Story image

Exclusive: A better future for women in cyber security

Recently IT Brief had the opportunity to sit down with Noushin Shabab, the senior security researcher for Kaspersky's GReAT team. We discussed how she got started in cyber security as well as her goal to inspire more woman to join the industry. 

So you’re one of the senior researchers for the GReAT team, can you tell me a bit more about this team and what you aim to accomplish? 

GReAT is a research group comprising of 40 people all around the world. We have a major presence in APAC and in Europe and we all work together to uncover major cyber threats and cyber espionage activities. We usually try to focus on our own regions but when one of us uncovers something major we all try to work together to solve it. 

So for myself, I usually focus on Australia and New Zealand, but because I'm part of the APAC team, and there's not as much happening in Australia and New Zealand as there is in other parts of the APAC region I spend my time working on cyber attacks happening in other parts of the region.

Since we just touched on A/NZ what are some of the biggest threats in this region? 

We have some problems with banking Trojans in Australia, I'm not sure about New Zealand. But I think the problem carries over just not as extreme as in Australia. So we’ve been monitoring this over a few years now and every year we see Australia among the top targets for banking Trojans. 

We have also seen Australia among the direct or indirect targets of some APTs in the past few years but the situation is not that bad.

In terms of the targeted attacks and reverse engineering them what's that process like, and how did you go about it? 

We have different techniques to detect suspicious activities in the customer's network from the signatures of previously known malware to heuristics and more generic signatures to match with a new component of old attacks or behavioural systems to understand the suspicious behaviour. 

So when we collected the suspicious files or components, we start looking into the files and into the like suspicious components, if it's a compiled file, that's where the reverse engineering process starts.

Without going into too much detail we then work back piece by piece until we understand how the malware works and where exactly it came from. That's how we shape the whole picture of that tech, how it started, what it does, what it's after; if it's money or if it’s information and then most importantly what is next. Once all of that is done we aim to prevent future attacks. 

So just to switch gears for a moment, as a successful woman in tech what would you say to girls to encourage them to pursue their dreams in technology? 

In Australia, we have collaborated with different organisations and different campaigns to help new people especially female university students, high school students or even people who are working in the technology field, but not in cyber security, to get more encouraged and interested and involved in cyber security. 

One example is the Australian Women in Security Network (AWSN). There is a community in Australia which is called AWSN and it's a big community now, it's been for a few years and we are trying to help women get more involved in security and there was a campaign that we started like two years ago which is called AWSN and candidates. 

It's for a small group of female university students, I provided the first technical workshop for the students to get them more familiar with reverse engineering and what I do, how it works in the defensive part of cybersecurity and IT. The group is now growing to I think 60 students.

On a different note, I'm happy to see more and more female speakers as the main speakers at conferences. It used to be such a male-dominated space but it shows to our peers that we are every bit as dedicated and talented if we can showcase our work and discoveries in front of them. It is amazing to be part of such an important movement. 

Disruption in the supply chain: Why IT resilience is a collective responsibility
"A truly resilient organisation will invest in building strong relationships while the sun shines so they can draw on goodwill when it rains."
The disaster recovery-as-a-service market is on the rise
As time progresses and advanced technologies are implemented, the demand for disaster recovery-as-a-service is also expected to increase.
Cohesity signs new reseller and cloud service provider in Australia
NEXION Networks has been appointed as an authorised reseller of Cohesity’s range of solutions for secondary data.
The key to financial institutions’ path to digital dominance
By 2020, about 1.7 megabytes a second of new information will be created for every human being on the planet.
Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
What disaster recovery will look like in 2019
“With nearly half of all businesses experiencing an unrecoverable data event in the last three years, current backup solutions are no longer fit for purpose."
NVIDIA sets records with their enterprise AI
The new MLPerf benchmark suite measures a wide range of deep learning workloads, aiming to serve as the industry’s first objective AI benchmark suite.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.