Computer security and hacking have always been a fascination of mine. I started dabbling with building web sites and programming at a young age, but I quickly found out I enjoyed breaking code more than building it. My favorite movie back then was The Matrix… go figure! I didn’t know it at the time, but I was building foundational skills I’d need for my career path.
After completing undergrad 10 years later, I knew I wanted to be in security, and I was certain I wanted to make a living out of hacking. It didn’t all fall into place immediately though. I graduated with a computer science degree, and landed a job as a software developer. This didn’t turn out to be my only dev role either. I also enrolled in a graduate degree program specifically for infosec.
While I was a developer, I made it known that I wanted any and all opportunities to work on security-related issues. Fortunately, no one else wanted these types of tasks. I was given tasks such as fixing OWASP Top 10 found by external pentesters and also administration of web and database servers. I was stoked to be getting security-related experience!
Deep down, though, I knew I wanted to be the person finding the vulnerabilities. I applied for many penetration tester positions with no luck - I had no experience as a pen tester. Determined to fast-track my credibility, I made the move to get Security+ and Network+ certified. This turned out to be a well-timed move, and I landed an interview for “Junior Vulnerability Research Engineer” at Tenable. I was familiar with Nessus, but had never considered writing vulnerability checks as a career path. It turned out to be the best move I ever made, and the rest is history.
Being a researcher at Tenable is truly unique. As a researcher here, I’ve had the opportunity to explore the internals of many commercial applications. This means digging under the hood to either get at the source code or assembly instructions. Having a role in research really allows you to dive deep and focus on the finer details. Now that I am on the 0-day research team, I believe I’ve found my calling. I get to tear products apart and dig as deep as it is necessary to find the vulnerabilities - it’s a learning experience like no other.
When I first joined Tenable, I was drawn to Nessus. Nessus had earned its reputation as one of the best vulnerability assessment solutions around, and I was beyond excited to have the opportunity to check out the internals. Since joining, I’ve found that Tenable is an awesome company to work for! The company culture is invigorating, and I’m constantly learning from the folks I work with.
A large part of my role on the 0-day team is to externalize our vulnerability research by writing tools and exploits. We also write technical blogs and give conference presentations. By sharing our findings, we are directly contributing to the larger infosec community. If we all contribute, I believe we can learn from each other to improve security for the greater good.
This year, I had the pleasure of presenting and sharing our Research findings at Security BSides D.C., where I was a first-time speaker. The conference served as the perfect venue to get my feet wet. I felt that the audience was extremely engaged, and there were many thoughtful questions presented to the team following the talk. This type of positive experience from the Bsides community definitely makes me want to have more opportunities to present and share the 0-day research team’s discoveries with the infosec community.
Security Bsides D.C is an invaluable place to learn, share, and connect. Attending the conference allowed me to hear great things about the trainings first hand from attendees saying the talks were not only interesting, but something they could use in their career. Meeting with folks in the security space is truly unique and I was able to walk out of there with a new perspective. Everyone is friendly and willing to share what they know from their experience in the field. It taught me the importance of leaving your comfort zone and throwing yourself into the mix when necessary in order to accomplish new challenges.
For those of you interested in breaking into 0-day research or security research in general, here is some advice I wish I would have gotten a few years ago. First and foremost, be patient with your progress. It takes time to develop skills and reach goals you’ve set for yourself. Even if you’re not in a security role now… maybe you’re a developer or system admin... the experience you’re gaining is going to shape your instincts as a researcher. That brings me to my next piece of advice: broaden your skill base as much as you can. Take time to develop a variety of different skills, and once you have a clear view of the entire security landscape, you can go deeper where you want. Learn a little bit of everything: system administration, coding in multiple languages, reverse engineering, networks, etc. I’d also like to touch on mindset. Have a curious mind. Pay special attention to the minute details. And as Offensive Security says, “try harder.” Finally, engage with the infosec community. Publish your work, study the work of others, and definitely attend conferences.
If you specifically want to get into 0-day research, definitely take a look at our BSides DC presentation.
Author: Chris Lyne, Zero-Day Senior Research Engineer