Breaking Into Zero-Day Research and BSides DC 2019

We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.

bsidesdc.png

Computer security and hacking have always been a fascination of mine. I started dabbling with building web sites and programming at a young age, but I quickly found out I enjoyed breaking code more than building it. My favorite movie back then was The Matrix… go figure! I didn’t know it at the time, but I was building foundational skills I’d need for my career path.


After completing undergrad 10 years later, I knew I wanted to be in security, and I was certain I wanted to make a living out of hacking. It didn’t all fall into place immediately though. I graduated with a computer science degree, and landed a job as a software developer. This didn’t turn out to be my only dev role either. I also enrolled in a graduate degree program specifically for infosec.


While I was a developer, I made it known that I wanted any and all opportunities to work on security-related issues. Fortunately, no one else wanted these types of tasks. I was given tasks such as fixing OWASP Top 10 found by external pentesters and also administration of web and database servers. I was stoked to be getting security-related experience!


Deep down, though, I knew I wanted to be the person finding the vulnerabilities. I applied for many penetration tester positions with no luck - I had no experience as a pen tester. Determined to fast-track my credibility, I made the move to get Security+ and Network+ certified. This turned out to be a well-timed move, and I landed an interview for “Junior Vulnerability Research Engineer” at Tenable. I was familiar with Nessus, but had never considered writing vulnerability checks as a career path. It turned out to be the best move I ever made, and the rest is history.


Being a researcher at Tenable is truly unique. As a researcher here, I’ve had the opportunity to explore the internals of many commercial applications. This means digging under the hood to either get at the source code or assembly instructions. Having a role in research really allows you to dive deep and focus on the finer details. Now that I am on the 0-day research team, I believe I’ve found my calling. I get to tear products apart and dig as deep as it is necessary to find the vulnerabilities - it’s a learning experience like no other.


When I first joined Tenable, I was drawn to Nessus. Nessus had earned its reputation as one of the best vulnerability assessment solutions around, and I was beyond excited to have the opportunity to check out the internals. Since joining, I’ve found that Tenable is an awesome company to work for! The company culture is invigorating, and I’m constantly learning from the folks I work with. 

 Image_from_iOS_(8).jpg


A large part of my role on the 0-day team is to externalize our vulnerability research by writing tools and exploits. We also write technical blogs and give conference presentations. By sharing our findings, we are directly contributing to the larger infosec community. If we all contribute, I believe we can learn from each other to improve security for the greater good.


This year, I had the pleasure of presenting and sharing our Research findings at Security BSides D.C., where I was a first-time speaker. The conference served as the perfect venue to get my feet wet. I felt that the audience was extremely engaged, and there were many thoughtful questions presented to the team following the talk. This type of positive experience from the Bsides community definitely makes me want to have more opportunities to present and share the 0-day research team’s discoveries with the infosec community.


Security Bsides D.C is an invaluable place to learn, share, and connect. Attending the conference allowed me to hear great things about the trainings first hand from attendees saying the talks were not only interesting, but something they could use in their career. Meeting with folks in the security space is truly unique and I was able to walk out of there with a new perspective. Everyone is friendly and willing to share what they know from their experience in the field. It taught me the importance of leaving your comfort zone and throwing yourself into the mix when necessary in order to accomplish new challenges. 

For those of you interested in breaking into 0-day research or security research in general, here is some advice I wish I would have gotten a few years ago. First and foremost, be patient with your progress. It takes time to develop skills and reach goals you’ve set for yourself. Even if you’re not in a security role now… maybe you’re a developer or system admin... the experience you’re gaining is going to shape your instincts as a researcher. That brings me to my next piece of advice: broaden your skill base as much as you can. Take time to develop a variety of different skills, and once you have a clear view of the entire security landscape, you can go deeper where you want. Learn a little bit of everything: system administration, coding in multiple languages, reverse engineering, networks, etc. I’d also like to touch on mindset. Have a curious mind. Pay special attention to the minute details. And as Offensive Security says, “try harder.” Finally, engage with the infosec community. Publish your work, study the work of others, and definitely attend conferences.


If you specifically want to get into 0-day research, definitely take a look at our BSides DC presentation. 


Author: Chris Lyne, Zero-Day Senior Research Engineer

Published on Nov 1, 2019

Jobs you might be interested in:

Commercial Territory Manager - Spain

Staines upon Thames Surrey United Kingdom Staines upon Thames, Surrey, United Kingdom Sales Sales
The Commercial Territory Manager will meet and exceed quarterly sales quota by developing new opportunities.  Duties include researching and identifying potential accounts; outbound cold calling to solicit new accounts; building rapport; providing...

Security Consultant - Operational Technology

Staines upon Thames Surrey United Kingdom Staines upon Thames, Surrey, United Kingdom Professional Services Professional Services
The Security Consultant role performs Tenable product installation, configuration, customization, and security audits for our clients.Your Role: Executing client engagements that exceed expectations based on strong understanding of the client’s bu...

Senior Software Engineer

Columbia Maryland United States Columbia Gateway Drive, Columbia, Maryland, United States, 21046 Engineering Engineering
Your Role:Are you excited about the opportunity to work with microservices at scale? Do you like knowing that the changes that you deploy to production will improve the customer experience of many users world-wide? Do you like both the exciting, f...

Senior Software Engineer

San Jose California United States E Santa Clara St., San Jose, California, United States, 95113 Engineering Engineering
Your Role:Are you excited about the opportunity to work with microservices at scale? Do you like knowing that the changes that you deploy to production will improve the customer experience of many users world-wide? Do you like both the exciting, f...

Enterprise Territory Manager - Austria

Vienna Vienna Austria Vienna, Austria Sales Sales
Your Role:Tenable is currently searching for an Enterprise Territory Manager, who is responsible for establishing and developing business through existing and new clients in their territory.Your Opportunity: Maintain and develop the existing clien...

Security Sales Engineer

St. Louis Missouri United States St. Louis, Missouri, United States Sales Engineering Sales
Your Role:Tenable is seeking an experienced Security Sales Engineer to own and drive the Business and Technical aspects of strategic Enterprise selling in your assigned region. You will be partnering with Enterprise Territory Managers and a strong...

Protect the future - and create your own -

with The Cyber Exposure Company.


At Tenable, we’re all about innovation, creativity and purpose, with a passion for designing solutions that are transforming security – and making a difference in people’s lives. Cybersecurity is one of the world’s fastest growing fields, and our fresh ideas and trusted solutions are revolutionizing the industry. We have big plans for continued global growth, and we’re looking for people who are creative, flexible and dedicated to helping us build something great – something that matters.

 

See all open positions: Click here

Text, Plot, Number, Symbol, Diagram