As a new malware threat to UK banks raises the alarm, security guru Amit Klein reveals what it takes to work at the top in digital security. By Helen Beckett [Published 06/07/2010]
Internet browser security company Trusteer has identified a new strain of malware targeting UK banks and detected by fewer than 20% of antivirus systems because it is a regional variant. Additionally, Trusteer reports its discovery of two UK-specific Zeus botnets, which consist of UK-based computers and only target UK-based banks.
Tips for digital detectives
Against a backdrop of increasing cybercrime, the work of the digital police digital remains critically important to keep UK consumers and businesses safe online. With demand for good security specialists remaining strong, the chief technology operator and founder of Trusteer, Amit Klein, described to CWJobs the qualities required to succeed.
"Above all, you need someone who has a sharp and logical mind who’s not distracted from the main problem. Analysis of malware can be a long and frustrating process and you need to be able to reach firm conclusions from your investigations", explains Klein.
Reach the right conclusions
Klein also highlights the value of quantitative thinking in his security team: "If I ask someone in interview how many terabytes there are in a petabyte and they start fumbling, it’s not a good sign."
Understanding the guts of computers and how they work is key: understanding the CPU, the operating system and the compiler is critical, in order to conceptualise how malware could infiltrate a system.
The final piece of the security professional’s ‘photofit’ is reverse engineering. "It’s necessary to be able to take a binary file and understand it without having to actually run it," says Klein. For this kind of patient detective work, a mathematical or science degree might be evidence of the right kind of thinking but, by itself, is no guarantee of competence.
Do your groundwork
"One of my best researchers has no formal academic degree” says Klein, adding, "I’m not convinced that these very specific capabilities are the kind of thing an academy can teach."
For IT professionals with a nose for digital detective work, learning how to do the groundwork is the best start, confirms Professor John Walker from Information Systems Audit and Control Association. He suggests that IT pros with security aspirations should find a job with one of the major financial institutions.
“The biggest threat is that people don’t realise that there’s a threat out there. The perception within organisations is that ‘we’ve all got our anti-virus installed’ – but it’s often past its sell-by date.”
A good security professional is always agnostic about product and service and has no particular allegiance to a vendor, says Walker. Ethical behaviour is another pre-requisite: “I know of a security professional who opened an email he knew was infected with a virus because he wanted to see ‘what happened’!”
On another occasion, Walker observed an overconfident IT worker make a bad judgement call on a virus infection.
“Every piece of hardware on the network had its permissions blown wide open – he went to lunch and told no one. It cost the bank £2million.”
[Search for security jobs | search for banking and finance IT jobs]
With thousands of vacancies from hundreds of employers to browse, CWJobs has a huge variety of permanent jobs, IT contract jobs and IT graduate jobs on offer, as well as the most IT jobs in London and IT jobs in Scotland.
You can upload your CV today and let employers contact you directly, and you can sign up to receive regular jobs by email.
- New jobs for security specialists
- Raising the profile of your professionalism
- The thin-client revolution
- Swindon wi-fi city creates tech jobs
- IT spending cuts confirmed
- Cloud computing calls for new skills
Search IT jobs:
- Search for contract IT jobs
- Search for IT support jobs
- Search for graduate IT jobs
Search IT sectors:
- Search for banking and finance IT jobs
- Search for public sector IT jobs
- Search for telecoms jobs