10:56):
say it without any doubts andit's not a marketing terminology
it's like the thing we didreally believe in.
We identified any APTs, nomatter what.
We identified a lot of WesternAPTs.
We found out a lot of RussianAPTs, ukrainian APTs, middle
Eastern, chinese, north Korean.
(11:16):
We didn't really care Like, atleast at the beginning, and
maybe like people in the West,they looked at the Kaspersky and
thought that what are you guysdoing?
Why are you doing all this?
And at the beginning we didn'tmonetize it anyhow.
We didn't even have our ownKaspersky threat intelligence
service.
We launched it after a fewyears, but I saw it, at least on
(11:40):
my level.
I saw it kind of a Robin Hoodof internet.
We didn't care of the origin ofthis kind of a state-sponsored
attack.
Our main goal was to protectour customers.
Our main goal was, as soon asKaspersky had customers all over
the world, as you're saying andI appreciate this a lot, your
trust it means like a lot, atleast to me who was like almost
(12:01):
20 years at Kaspersky.
Thank you for this.
So Kaspersky had the customerbase all over in the US, in
different Western countries, inEurope, of course, russia,
middle East, latin America, allover.
We had those days.
We had so huge telemetry and itwas interesting to analyze this
telemetry.
Speaker 1 (12:42):
Yeah, I bet I remember when I was doing my
figure out, you know the ins andouts of a piece of malware or
whatnot, and I actually remember, you know, during my master's
program I applied to Kaspersky.
I didn't get the job oranything, I didn't even get a
phone call, but you know it waswidely known in the industry
even at that time that, like youknow you want to do, you know
(13:04):
some cool stuff, you want to godo malware, reverse engineering.
Like there's two players,kaspersky is the best one.
Like you should be going there.
You know, if you want to be thebest, you have to go, work with
the best, you have to go.
You know, live it, breathe it.
You know, and that was widelyknown in the industry.
I mean that was a very highlylucrative company to work for.
(13:28):
Even I mean like that's.
Even.
You know I'm in America.
Right, I've never been toRussia.
I would actually love to go toRussia.
I would like to see it becauseI like to travel and see the
history and everything like that.
Speaker 2 (13:37):
Not necessarily now.
Not necessarily now.
Speaker 1 (13:39):
Sorry to interrupt.
Right, right, right.
Speaker 2 (13:40):
But when this whole shit will end?
Definitely this whole shit willend, definitely.
It's a beautiful place.
It's a beautiful place, trustme.
Speaker 1 (13:53):
Yeah, but you know I say that as coming from, you
know, an American looking at aRussian company and saying like,
yeah, I want to work there.
You know, I mean like if theywould have offered me a job in
Europe or Russia or something,at the time, I would have been
like all right, bye, mom, I'mgoing, you know.
Like you know, it doesn'tmatter, respect, I'm going, you
know it doesn't even matter.
Speaker 2 (14:04):
Respect, I'm so happy to hear it.
Listen, in this global researchanalysis team, definitely, we
had guys in the US and maybe youknow some of those names pretty
famous people in the industry,and I was pretty proud to work
with those guys to recruit thoseguys.
Unfortunately, we didn'trecruit you.
Yeah, my fault, you can alwaysblame me about this but yeah, it
(14:30):
was a great, great honor to, toto be part of this still
russian company, having workingwith like people all over the
world, including us, east coast,west coast because first came
back in those days, we did havea bunch of offices in the us.
That market for, of course, waslike, was like very important
market for us, but then allthose geopolitical tensions
started I don't remember 15, 16,maybe I'm wrong already, but
(14:54):
yeah, when all thosegeopolitical tensions started,
that's it, goodbye.
And still, even after I leftthe company in 2022, we still
had, for one or two more moreyears, several people working in
the US From a researchperspective not only business,
not only kind of sales, but alsoa few researchers still worked
(15:17):
at the company even after 2022.
Speaker 1 (15:21):
So you know, in America, right and this is like
pretty well known, I'm notsaying anything, I probably
shouldn't say or whatever, right, but in America, when a
research team at say, microsoftor Google or Apple, whatever
right, let's say a zero date,you know there's a backdoor
(15:45):
communication to the NSA, to theCIA, and say they always say,
hey, I found this thing, can Idisclose it right, or can I
patch it?
Now, me personally, I wouldassume a similar thing happens.
You know, at Kaspersky right inRussia.
I don't see why not.
But did anything ever like thatever take place?
(16:07):
Because it would make sense,right, russia's operating in the
best interests, theoretically,of the Russian people.
It makes sense for them to beplugged into the research side
of that world, of that company.
Was anything like that evertake place or anything that you
could even talk about?
You know, I don't want to putput you at potential risk of
(16:29):
saying something.
Speaker 2 (16:30):
It's first of all, no worries about this.
Second, again, I don't, I don'thave it handy, but we did have a
bunch of zero day announcementsto vendors like certified by
google or microsoft.
So they acknowledged my greatguys for those findings.
So we report, we report thosezero days to the vendors and
(16:51):
again, answering your trickyquestion, I'll tell you like at
least I don't know, I again, myguys, and I know it for sure, my
guys at Global Research andAnalysis team, they reported to
the vendors any findings andthey never reported to any kind
of agencies anything like this.
So it was kind of a kind of andyeah, I'm, I, I trusted this to
(17:14):
my team and I can't sayanything for the rest of the
company.
And again, my my team back inthose days, just for your, for
your information, and I supposeit's more or less known, it's
kind of elite researchers, it'selite reverse engineers, in my
humble opinion, one of the bestin the industry Again, finding
vulnerabilities and doingreverse engineering slightly
(17:35):
different things, but still,even my guys, they found a bunch
of different zero days.
Speaker 1 (17:41):
Yeah, it's just, you know it's a fascinating
situation, you know to kind ofthink about, right.
So you know it's a fascinatingsituation, you know to kind of
think about, right.
So you know, if I were to or ifsomeone were to, you know, try
and get started today.
Right, try and get into malware, reverse engineering today.
What would you recommend thatthey do?
(18:01):
Where should they start?
Is there a book that theyshould get to go through?
And, you know, set up a lab athome.
I mean, there's a lot ofdatabases out there with a bunch
of, you know, different kindsof malware in it that you could
potentially download andhopefully you don't infect
yourself and you know, reverseit right.
But what do you recommend forpeople that are trying to get
(18:23):
started?
Speaker 2 (18:23):
Listen, the simple piece of advice, at least from
my side, if you do want to focuson reverse engineering, which
is slightly strange nowadays,right?
Yeah, I don't know so manypeople focusing on reverse
engineering, but still I know,by the way, very cool young
minds, at least in the countrywhere I live now.
They're such crazy, interestingpeople and they're becoming
(18:47):
more and more so.
It's about self-learning.
It's about there are so manydifferent courses available
online.
Just watch it, read it, playwith it.
The more you have your handsdirty, the better.
As you said, set up some kindof a lab environment at home.
Be careful with all thosepayloads.
I don't know.
And it's just about like theobvious question is why do you
(19:12):
want to do it Like?
What is your main interest?
My usual kind of reply andvision and I did, like so many
different lectures in differentuniversities, not only in Russia
, in many different places, likepeople are asking how do you
define?
Is it like a good reverser or abad reverser?
And you can't define it on thefirst interview, right?
But the obvious thing is thatwhen you're bored by developing,
(19:36):
you're not interested in thedevelopment.
Development is boring whenyou're a big fan of cracking,
when you're a big fan of brokensomething when you're a big fan
of cracking, when you're a bigfan of broken something when
you're a big fan of hackingsomething.
That is the story behind thegood reverser in my experience.
But yeah, it's more or less.
(19:57):
There is no any kind ofuniversity or college where you
can learn for reverseengineering.
It's mainly about a huge amountof time you're investing to
self-learning.
Speaker 1 (20:10):
Yeah, no, it makes sense.
A long time ago I tried to godown a little bit more of that
path, right, to learn it alittle bit better, and I will
when I'm done with my PhD.
But I just remember trying toget I think it was like the
Cuckoo Sandbox, I think it mighthave been I tried to get that
thing working and I just couldnot figure out how to get it
(20:33):
working properly to, like youknow, properly configure it and
have it sequestered off from therest of the device and the
internet and everything.
And I spent probably like amonth just trying to get that
thing to work.
But it, you know, it's a reallyfascinating area, right,
because I'm I'm not a fan ofcoding myself, you know, like it
(20:55):
doesn't pique my interest, it'squite boring.
I'm much more about figuringout how it does, what it does
behind the scenes, you know, andstepping through it like that,
right, like that's what piquesmy interest and that's kind of
where I'm.
I think that's kind of whereI'm going, you know, in my
career path, right, like more ofa security researcher side at
(21:17):
this point, because you knowit's like the Joe why nobody
called you back when you, whenyou submitted to Kaspersky
position Right?
Again my fault.
I'd still be there today.
Speaker 2 (21:30):
Yeah, it's fascinating, you know, and it's
very interesting.
I mean, again, another thing Itruly believe in and it may
sound stupid, I don't know, butwhen I was talking a lot to
different students in differentuniversities, I said, like you
won't even believe howinteresting it is.
You won't even believe howinteresting it is you won't even
believe that only again, on adaily basis you're learning,
you're kind of gaining thisinteresting experience and what
(21:52):
I also tried and I did reallybelieve in this when you show to
those young minds the lightside of the story, the thing
that you can do kind of reverseengineering like hacking, in a
kind of a blue teaming in adefensive way, in a kind of
reverse engineering like hacking, in a kind of a blue teaming in
a defensive way, in a kind of aconstructive, positive way, and
you can also earn good sellers,you can build your brand, you
(22:17):
can deal with so manyinteresting pieces of code
analyzing this code.
That's how I try to motivatethose young mites to look to the
kind of defensive side of thestory.
Well, again, I honestly dobelieve you can't do a very good
defensive without knowing gooddefensive.
So it's always kind of abalance.
(22:38):
It's quite challenging for me,based again on my background and
my kind of a vendor experience,but I still believe that you
have to learn both sides of thestory.
You need to learn all thosekinds of offensive tricks and
what are they doing?
How do they operate all thosekinds of offensive exercises to
(23:00):
again to evolve your defensiveskills as well.
Speaker 1 (23:04):
Yeah, no, it's really fascinating.
I read the Stuxnet book writtenby Kim Zetter I think it was
Zetter.
Yeah, it's a beautiful book, bythe way, it's a okay.
Well, how interesting can shereally make?
(23:26):
You know, a piece of malwarelike sound, you know.
But then you, you hear about itand I mean my my first
impression, right, when I heard,okay, there's different modules
that are encrypted, withdifferent keys, written in
different languages, languagesthat aren't even taught anymore,
right, like the people thatwere reversing it had to go like
(23:48):
find these books that haven'tbeen opened and read in years,
to go and see what the languagewas, to actually figure out what
the module was doing in thecode.
Right with, that piqued myinterest, like that kind of it
(24:11):
almost like cracked my mind opento hearing what's actually
possible.
You know, because you alwaysthink about it in terms of, like
it's A to B, maybe there's a Cstop in this thing, you know.
But you always think, okay,it's not that deep, it's not
that complex, it's not that, notthat crazy, right, but then you
see this level ofsophistication and I mean it,
just it just blew my mind, right, like it just completely blew
(24:32):
my mind, kept me captivated evento this day.
You know, I mean, like I, mywife can't stand me talking
about it, you know.
But like you know, you get megoing down that rabbit hole.
I mean I'll talk for days on.
Speaker 2 (24:44):
I mentioned this paleontology stuff.
It's an interesting term.
We saw ourselves, the entireteam, as the team of
paleontologists.
And again, a quick commentabout this is that, first,
during the last five, seven,maybe seven plus years, there
are not so many announcementsanymore.
There are not so many big APTsanymore.
(25:05):
Do you know why?
Yes, what do you think?
Speaker 1 (25:10):
I mean, I would assume that a lot of them are
being used and deployed rightnow and so it's kind of being
sheltered in the communitysomehow.
Speaker 2 (25:19):
We don't know about them, we don't know.
So what we see and what we knowis like just a peak of an
iceberg.
I do believe in this.
First of all, I don't know thisis kind of my assumption but
I'm pretty sure that there areso many high-level, very, very
(25:39):
sophisticated, state-sponsoredAPTs that we simply I mean that
makes sense.
Speaker 1 (25:42):
You know like, we're not aware of them until it's
like already done its thingright, until it's already done
its damage.
I mean with Stuxnet, it was inIran's nuclear facilities for
years, apparently, and I meanwhen I heard that they ripped
out every cable in thosefacilities, you know, and
replaced it three, four, fivetimes over.
(26:06):
I'm sitting here like man.
If I was that engineer, if I'mstill alive at the end of all
that, right, I mean I still haveno answers.
You know, like, how do youexplain?
Okay, I ripped out the entireinfrastructure, shredded the
servers, shredded the cables,and this thing is still in our
network and we don't even knowwhere it is.
(26:26):
You're right, you're right.
Speaker 2 (26:35):
Joe, may I ask you another tricky question at least
, or at least the kind of aquestion that community is
talking about quite a lot, andI'm thinking myself about this a
lot and I don't have like aproper answer, to be honest with
you, but I wanted to share itwith you and maybe it will be
interesting for your audience aswell.
What about kind of again nationstate actors which are doing
counter-terrorist operations?
Do vendors should detect it?
(26:55):
Do researchers should detect itor not?
And how do you know when you'refound something that it's a
counter-terrorist operation?
Speaker 1 (27:03):
Yeah, that's an interesting question, right.
That's an interesting question,right.
That's really hard, because ifit is like, let's say, you're an
American company, Americanresearch team, right, and you
discover something that, likethe NSA or the CIA is using in
an active mission, you knowthey're not signing their code
(27:26):
with hey, this was the NSA,right, there may be different
markers in it like thistechnique.
Speaker 2 (27:34):
We'll interrupt you for a sec.
This is more or less I knowwhat you will say next, like
more or less understandablesituation.
But if you're not an Americanresearcher, if your research
team is not based in the US, ifyour research team is based,
let's say, in some neutral placeI don't know Swiss and you
found some NSA operation Again,I'm just imagining.
(27:57):
I'm sorry for opening thisdiscussion, but I'm thinking
about this a lot.
Where is this fine line?
Where is this fine line and howto understand?
What exactly did you find?
Speaker 1 (28:11):
this fine line and how to, even, how to understand
what exactly did you found?
Yeah, I think so honestly.
I I think research teamsthemselves should be unbiased,
you know, regardless of thecountry that they reside within.
You know they need to beunbiased because if they're not,
if they, if they are biased,then you, then you're going to
have an American company that'sonly disclosing Russian or Iran
(28:34):
APTs, right Like the enemy APTs,but none of the NSA, right?
That feels unfair and wrong, tobe honest with you, because
everything in security is builton trust, whether you're talking
about a network or me to you,right Like there's some level of
trust there that takes place,and I think when, especially for
the research community withincybersecurity, I think once the
(28:57):
trust breaks down there, thewhole community as a whole
begins to break down and youknow you can no longer then
trust your vulnerabilityscanners, you can't trust all
the threat intelligence that youhave and all that sort of thing
, right?
So it needs to be as unbiasedas possible, in my opinion.
Speaker 2 (29:14):
I agree and I like your answer.
I appreciate this vision.
I think more or less the sameway.
At the end of the day as soonas this was my background when
we started, when we startedfinding all those kind of cool
APTs the main message, the mainmission behind was we don't care
.
We don't care Our customers allaround the world, our customers
(29:37):
in the US, our customers inRussia, our customers in Western
countries, in Eastern countries, in Iran, in Israel, in Egypt,
in UAE, whatever those guys arethe most important and customers
I mean B2C, b2b, b2g, b2,whatever, so any kind of level
customers.
So that was a priority and thisis kind of my mindset.
(30:00):
I believe that I don't careabout who is standing behind and
it can sound maybe stupid, Idon't know, but yeah, that's how
we were thinking about this.
Speaker 1 (30:13):
Yeah, I mean, you know it's not like these viruses
are only meant for, you know,let's say, like a Russian domain
or a domain in Iran or anythinglike that.
I mean even Stuxnet, with howprecisely it was made.
Eventually it was modified tothe point to where you're
(30:35):
starting to find it on justnormal civilian, you know,
laptops and desktops andcompanies that had nothing to do
with either party or thesituation you know.
Speaker 2 (30:46):
And again, you know why?
Right, because those guys needto test their development
somewhere.
Speaker 1 (30:53):
They can't test it in the real target, they need to
test it somewhere else,Especially when it's something
as sensitive, you know, just asStuxnet right.
That's the example.
But a great way to test it isto just launch it into the wild
and if it destroys a whole bunchof computers, okay, that was
(31:13):
too aggressive.
That's not what we were aimingfor.
We were aiming for somethingthat looks for this hardware,
where, in reality, it just saw aDell laptop and was like, yeah,
I'm going to siphon all thedata.
Yeah, I'm going to siphon allthe data, right.
But yeah, that's a great way oftesting it.
If you look at the initialtests of Stuxnet right, when
they blew up that generator inIdaho National Labs, I mean that
(31:39):
was a very precise thing, butthey still had to go blow up a
generator that's worth like$100,000 to prove it out.
Speaker 2 (31:46):
And, Joey, if you don't mind, let me make, at
least for me, a reasonablebridge to what's happening today
.
Like today and this is one ofthe obvious trends and this is
what we like differentresearchers, different vendors
are like talking over and overagain.
The lines of the borders areblurred so you don't even know
whether it's a state-sponsoredAPT, whether it's a cybercrime,
(32:09):
ransomware operation, whetherit's some hacktivist bullshit.
It's all kind of a mix ofdifferent kind of approaches and
it's not the same kind of athreat landscape like it was 10,
15 years ago.
Now there are no kind ofborders between those three,
those four or five differentscenarios.
Speaker 1 (32:30):
Yeah, no, it's a fascinating world which kind of
takes me to, you know, I guess,the next part.
I mean, like man, I feel likewe could talk for another three
hours, right, like I need tohave you back on.
I'll tell you that right now.
Speaker 2 (32:47):
I may well be happy.
I'm enjoying it as well, solet's schedule something yeah,
yeah, absolutely.
Speaker 1 (32:53):
But you know, with how the world is going and
evolving right now I mean wehave major geopolitical events
going on, right.
I mean like it feels like itfeels like the world is, you
know, any random day of the weeknow, right, which is very
unfortunate that we're in thistype of situation.
And with the advent I don'twant to say the advent, but with
(33:18):
the evolution of where AI isright now and quantum computing,
are you seeing potentially, youknow new kinds of attacks that
you know we've never seen before, exploits that we've never seen
before, never even thought ofbefore, that are entering?
You know the wild potentiallygenerated by AI and maybe
(33:41):
hacktivist groups, or you knoworganized crime groups.
I had someone on that wastalking about you know these
hacker groups, right, and theywere saying how the legacy, you
know mentality of it, is that,oh, there's a bunch of nerds
that are on some IRC chat, right, living out of their parents'
(34:04):
basement.
You know that.
Call themselves a certain groupthat get a zero day here and
basement.
You know that.
Call themselves a certain groupthat get a zero day here and
there.
You know that, like you know,make CNN right for 24 hours or
something like that right?
Well, they described it now asbeing closer to, like the mafia.
You know it's more closer toorganized crime legitimate
organized crime groups that are.
(34:26):
You know hacking companies thatI mean in the security world,
these companies, they seem likethey're top-notch companies
where it's places that I wouldwant to go work.
Right, are you seeing a newevolution of you know these
attacks that are?
Speaker 2 (34:42):
coming out.
Joe, 100%, you're absolutelyright.
If you don't mind, I will notprovide any comments about this
quantum computing threats orsomething and the reason behind
is simple.
That again, don't get me wrong.
Maybe I'm wrong, Maybe you knowbetter.
I haven't seen any kind of realquantum computing threats or
(35:03):
something, Some concepts maybe,some kind of I don't know, even
I will not say POCs or something.
People are like buzzing aboutthis, but real, tangible quantum
computing threats, what are wetalking about, While at the same
time and again, maybe I'm wrong, I can admit, but at the same
time definitely we are movingfrom kind of a threat landscape
(35:24):
dominated by large, slow-movingactors to, as you said, to a
very agile, automated systemincredibly powered by all this
AI, agentic stuff.
Threat landscape, as, likeseveral key kind of trends or
shifts I already mentioned,nation states have blurred the
(35:45):
lines between cybercrime andcyber espionage, between nation
state APTs and ransomwares andhacktivists and so on and so
forth, Often again using proxiesor kind of a dual useuse
operations.
A lot more.
We see it more and more.
Ransomware as a service hasevolved as well, being much more
(36:06):
professionalized.
The cybercrime economy, withthe supply chains that rival
software startups a lot of and Iknow it's your kind of area of
expertise.
A lot of cloud exploitation hasbecome one of the top priority
targets due to misconfigurationsand I don't know,
identity-based attacks,attackers to scale social
(36:28):
engineering, phishing,reconnaissance with like minimal
effort and a lot of kind ofspeed up, making it much more
faster than before.
Speaker 1 (36:45):
Yeah, you know, it used to seem like, you know,
creating a hacking tool was justso out of the realm of
possibility, right, at least formyself.
I mean, maybe I'm an idiot,right, like I don't know.
You know Python and C++, youknow inside and out or whatever,
but it just seemed like thatwas reserved for an elite group
(37:09):
of people that dedicated a wholelot of time to creating these
tools.
You know to use them either forgood or bad.
Right to creating these tools.
You know to use them either forgood or bad right.
And now with LLMs, you know I'ma heavy user of Grok.
It's maybe a little bitembarrassing how much I use it,
but I use it quite a bit, youknow.
(37:31):
And just for fun, right, Istarted having Grok create me.
You know, a hacking LLM Notreally even a hacking LLM, it's
like a hacking AI model.
Where it starts, it has a basemodel.
It learns from all the previousattacks, looks at all the
different kinds of malware outthere and then it starts, you
(37:53):
know, formulating new attackmethods and hacking tools,
reconnaissance tools.
Works you right through theMITRE framework, right?
And you know, logs it all.
There's a new iteration that Ihave to put it through.
It's up on my GitHub but it'snot public, right, I'm a little
bit nervous about making itpublic, but it's so accessible,
(38:14):
right, like I'm not, I'm not adeveloper, I am not a developer
and I can just put it into Groksay hey, give me a nice UI.
Right.
Build this on a Linux OS.
Right, like.
Make this the core OS component.
Right, base it off of KaliLinux.
Or base it off of Parrot OS.
Make it portable so I could runit on a Raspberry Pi.
Right, like that's actually.
One project I'm doing right nowon the side for my PhD is
(38:35):
actually getting Kali Linux iton a raspberry pi, right, like
that's actually.
One project I'm doing right nowon the side for my phd is
actually getting cali linuxrunning on the docker container
on my android phone, just to seeif I could do it right, because
I kind of want to walk aroundand, you know, maybe hack some
wi-fi networks as I go, which no, can you elaborate a little bit
more, like I yeah I.
Speaker 2 (38:55):
I watched your previous series, but if you can
just just to remind what is themain story behind your PhD.
Speaker 1 (39:01):
Yeah, yeah, so my PhD is.
It's focusing on cybersecurityand satellites, specifically
deploying the Zero TrustFramework to satellite
infrastructure in an effort toprepare it for post-quantum
encryption.
So a part of my research asidefrom the technical aspects right
is actually meeting withexperts in each of these fields
(39:25):
to discuss it with them and kindof give them, like I call it,
like leading questions, almostright to where it's not exactly
addressing the research, butit's a component of the research
and all of these things arelining up to support each other.
Hopefully it's not exactlyaddressing the research, but
it's a component of the researchand all of these things are
lining up to support each other,hopefully or maybe I'm an idiot
(39:47):
and none of it's going to workright, but I think I have a
pretty good shot at actuallymaking it work.
Speaker 2 (39:53):
Wow, wow.
First of all, sounds sexy andinteresting and very futuristic.
I mean, definitely you're likelooking to kind of a future,
potentially future attacks,which is like always interesting
.
Speaker 1 (40:04):
Yeah, you know that's .
The thing that I love aboutcybersecurity is that there's
always something else that I canlearn and still stay in the
same field.
That's kind of what drew me toit.
What about that?
Speaker 2 (40:17):
kind of a feeling that you're always behind.
You always have to learnsomething new again on a daily
basis.
What about this kind of afeeling like you can't be pro.
You can't be pro, you have toadmit Because, on a daily basis,
new technologies, new kind oftools, new domains, new, as
(40:39):
you're in a domain for 10, 15,20 years.
Speaker 1 (40:42):
You know it inside and out.
You know it better than theback of your hand right, and so
(41:05):
you build an ego with it,whether you emphasize it or not.
With it it's a comfortabilityzone and for me, I try to remove
all the ego from everythingthat I do and I go into it
assuming I just know nothing.
You know, and I'm used to thatfeeling Like I'm so used to it,
I embrace it.
And you know, when I'm talkingto other, like friends in the
(41:27):
industry and they're you knowthey're asking me that question
it's like, well, I get, I getreally uncomfortable when I'm
comfortable, right, like mycomfortable.
My comfortable part of my lifeis actually my nine to five and
I'm trying to switch that up tomake sure that I'm not
comfortable with my nine to fivenow as well.
Hence the security researcherpart.
But yeah, like something Idon't know what it is Something
(41:51):
in me, if I'm too comfortablefor too long, I get really
uncomfortable and I call itembracing the suck right when
you're going into something thatis going to suck every step of
the way, like I mean when I'mdoing my research.
I'm sitting over here like I amsuch an idiot.
Why did I start this.
I'm not a quantum researcher.
(42:12):
I can barely spell quantum.
You know why did I go?
Why did I choose quantum withsatellites, right, I don't know
anything about.
Did I choose quantum withsatellites?
Right, I don't know anythingabout satellites.
I've never worked for NASA,I've never worked for the
government, you know, like Idon't know anything about
satellites, I know zero trustbecause I've deployed it, I use
it, I talk about it.
But these other two, you knowmain components, right, like I
(42:36):
have to embrace the fact that Iknow nothing and now I'm going
to lean on the community tohopefully learn, right?
I can't tell you how many timesI've had to reread research
papers on quantum because I justcould not follow along with
what they were saying.
And then I have to pop it in agrok and say explain it to me.
Like I'm a nine-year-old, youknow.
Speaker 2 (42:58):
Joe, respect, respect , explain it to me like I'm a
nine-year-old, you know.
Like, joe, respect, respect,I'm completely honest with you.
It's, it's, it's cool.
It's cool how, how like kind ofa passion you are you are about
all this and how passionate andhonest.
So I like, I like the way youare, you're explaining and
sharing this yeah, thanks I.
Speaker 1 (43:13):
I really appreciate that not not a lot of people get
that level of passion out of me, you know, but like I feel like
I could tell you know you'repassionate about like threat
intelligence and malwareanalysis and everything like
that, you know, and it's itspikes that interest in me right
again, right where I'm like man, I need to be a security
(43:34):
researcher, I need to be goingand doing this, you know.
Speaker 2 (43:36):
It's never late, and then I definitely you have a
solid background for coming backto this security research area.
Speaker 1 (43:46):
Yeah, absolutely Well , you know, Sergey,
unfortunately we're at the topof our time and I really try my
hardest to stay on top of, youknow, the time that I set for
everyone, so I don't want to goover.
I know everyone has a reallybusy schedule.
But you know, I definitely wantto have you back on for a part
two where we dive into more ofwhat you're doing now and, you
(44:07):
know, focus on that and maybegive some career advice to
people that are starting out,that want to, you know, get into
the field and whatnot Withpleasure.
Speaker 2 (44:15):
I have a lot of interesting insights to share
and, again, as I explained, kindof my career being so many
years inside the vendor, then afew years inside enterprise and
now being part of serviceprovider.
It's kind of a very, verydifferent roles, very different
domains.
But I'd love to share moredetails about this and, yeah,
let's definitely set upsomething for the future.
(44:37):
Yeah, absolutely, well, you knowbefore I let you go.
How about you tell my audiencewhere they could find you if
they wanted to connect and maybe, you know, learn a little bit
more about you, and where theycould find your current company
(44:58):
if they wanted to?
You know, learn more about theservices that you guys are
offering?
Sure, thank you for this, joe.
First of all, linkedin I'm notthat kind of active in LinkedIn,
to be honest with you.
It's kind of again Swierskibackground probably.
But at least all the recentwebinars, publications, research
we're doing, I'm trying to post, so Sergey Novikov at LinkedIn
and I hope it's not thatdifficult to find me there.
And then Cyberproof Again,don't get me wrong, it find me
(45:19):
there.
And then CyberProof again,don't get me wrong, it's a very
niche, interesting serviceprovider.
We are trying to build our ownbrand and image into like
security research and threatintelligence.
So recently we started likedoing a lot of public research
and different, different kind ofpublications.
So I want to encourage you guysto go to sampleproofcom domain.
Look at what we're offering interms of like service portfolio
(45:43):
and a research blog.
I think, again, the recentpublications are good enough
from a quality perspective andinterest like general interest
perspective, there is like a lotof tricks, suggestions, tips
for threat hunters, how tobetter hunt for that specific
actors, threats, tdps and so onand so forth.
So please take a look.
(46:03):
I don't know whether you canput any kind of a comment in the
description, but I wouldappreciate this as well and I'll
definitely think that you guyswill find it useful.
Speaker 1 (46:14):
Yeah, absolutely All of the links that he mentioned
will be in the description ofthis episode.
You know, as always, you knowit was a real pleasure talking
with you today and everyonelistening and watching.
I hope you enjoyed this episode.
There will be a part two atsome point in time.
All right, well, thankseveryone.
Thanks guys.
Thank you for
Well, how's it going?
Sergey, it's great to get youon the podcast.
You know we've been talkingabout doing this thing for a
while now, right and veryselfishly.
I think I had to, you know,reschedule a few times because I
have a newborn in my house andyou know she just takes over.
Yeah, thank you.
She just has a way of takingover everything, right?
Speaker 2 (00:22):
I can imagine I'm a father of three boys slightly
older than your kid as well, butstill it's like a lot of
homework with them and a lot ofmanaging at home different stuff
.
But again, thank you very muchfor having me.
Yeah, it was long awaited, buta great honor to join your
podcast.
Speaker 1 (00:40):
Yeah, yeah, absolutely Well, sergey, you
know why don't we start with youtelling my audience?
You know how you got into IT,how you got into security.
What did that journey look like?
Was there something that piquedyour interest early on and then
you started, you know, workingtowards it, or what does that
look like for you?
Speaker 2 (01:06):
that's probably an interesting story, I don't know.
Listen, I was like, even beinga small kid, I was like looking
to different kind oftechnologists.
I was one of the first inschool who had the mobile phone,
back in 90 something, 96, 97and I was again one of the first
who had a kind of an old pc athome, like I try, I.
I was kind of a geeky styleperson looking to different kind
of an old PC at home.
I was kind of a geeky styleperson looking to different kind
(01:28):
of technologies.
And then I was a big fan ofdifferent mathematical classes
and so on and so forth and Iwent to study applied
mathematics at the universityand then again it was not
specifically to the cyber.
I was interested in IT ingeneral and I worked as an IT
administrator in differentorganizations when I was kind of
(01:48):
a student, first in firstcourses, and then somehow again
I found the position at thebeautiful AV vendor classical
legacy AV vendor calledKaspersky and I was like wow,
that's interesting.
And even though even like thatwow is maybe not the really
truth, because I joined thecompany in 2002 when the company
(02:09):
was a family, small startup, tobe honest with you, less than a
hundred people were in thecompany when I joined there and
somehow it was like quiteinteresting, the entire journey
of like protecting informationdata from different customers
all over the world.
That was like come on, quitechallenging on one hand and
interesting on another.
(02:30):
And back in those days, let'ssay after one or two years,
there was like I don't know,maybe you were too, too young
those days, but I don't knowthere were like huge global
epidemics let's say I love you,susser, my doom Bagel, all this
kind of a giant epidemics ofcomputer worms and it was very
(02:52):
again challenging to mitigatethem, to understand how they
work, how they distribute and soon and so forth.
And studying applied mathematics, I did an interesting thesis
about predicting the propagationof malware epidemics and we did
a correlation with the oldmedicine kind of models which we
use from old real humanepidemics and we tried to
(03:15):
correlate it with the computerviruses, which again was quite
interesting and interesting toapply it on a daily, daily work
of being a malware analyst.
So this is how I kind of comefirst in the cybersec industry
and then I become a malwareanalyst and I did like at
kaspersky.
Every malware analyst we callthemselves uh, we call those
(03:35):
guys woodpeckers as soon asthey're like pecking on the
keyboard and trying to identify,detect malware in shifts 24, 7,
365 days a week sorry, 365 daysa year, and so on and so forth.
It was quite quite crazy, crazy, interesting time.
And yeah then, doing differentkind of like malware analysis,
reverse engineering job,different kind of a small
(03:55):
research development project Istarted my PhD related to again
the same, more or less samesubject of spreading and
mitigating computer outbreaks,malware outbreaks and then,
after a few years, whenKaspersky decided to create and
found the famous global researchand analysis team, I become a
(04:16):
member of that team andafterwards like managing that
beautiful global team fromMoscow, being part of an
incredible investigation.
I suppose many of your audiencehave seen, read, listened to
different kind of presentationsat different conferences all
over the world.
Speaker 1 (04:34):
Wow, that is.
That's fascinating.
It's like you know, you kind ofjumped into the deep end,
starting out like right off thebat.
Speaker 2 (04:41):
It sounds like Not necessarily, but yeah, yeah, it
was a journey and kind of adifferent different things,
different milestones, different,very, very interesting research
projects and again being partof a vendor.
Yeah, you know it, it's alwayskind of a why do I like this
kind of work, why do I like thisindustry?
(05:02):
It's like always something youit's on a daily basis.
You're learning, you arechasing those cyber criminals.
You're like looking to, totheir ttps and their behaviors
and you're trying to mitigatethem and be a little bit one
step before, like being beingproactive in in mitigation and
it's it's always.
It's always very interesting.
(05:22):
Especially again, besides allthis kind of vendor stuff,
you're part of the most famousresearch team in the industry,
in my opinion at least, how Isee it, and of course, I suppose
everybody has differentopinions, but I think back in
those days, kaspersky's greatteam was the top-notch
researchers.
Again, a lot of hands-on stuff.
(05:43):
I was more focusing on kind ofa team leadership, management or
a kind of a motivation stuff,but also I had my hands dirty in
a couple of different researchprojects as well.
So, yeah, especially againworking with so smart people
from different countries,different regions, with
different kind of an approach towork, different mentalities.
(06:04):
I was like, come on to behonest, wow, wow, interesting,
good old times.
Today I do not provide anycomments about what the company
looks like today or what thegreat team is today, but it's
not.
It's a completely differentstory.
I left Kaspersky just after thisgeopolitical tensions between
Ukraine and Russia when the warstarted.
(06:25):
So I spent almost 20 years inthe company, starting there in
2002, leaving the company in2022.
The war started at the end ofFebruary and, like again,
everybody has their own kind ofred lines and maybe that
particular crazy stuff was mykind of end of my career in that
(06:48):
beautiful company.
First of all, me and my family.
We relocated from Russia toanother beautiful country called
Israel and that was an obviouskind of reason to leave the
company Kaspersky.
And after being almost 20 yearsthere, I decided to look at the
security domain.
Like being inside the vendorfor so long, I said, like
beautiful, that's maybe a littlebit too much.
(07:09):
Let's look at the securitydomain from like another angle,
from completely different domain.
And I joined one of the biggestpharmaceutical enterprise
companies also doing kind of acybersecurity research.
So I was leading theircybersecurity research center,
which then again consisted ofclassical red team, not so
classical but strategic blueteam and classical threat
(07:31):
intelligence Like it's a giantorganization and they're
investing a lot intocybersecurity as soon as their
intellectual property is one ofthe key asset A lot of crown
jewels, a lot of like importantinformation, critical
information to protect sothey're investing into ISR
jewels a lot of importantinformation, critical
information to protect.
So they're investing into ISRMa lot.
And yeah, it was a completelynew world, new experience for me
(07:51):
.
Being inside the vendor and theninside the giant enterprise
organization was such a crazychange, to be honest with you,
but interesting.
It also based on my knowledgeand my vision and my experience.
It gave me really a lot.
And now I'm very happy to besomewhere in the middle, which
is a security service provider.
(08:12):
We're not a vendor, we're notan enterprise, but we're working
with so many different coolvendors protecting different
giant enterprises all over theworld.
And there's a beautiful MSSPcalled Cyberproof and I'm
responsible for a bunch ofsecurity services we're
providing, including kind of ause case management.
This is mainly like detectionengineering so part of the
(08:35):
detection piece and automationon top of this, providing
response and then advancedthreat hunting and cyber threat
intelligence.
So those kind of three servicesI'm responsible at the moment.
Speaker 1 (08:48):
Wow.
So there's a lot that I want todive into.
With your 20 years at Kaspersky, it's really fascinating to me
because I was actually acustomer of Kaspersky for a long
time and I would get critiquedby it, right, like, why are you
going with this Russian productand everything?
(09:08):
But you know, genuinely, Itrusted that.
You know, even though it was aheadquartered, you know security
product in Russia, I stillbelieved, you know, that Russia
probably wasn't monitoring it or, you know, didn't have like a
backdoor or whatever.
I did trust the product orwhatnot.
(09:29):
And I want to maybe backtrackjust a little bit.
Right, when you wereresearching the malware, did you
ever research, you know, likeStuxnet or any of these, like
infamous pieces of malware orhacking tools, even right, that
was, you know, disclosed bySnowden potentially?
Did you ever like reverseengineer any of those?
(09:49):
You know, what was it likepotentially, if you did?
Speaker 2 (09:53):
Me personally, yes, again, not a lot, I'm more
focusing on kind of a leadershipor guiding the guys of where to
go and why to go there.
And not only that, but again myteam, my folks, they did a lot
of reverse engineering of thosekind of NAPTs and it was one of
the most sophisticated stuffwe've ever seen in our lives.
(10:13):
Again, the most interesting andone of my colleagues called it
like we're doing paleontologythe most interesting piece was
to again to track those kind ofanomalies in the traffic.
We analyzed so many kind ofdifferent logs to hunt for those
anomalies, to hunt for thosekind of interesting, spicy stuff
(10:35):
which is not common.
Yeah, and we were quitesuccessful those days.
Definitely not now and maybenot the last many years, but at
the beginning we were very, verysuccessful in finding maybe the
biggest amount of APTs.
And what I'm again talkingabout geopolitics and talking
about this Russian vendor, whatI'm really proud of and I can
(10:56):
say it without any doubts andit's not a marketing terminology
it's like the thing we didreally believe in.
We identified any APTs, nomatter what.
We identified a lot of WesternAPTs.
We found out a lot of RussianAPTs, ukrainian APTs, middle
Eastern, chinese, north Korean.
(11:16):
We didn't really care Like, atleast at the beginning, and
maybe like people in the West,they looked at the Kaspersky and
thought that what are you guysdoing?
Why are you doing all this?
And at the beginning we didn'tmonetize it anyhow.
We didn't even have our ownKaspersky threat intelligence
service.
We launched it after a fewyears, but I saw it, at least on
(11:40):
my level.
I saw it kind of a Robin Hoodof internet.
We didn't care of the origin ofthis kind of a state-sponsored
attack.
Our main goal was to protectour customers.
Our main goal was, as soon asKaspersky had customers all over
the world, as you're saying andI appreciate this a lot, your
trust it means like a lot, atleast to me who was like almost
(12:01):
20 years at Kaspersky.
Thank you for this.
So Kaspersky had the customerbase all over in the US, in
different Western countries, inEurope, of course, russia,
middle East, latin America, allover.
We had those days.
We had so huge telemetry and itwas interesting to analyze this
telemetry.
Speaker 1 (12:42):
Yeah, I bet I remember when I was doing my
figure out, you know the ins andouts of a piece of malware or
whatnot, and I actually remember, you know, during my master's
program I applied to Kaspersky.
I didn't get the job oranything, I didn't even get a
phone call, but you know it waswidely known in the industry
even at that time that, like youknow you want to do, you know
(13:04):
some cool stuff, you want to godo malware, reverse engineering.
Like there's two players,kaspersky is the best one.
Like you should be going there.
You know, if you want to be thebest, you have to go, work with
the best, you have to go.
You know, live it, breathe it.
You know, and that was widelyknown in the industry.
I mean that was a very highlylucrative company to work for.
(13:28):
Even I mean like that's.
Even.
You know I'm in America.
Right, I've never been toRussia.
I would actually love to go toRussia.
I would like to see it becauseI like to travel and see the
history and everything like that.
Speaker 2 (13:37):
Not necessarily now.
Not necessarily now.
Speaker 1 (13:39):
Sorry to interrupt.
Right, right, right.
Speaker 2 (13:40):
But when this whole shit will end?
Definitely this whole shit willend, definitely.
It's a beautiful place.
It's a beautiful place, trustme.
Speaker 1 (13:53):
Yeah, but you know I say that as coming from, you
know, an American looking at aRussian company and saying like,
yeah, I want to work there.
You know, I mean like if theywould have offered me a job in
Europe or Russia or something,at the time, I would have been
like all right, bye, mom, I'mgoing, you know.
Like you know, it doesn'tmatter, respect, I'm going, you
know it doesn't even matter.
Speaker 2 (14:04):
Respect, I'm so happy to hear it.
Listen, in this global researchanalysis team, definitely, we
had guys in the US and maybe youknow some of those names pretty
famous people in the industry,and I was pretty proud to work
with those guys to recruit thoseguys.
Unfortunately, we didn'trecruit you.
Yeah, my fault, you can alwaysblame me about this but yeah, it
(14:30):
was a great, great honor to, toto be part of this still
russian company, having workingwith like people all over the
world, including us, east coast,west coast because first came
back in those days, we did havea bunch of offices in the us.
That market for, of course, waslike, was like very important
market for us, but then allthose geopolitical tensions
started I don't remember 15, 16,maybe I'm wrong already, but
(14:54):
yeah, when all thosegeopolitical tensions started,
that's it, goodbye.
And still, even after I leftthe company in 2022, we still
had, for one or two more moreyears, several people working in
the US From a researchperspective not only business,
not only kind of sales, but alsoa few researchers still worked
(15:17):
at the company even after 2022.
Speaker 1 (15:21):
So you know, in America, right and this is like
pretty well known, I'm notsaying anything, I probably
shouldn't say or whatever, right, but in America, when a
research team at say, microsoftor Google or Apple, whatever
right, let's say a zero date,you know there's a backdoor
(15:45):
communication to the NSA, to theCIA, and say they always say,
hey, I found this thing, can Idisclose it right, or can I
patch it?
Now, me personally, I wouldassume a similar thing happens.
You know, at Kaspersky right inRussia.
I don't see why not.
But did anything ever like thatever take place?
(16:07):
Because it would make sense,right, russia's operating in the
best interests, theoretically,of the Russian people.
It makes sense for them to beplugged into the research side
of that world, of that company.
Was anything like that evertake place or anything that you
could even talk about?
You know, I don't want to putput you at potential risk of
(16:29):
saying something.
Speaker 2 (16:30):
It's first of all, no worries about this.
Second, again, I don't, I don'thave it handy, but we did have a
bunch of zero day announcementsto vendors like certified by
google or microsoft.
So they acknowledged my greatguys for those findings.
So we report, we report thosezero days to the vendors and
(16:51):
again, answering your trickyquestion, I'll tell you like at
least I don't know, I again, myguys, and I know it for sure, my
guys at Global Research andAnalysis team, they reported to
the vendors any findings andthey never reported to any kind
of agencies anything like this.
So it was kind of a kind of andyeah, I'm, I, I trusted this to
(17:14):
my team and I can't sayanything for the rest of the
company.
And again, my my team back inthose days, just for your, for
your information, and I supposeit's more or less known, it's
kind of elite researchers, it'selite reverse engineers, in my
humble opinion, one of the bestin the industry Again, finding
vulnerabilities and doingreverse engineering slightly
(17:35):
different things, but still,even my guys, they found a bunch
of different zero days.
Speaker 1 (17:41):
Yeah, it's just, you know it's a fascinating
situation, you know to kind ofthink about, right.
So you know it's a fascinatingsituation, you know to kind of
think about, right.
So you know, if I were to or ifsomeone were to, you know, try
and get started today.
Right, try and get into malware, reverse engineering today.
What would you recommend thatthey do?
(18:01):
Where should they start?
Is there a book that theyshould get to go through?
And, you know, set up a lab athome.
I mean, there's a lot ofdatabases out there with a bunch
of, you know, different kindsof malware in it that you could
potentially download andhopefully you don't infect
yourself and you know, reverseit right.
But what do you recommend forpeople that are trying to get
(18:23):
started?
Speaker 2 (18:23):
Listen, the simple piece of advice, at least from
my side, if you do want to focuson reverse engineering, which
is slightly strange nowadays,right?
Yeah, I don't know so manypeople focusing on reverse
engineering, but still I know,by the way, very cool young
minds, at least in the countrywhere I live now.
They're such crazy, interestingpeople and they're becoming
(18:47):
more and more so.
It's about self-learning.
It's about there are so manydifferent courses available
online.
Just watch it, read it, playwith it.
The more you have your handsdirty, the better.
As you said, set up some kindof a lab environment at home.
Be careful with all thosepayloads.
I don't know.
And it's just about like theobvious question is why do you
(19:12):
want to do it Like?
What is your main interest?
My usual kind of reply andvision and I did, like so many
different lectures in differentuniversities, not only in Russia
, in many different places, likepeople are asking how do you
define?
Is it like a good reverser or abad reverser?
And you can't define it on thefirst interview, right?
But the obvious thing is thatwhen you're bored by developing,
(19:36):
you're not interested in thedevelopment.
Development is boring whenyou're a big fan of cracking,
when you're a big fan of brokensomething when you're a big fan
of cracking, when you're a bigfan of broken something when
you're a big fan of hackingsomething.
That is the story behind thegood reverser in my experience.
But yeah, it's more or less.
(19:57):
There is no any kind ofuniversity or college where you
can learn for reverseengineering.
It's mainly about a huge amountof time you're investing to
self-learning.
Speaker 1 (20:10):
Yeah, no, it makes sense.
A long time ago I tried to godown a little bit more of that
path, right, to learn it alittle bit better, and I will
when I'm done with my PhD.
But I just remember trying toget I think it was like the
Cuckoo Sandbox, I think it mighthave been I tried to get that
thing working and I just couldnot figure out how to get it
(20:33):
working properly to, like youknow, properly configure it and
have it sequestered off from therest of the device and the
internet and everything.
And I spent probably like amonth just trying to get that
thing to work.
But it, you know, it's a reallyfascinating area, right,
because I'm I'm not a fan ofcoding myself, you know, like it
(20:55):
doesn't pique my interest, it'squite boring.
I'm much more about figuringout how it does, what it does
behind the scenes, you know, andstepping through it like that,
right, like that's what piquesmy interest and that's kind of
where I'm.
I think that's kind of whereI'm going, you know, in my
career path, right, like more ofa security researcher side at
(21:17):
this point, because you knowit's like the Joe why nobody
called you back when you, whenyou submitted to Kaspersky
position Right?
Again my fault.
I'd still be there today.
Speaker 2 (21:30):
Yeah, it's fascinating, you know, and it's
very interesting.
I mean, again, another thing Itruly believe in and it may
sound stupid, I don't know, butwhen I was talking a lot to
different students in differentuniversities, I said, like you
won't even believe howinteresting it is.
You won't even believe howinteresting it is you won't even
believe that only again, on adaily basis you're learning,
you're kind of gaining thisinteresting experience and what
(21:52):
I also tried and I did reallybelieve in this when you show to
those young minds the lightside of the story, the thing
that you can do kind of reverseengineering like hacking, in a
kind of a blue teaming in adefensive way, in a kind of
reverse engineering like hacking, in a kind of a blue teaming in
a defensive way, in a kind of aconstructive, positive way, and
you can also earn good sellers,you can build your brand, you
(22:17):
can deal with so manyinteresting pieces of code
analyzing this code.
That's how I try to motivatethose young mites to look to the
kind of defensive side of thestory.
Well, again, I honestly dobelieve you can't do a very good
defensive without knowing gooddefensive.
So it's always kind of abalance.
(22:38):
It's quite challenging for me,based again on my background and
my kind of a vendor experience,but I still believe that you
have to learn both sides of thestory.
You need to learn all thosekinds of offensive tricks and
what are they doing?
How do they operate all thosekinds of offensive exercises to
(23:00):
again to evolve your defensiveskills as well.
Speaker 1 (23:04):
Yeah, no, it's really fascinating.
I read the Stuxnet book writtenby Kim Zetter I think it was
Zetter.
Yeah, it's a beautiful book, bythe way, it's a okay.
Well, how interesting can shereally make?
(23:26):
You know, a piece of malwarelike sound, you know.
But then you, you hear about itand I mean my my first
impression, right, when I heard,okay, there's different modules
that are encrypted, withdifferent keys, written in
different languages, languagesthat aren't even taught anymore,
right, like the people thatwere reversing it had to go like
(23:48):
find these books that haven'tbeen opened and read in years,
to go and see what the languagewas, to actually figure out what
the module was doing in thecode.
Right with, that piqued myinterest, like that kind of it
(24:11):
almost like cracked my mind opento hearing what's actually
possible.
You know, because you alwaysthink about it in terms of, like
it's A to B, maybe there's a Cstop in this thing, you know.
But you always think, okay,it's not that deep, it's not
that complex, it's not that, notthat crazy, right, but then you
see this level ofsophistication and I mean it,
just it just blew my mind, right, like it just completely blew
(24:32):
my mind, kept me captivated evento this day.
You know, I mean, like I, mywife can't stand me talking
about it, you know.
But like you know, you get megoing down that rabbit hole.
I mean I'll talk for days on.
Speaker 2 (24:44):
I mentioned this paleontology stuff.
It's an interesting term.
We saw ourselves, the entireteam, as the team of
paleontologists.
And again, a quick commentabout this is that, first,
during the last five, seven,maybe seven plus years, there
are not so many announcementsanymore.
There are not so many big APTsanymore.
(25:05):
Do you know why?
Yes, what do you think?
Speaker 1 (25:10):
I mean, I would assume that a lot of them are
being used and deployed rightnow and so it's kind of being
sheltered in the communitysomehow.
Speaker 2 (25:19):
We don't know about them, we don't know.
So what we see and what we knowis like just a peak of an
iceberg.
I do believe in this.
First of all, I don't know thisis kind of my assumption but
I'm pretty sure that there areso many high-level, very, very
(25:39):
sophisticated, state-sponsoredAPTs that we simply I mean that
makes sense.
Speaker 1 (25:42):
You know like, we're not aware of them until it's
like already done its thingright, until it's already done
its damage.
I mean with Stuxnet, it was inIran's nuclear facilities for
years, apparently, and I meanwhen I heard that they ripped
out every cable in thosefacilities, you know, and
replaced it three, four, fivetimes over.
(26:06):
I'm sitting here like man.
If I was that engineer, if I'mstill alive at the end of all
that, right, I mean I still haveno answers.
You know, like, how do youexplain?
Okay, I ripped out the entireinfrastructure, shredded the
servers, shredded the cables,and this thing is still in our
network and we don't even knowwhere it is.
(26:26):
You're right, you're right.
Speaker 2 (26:35):
Joe, may I ask you another tricky question at least
, or at least the kind of aquestion that community is
talking about quite a lot, andI'm thinking myself about this a
lot and I don't have like aproper answer, to be honest with
you, but I wanted to share itwith you and maybe it will be
interesting for your audience aswell.
What about kind of again nationstate actors which are doing
counter-terrorist operations?
Do vendors should detect it?
(26:55):
Do researchers should detect itor not?
And how do you know when you'refound something that it's a
counter-terrorist operation?
Speaker 1 (27:03):
Yeah, that's an interesting question, right.
That's an interesting question,right.
That's really hard, because ifit is like, let's say, you're an
American company, Americanresearch team, right, and you
discover something that, likethe NSA or the CIA is using in
an active mission, you knowthey're not signing their code
(27:26):
with hey, this was the NSA,right, there may be different
markers in it like thistechnique.
Speaker 2 (27:34):
We'll interrupt you for a sec.
This is more or less I knowwhat you will say next, like
more or less understandablesituation.
But if you're not an Americanresearcher, if your research
team is not based in the US, ifyour research team is based,
let's say, in some neutral placeI don't know Swiss and you
found some NSA operation Again,I'm just imagining.
(27:57):
I'm sorry for opening thisdiscussion, but I'm thinking
about this a lot.
Where is this fine line?
Where is this fine line and howto understand?
What exactly did you find?
Speaker 1 (28:11):
this fine line and how to, even, how to understand
what exactly did you found?
Yeah, I think so honestly.
I I think research teamsthemselves should be unbiased,
you know, regardless of thecountry that they reside within.
You know they need to beunbiased because if they're not,
if they, if they are biased,then you, then you're going to
have an American company that'sonly disclosing Russian or Iran
(28:34):
APTs, right Like the enemy APTs,but none of the NSA, right?
That feels unfair and wrong, tobe honest with you, because
everything in security is builton trust, whether you're talking
about a network or me to you,right Like there's some level of
trust there that takes place,and I think when, especially for
the research community withincybersecurity, I think once the
(28:57):
trust breaks down there, thewhole community as a whole
begins to break down and youknow you can no longer then
trust your vulnerabilityscanners, you can't trust all
the threat intelligence that youhave and all that sort of thing
, right?
So it needs to be as unbiasedas possible, in my opinion.
Speaker 2 (29:14):
I agree and I like your answer.
I appreciate this vision.
I think more or less the sameway.
At the end of the day as soonas this was my background when
we started, when we startedfinding all those kind of cool
APTs the main message, the mainmission behind was we don't care
.
We don't care Our customers allaround the world, our customers
(29:37):
in the US, our customers inRussia, our customers in Western
countries, in Eastern countries, in Iran, in Israel, in Egypt,
in UAE, whatever those guys arethe most important and customers
I mean B2C, b2b, b2g, b2,whatever, so any kind of level
customers.
So that was a priority and thisis kind of my mindset.
(30:00):
I believe that I don't careabout who is standing behind and
it can sound maybe stupid, Idon't know, but yeah, that's how
we were thinking about this.
Speaker 1 (30:13):
Yeah, I mean, you know it's not like these viruses
are only meant for, you know,let's say, like a Russian domain
or a domain in Iran or anythinglike that.
I mean even Stuxnet, with howprecisely it was made.
Eventually it was modified tothe point to where you're
(30:35):
starting to find it on justnormal civilian, you know,
laptops and desktops andcompanies that had nothing to do
with either party or thesituation you know.
Speaker 2 (30:46):
And again, you know why?
Right, because those guys needto test their development
somewhere.
Speaker 1 (30:53):
They can't test it in the real target, they need to
test it somewhere else,Especially when it's something
as sensitive, you know, just asStuxnet right.
That's the example.
But a great way to test it isto just launch it into the wild
and if it destroys a whole bunchof computers, okay, that was
(31:13):
too aggressive.
That's not what we were aimingfor.
We were aiming for somethingthat looks for this hardware,
where, in reality, it just saw aDell laptop and was like, yeah,
I'm going to siphon all thedata.
Yeah, I'm going to siphon allthe data, right.
But yeah, that's a great way oftesting it.
If you look at the initialtests of Stuxnet right, when
they blew up that generator inIdaho National Labs, I mean that
(31:39):
was a very precise thing, butthey still had to go blow up a
generator that's worth like$100,000 to prove it out.
Speaker 2 (31:46):
And, Joey, if you don't mind, let me make, at
least for me, a reasonablebridge to what's happening today
.
Like today and this is one ofthe obvious trends and this is
what we like differentresearchers, different vendors
are like talking over and overagain.
The lines of the borders areblurred so you don't even know
whether it's a state-sponsoredAPT, whether it's a cybercrime,
(32:09):
ransomware operation, whetherit's some hacktivist bullshit.
It's all kind of a mix ofdifferent kind of approaches and
it's not the same kind of athreat landscape like it was 10,
15 years ago.
Now there are no kind ofborders between those three,
those four or five differentscenarios.
Speaker 1 (32:30):
Yeah, no, it's a fascinating world which kind of
takes me to, you know, I guess,the next part.
I mean, like man, I feel likewe could talk for another three
hours, right, like I need tohave you back on.
I'll tell you that right now.
Speaker 2 (32:47):
I may well be happy.
I'm enjoying it as well, solet's schedule something yeah,
yeah, absolutely.
Speaker 1 (32:53):
But you know, with how the world is going and
evolving right now I mean wehave major geopolitical events
going on, right.
I mean like it feels like itfeels like the world is, you
know, any random day of the weeknow, right, which is very
unfortunate that we're in thistype of situation.
And with the advent I don'twant to say the advent, but with
(33:18):
the evolution of where AI isright now and quantum computing,
are you seeing potentially, youknow new kinds of attacks that
you know we've never seen before, exploits that we've never seen
before, never even thought ofbefore, that are entering?
You know the wild potentiallygenerated by AI and maybe
(33:41):
hacktivist groups, or you knoworganized crime groups.
I had someone on that wastalking about you know these
hacker groups, right, and theywere saying how the legacy, you
know mentality of it, is that,oh, there's a bunch of nerds
that are on some IRC chat, right, living out of their parents'
(34:04):
basement.
You know that.
Call themselves a certain groupthat get a zero day here and
basement.
You know that.
Call themselves a certain groupthat get a zero day here and
there.
You know that, like you know,make CNN right for 24 hours or
something like that right?
Well, they described it now asbeing closer to, like the mafia.
You know it's more closer toorganized crime legitimate
organized crime groups that are.
(34:26):
You know hacking companies thatI mean in the security world,
these companies, they seem likethey're top-notch companies
where it's places that I wouldwant to go work.
Right, are you seeing a newevolution of you know these
attacks that are?
Speaker 2 (34:42):
coming out.
Joe, 100%, you're absolutelyright.
If you don't mind, I will notprovide any comments about this
quantum computing threats orsomething and the reason behind
is simple.
That again, don't get me wrong.
Maybe I'm wrong, Maybe you knowbetter.
I haven't seen any kind of realquantum computing threats or
(35:03):
something, Some concepts maybe,some kind of I don't know, even
I will not say POCs or something.
People are like buzzing aboutthis, but real, tangible quantum
computing threats, what are wetalking about, While at the same
time and again, maybe I'm wrong, I can admit, but at the same
time definitely we are movingfrom kind of a threat landscape
(35:24):
dominated by large, slow-movingactors to, as you said, to a
very agile, automated systemincredibly powered by all this
AI, agentic stuff.
Threat landscape, as, likeseveral key kind of trends or
shifts I already mentioned,nation states have blurred the
(35:45):
lines between cybercrime andcyber espionage, between nation
state APTs and ransomwares andhacktivists and so on and so
forth, Often again using proxiesor kind of a dual useuse
operations.
A lot more.
We see it more and more.
Ransomware as a service hasevolved as well, being much more
(36:06):
professionalized.
The cybercrime economy, withthe supply chains that rival
software startups a lot of and Iknow it's your kind of area of
expertise.
A lot of cloud exploitation hasbecome one of the top priority
targets due to misconfigurationsand I don't know,
identity-based attacks,attackers to scale social
(36:28):
engineering, phishing,reconnaissance with like minimal
effort and a lot of kind ofspeed up, making it much more
faster than before.
Speaker 1 (36:45):
Yeah, you know, it used to seem like, you know,
creating a hacking tool was justso out of the realm of
possibility, right, at least formyself.
I mean, maybe I'm an idiot,right, like I don't know.
You know Python and C++, youknow inside and out or whatever,
but it just seemed like thatwas reserved for an elite group
(37:09):
of people that dedicated a wholelot of time to creating these
tools.
You know to use them either forgood or bad.
Right to creating these tools.
You know to use them either forgood or bad right.
And now with LLMs, you know I'ma heavy user of Grok.
It's maybe a little bitembarrassing how much I use it,
but I use it quite a bit, youknow.
(37:31):
And just for fun, right, Istarted having Grok create me.
You know, a hacking LLM Notreally even a hacking LLM, it's
like a hacking AI model.
Where it starts, it has a basemodel.
It learns from all the previousattacks, looks at all the
different kinds of malware outthere and then it starts, you
(37:53):
know, formulating new attackmethods and hacking tools,
reconnaissance tools.
Works you right through theMITRE framework, right?
And you know, logs it all.
There's a new iteration that Ihave to put it through.
It's up on my GitHub but it'snot public, right, I'm a little
bit nervous about making itpublic, but it's so accessible,
(38:14):
right, like I'm not, I'm not adeveloper, I am not a developer
and I can just put it into Groksay hey, give me a nice UI.
Right.
Build this on a Linux OS.
Right, like.
Make this the core OS component.
Right, base it off of KaliLinux.
Or base it off of Parrot OS.
Make it portable so I could runit on a Raspberry Pi.
Right, like that's actually.
One project I'm doing right nowon the side for my PhD is
(38:35):
actually getting Kali Linux iton a raspberry pi, right, like
that's actually.
One project I'm doing right nowon the side for my phd is
actually getting cali linuxrunning on the docker container
on my android phone, just to seeif I could do it right, because
I kind of want to walk aroundand, you know, maybe hack some
wi-fi networks as I go, which no, can you elaborate a little bit
more, like I yeah I.
Speaker 2 (38:55):
I watched your previous series, but if you can
just just to remind what is themain story behind your PhD.
Speaker 1 (39:01):
Yeah, yeah, so my PhD is.
It's focusing on cybersecurityand satellites, specifically
deploying the Zero TrustFramework to satellite
infrastructure in an effort toprepare it for post-quantum
encryption.
So a part of my research asidefrom the technical aspects right
is actually meeting withexperts in each of these fields
(39:25):
to discuss it with them and kindof give them, like I call it,
like leading questions, almostright to where it's not exactly
addressing the research, butit's a component of the research
and all of these things arelining up to support each other.
Hopefully it's not exactlyaddressing the research, but
it's a component of the researchand all of these things are
lining up to support each other,hopefully or maybe I'm an idiot
(39:47):
and none of it's going to workright, but I think I have a
pretty good shot at actuallymaking it work.
Speaker 2 (39:53):
Wow, wow.
First of all, sounds sexy andinteresting and very futuristic.
I mean, definitely you're likelooking to kind of a future,
potentially future attacks,which is like always interesting
.
Speaker 1 (40:04):
Yeah, you know that's .
The thing that I love aboutcybersecurity is that there's
always something else that I canlearn and still stay in the
same field.
That's kind of what drew me toit.
What about that?
Speaker 2 (40:17):
kind of a feeling that you're always behind.
You always have to learnsomething new again on a daily
basis.
What about this kind of afeeling like you can't be pro.
You can't be pro, you have toadmit Because, on a daily basis,
new technologies, new kind oftools, new domains, new, as
(40:39):
you're in a domain for 10, 15,20 years.
Speaker 1 (40:42):
You know it inside and out.
You know it better than theback of your hand right, and so
(41:05):
you build an ego with it,whether you emphasize it or not.
With it it's a comfortabilityzone and for me, I try to remove
all the ego from everythingthat I do and I go into it
assuming I just know nothing.
You know, and I'm used to thatfeeling Like I'm so used to it,
I embrace it.
And you know, when I'm talkingto other, like friends in the
(41:27):
industry and they're you knowthey're asking me that question
it's like, well, I get, I getreally uncomfortable when I'm
comfortable, right, like mycomfortable.
My comfortable part of my lifeis actually my nine to five and
I'm trying to switch that up tomake sure that I'm not
comfortable with my nine to fivenow as well.
Hence the security researcherpart.
But yeah, like something Idon't know what it is Something
(41:51):
in me, if I'm too comfortablefor too long, I get really
uncomfortable and I call itembracing the suck right when
you're going into something thatis going to suck every step of
the way, like I mean when I'mdoing my research.
I'm sitting over here like I amsuch an idiot.
Why did I start this.
I'm not a quantum researcher.
(42:12):
I can barely spell quantum.
You know why did I go?
Why did I choose quantum withsatellites, right, I don't know
anything about.
Did I choose quantum withsatellites?
Right, I don't know anythingabout satellites.
I've never worked for NASA,I've never worked for the
government, you know, like Idon't know anything about
satellites, I know zero trustbecause I've deployed it, I use
it, I talk about it.
But these other two, you knowmain components, right, like I
(42:36):
have to embrace the fact that Iknow nothing and now I'm going
to lean on the community tohopefully learn, right?
I can't tell you how many timesI've had to reread research
papers on quantum because I justcould not follow along with
what they were saying.
And then I have to pop it in agrok and say explain it to me.
Like I'm a nine-year-old, youknow.
Speaker 2 (42:58):
Joe, respect, respect , explain it to me like I'm a
nine-year-old, you know.
Like, joe, respect, respect,I'm completely honest with you.
It's, it's, it's cool.
It's cool how, how like kind ofa passion you are you are about
all this and how passionate andhonest.
So I like, I like the way youare, you're explaining and
sharing this yeah, thanks I.
Speaker 1 (43:13):
I really appreciate that not not a lot of people get
that level of passion out of me, you know, but like I feel like
I could tell you know you'repassionate about like threat
intelligence and malwareanalysis and everything like
that, you know, and it's itspikes that interest in me right
again, right where I'm like man, I need to be a security
(43:34):
researcher, I need to be goingand doing this, you know.
Speaker 2 (43:36):
It's never late, and then I definitely you have a
solid background for coming backto this security research area.
Speaker 1 (43:46):
Yeah, absolutely Well , you know, Sergey,
unfortunately we're at the topof our time and I really try my
hardest to stay on top of, youknow, the time that I set for
everyone, so I don't want to goover.
I know everyone has a reallybusy schedule.
But you know, I definitely wantto have you back on for a part
two where we dive into more ofwhat you're doing now and, you
(44:07):
know, focus on that and maybegive some career advice to
people that are starting out,that want to, you know, get into
the field and whatnot Withpleasure.
Speaker 2 (44:15):
I have a lot of interesting insights to share
and, again, as I explained, kindof my career being so many
years inside the vendor, then afew years inside enterprise and
now being part of serviceprovider.
It's kind of a very, verydifferent roles, very different
domains.
But I'd love to share moredetails about this and, yeah,
let's definitely set upsomething for the future.
(44:37):
Yeah, absolutely, well, you knowbefore I let you go.
How about you tell my audiencewhere they could find you if
they wanted to connect and maybe, you know, learn a little bit
more about you, and where theycould find your current company
(44:58):
if they wanted to?
You know, learn more about theservices that you guys are
offering?
Sure, thank you for this, joe.
First of all, linkedin I'm notthat kind of active in LinkedIn,
to be honest with you.
It's kind of again Swierskibackground probably.
But at least all the recentwebinars, publications, research
we're doing, I'm trying to post, so Sergey Novikov at LinkedIn
and I hope it's not thatdifficult to find me there.
And then Cyberproof Again,don't get me wrong, it find me
(45:19):
there.
And then CyberProof again,don't get me wrong, it's a very
niche, interesting serviceprovider.
We are trying to build our ownbrand and image into like
security research and threatintelligence.
So recently we started likedoing a lot of public research
and different, different kind ofpublications.
So I want to encourage you guysto go to sampleproofcom domain.
Look at what we're offering interms of like service portfolio
(45:43):
and a research blog.
I think, again, the recentpublications are good enough
from a quality perspective andinterest like general interest
perspective, there is like a lotof tricks, suggestions, tips
for threat hunters, how tobetter hunt for that specific
actors, threats, tdps and so onand so forth.
So please take a look.
(46:03):
I don't know whether you canput any kind of a comment in the
description, but I wouldappreciate this as well and I'll
definitely think that you guyswill find it useful.
Speaker 1 (46:14):
Yeah, absolutely All of the links that he mentioned
will be in the description ofthis episode.
You know, as always, you knowit was a real pleasure talking
with you today and everyonelistening and watching.
I hope you enjoyed this episode.
There will be a part two atsome point in time.
All right, well, thankseveryone.
Thanks guys.
Thank you for
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
New Heights with Jason & Travis Kelce
Football’s funniest family duo — Jason Kelce of the Philadelphia Eagles and Travis Kelce of the Kansas City Chiefs — team up to provide next-level access to life in the league as it unfolds. The two brothers and Super Bowl champions drop weekly insights about the weekly slate of games and share their INSIDE perspectives on trending NFL news and sports headlines. They also endlessly rag on each other as brothers do, chat the latest in pop culture and welcome some very popular and well-known friends to chat with them. Check out new episodes every Wednesday. Follow New Heights on the Wondery App, YouTube or wherever you get your podcasts. You can listen to new episodes early and ad-free, and get exclusive content on Wondery+. Join Wondery+ in the Wondery App, Apple Podcasts or Spotify. And join our new membership for a unique fan experience by going to the New Heights YouTube channel now!