How can you be a good security researcher

How can you be a good security researcher

So You Want to Be a Security Researcher? Here is how its done!

So you want to be a security researcher? Security researchers are much in demand these days due the rise in cyber security threats as well as growth in tech companies. Some of you want to become a security researcher for the fame it offers while others may be in it for the awesome money. Security researchers need a broad set of skills to investigate a constantly-changing threat landscape. But if you broaden your spectrum you may end up being a jack of all trades. Therefore specializing in areas such as reverse engineering or network forensics will boost opportunities for you.
A reader on Quora aptly put the following requirements for becoming a security researcher :

  1. Firstly, one should know many programming language  like Java, Python, Ruby, C and many more. First the learning part, learing C and C++ programming language will set you up nicely. The two languages will open the doors for further learning.
  2. Secondly one should have proper knowledge of computer system i.e., operating system and computer networks and  how these work. You should learn how the internals of operating systems work. Here reverse engineering will help you immensely.
  3. Also study the tools and software which check for vulnerabilities. Reverse engineering these will give you a pretty good idea how you can hack computer system and networks.
  4. Practice!  At this point get to master the first three steps above until you know everything about each one inside and out. For tools just focus on IDA-Pro, Ollydbg, Immunity Debugger and Windbg.
  5. Join online courses offering certified hacking courses.
  6. Read books. There is no substitute to a bit of learning and books are the best bet. There are many books like The Art of Deception , The Art of Intrusion by world famous former Hacker Kevin Mitnick

Security research includes a wide spectrum of tasks, says James Treinen, vice president of security research at ProtectWise, developer of a cloud-based platform that uses a virtual camera to record everything on an organization’s network, letting security personnel see threats in real- time.

Security researchers take apart malware to see what vulnerabilities the malicious software is exploiting and glean intelligence out of the malware – how it communicates and how it is structured. They use that information to track adversaries and groups by the attack methods they have deployed. Among other things, they then build behavior profiles so security analysts and incident responders can find future instances of the malicious software.
Another user from StackOverflow has a different perspective, he says :

A security researcher does research, and that’s a wide term.
One side of research is academics. Go to a university, study, study more, do a PhD, and voila! you are a researcher. Academic studies are, well, academic, which means that they are not necessarilypractical; but knowing how to do research means that you know how to learn, and you can then catch on the practical side of things.
The other way is to start by the field work. Try exploits, learn programmation, spend some time on machines, spend more time, and after having accumulated experience you will have an extensive skill range. You will then be able to rely on that experience to catch on the theory which you initially neglected.
Either way, the two key ingredients are spending time and learning theory, not necessarily in that order.

To become a security researcher (or any kind of researcher) you choose a security topic and master it. Learn everything about this topic, and if you explore this topic far enough will find something new. A CVE on your resume will work wonders during a job interview.
In the security industry right now web applications are king, closely followed by mobile applications. Master the owasp top 10, hack DVWA and hunt for bugs in open source web applications. Write exploits for these flaws, report them to the developer and obtain a CVE number.
Search for breadcrumbs left by cyber criminals. Study a malware. You can get automated tools to break a particular malware and assemble code to determine how it executed an attack. Once you understand the execution part, you are more closer to being a security researcher than you think.
Remember, a life of a security researcher is hard. Sometimes they are arrested by police even for reporting flaws or exposing leaks in public. Other times you may run foul with a particular cyber criminal or hacking group who may dox you, threaten your or hack your accounts.
It also helps to study a particular hacker like the member of Hacking Team who published his exploits online. In the end, if you strive long enough and are patient, you will become a good security researcher.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Ramesh Adhikari

Poet, novelist, Engineer


i blog about everthing


Attempt to Rise Above.

Chris Martin Writes

Sowing Seeds for the Kingdom

BJ Thoughts...

80% of it is pure imagination

Dean J. Baker - Poetry, and prose poems


Paul Bernal's Blog

Privacy, Human Rights, Law, The Internet, Politics and more

CW McDonald Photography - Imperfections & Imagination

SG Photography

❈ Silvia Ganora Photography ❈


Mike Caulfield's latest web incarnation. Networked Learning, Open Education, and Digital Polarization

Jean Philip De Tender

everything is a story

Eagle-Eyed Editor

Making you laugh and learn about writing, editing, social media and more!

austin vivid photography

heather schramm-lifestyle photographer


Was I born a masochist or did society make me this way? I demand unconditional love and complete freedom. That is why I am terrible.

%d bloggers like this: