What makes a good security researcher?

Based at the Nanyang Technological University, Jakub Pruzinec (Security Researcher) has undertaken research in OS security, web security and malware analysis that has been leveraged by security practitioners and academics around the world. 

We asked him how he started out as a security researcher; and delved into the personal characteristics that make a person well suited to this kind of work. Here’s what he told us.

Could you briefly share your career journey so far – particularly any pivotal moments that led you down the path of security research?

“I became interested in cybersecurity during my studies at Brno University of Technology in Czechia. Unfortunately, the university did not offer specialisation to undergraduates at the time, so I studied security on my own. This led to an internship at Avast (Gen) Antivirus, where I reversed PE malware and designed detection features. After graduating, I sought opportunities to do research and get references that would later help me in applying for a PhD. 

“I cold emailed professor Liu Yang at Nanyang Technological University, who was looking for postdocs for anti-virus efficacy testing. I was a fresh graduate at the time, but stars aligned and I was offered a position as a research associate. This is where I met Quynh Anh Nguyen, my exceptionally knowledgeable and supportive supervisor, with whom I spent the following four years. He taught me a great deal, but most of all, he passed his ‘that looks cool, let's check it out’ attitude on to me.”

What's the most exciting thing about your job?

“I love the fact that there is no predetermined path to expected outcomes. Sometimes, even the objectives themselves are undefined, giving you complete creative freedom to invent whatever might be useful. As long as you deliver, you are free to study and delve into areas that interest you.

“Additionally, there is something exciting about venturing into unknown zones. In security research, you often find yourself in places not intentionally accessible, messing with systems in unprecedented ways. It is exciting to be the first to try something out, to look into it. Everything is intact; it is like skiing off track.” 

What are the personal characteristics that you think make you good at your job?

“The most crucial trait for researchers, in my opinion, is the ability to deal with failure. Lots of ideas prove impractical, tons of paths require enormous effort and lead nowhere. Learning to recover quickly is crucial.

“Also, research requires constant learning, so you have to read large volumes of publications, code, and documentation. Not everyone finds this super exciting, but it drastically improves your ability to generate working ideas. Naturally studious and curious people are at an advantage.”

When you’re not working in cyber, you practise Muay Thai – are there any learnings you've taken from martial arts that feed into your security work?

“Muay Thai is the polar opposite to what I do in the lab. If you get too analytical and start to ponder, you get smacked. There is not much overlap between the two, but that is what makes it fun.”

Finally, could you describe your best experience at Black Hat MEA 2023?

“Speakers have the opportunity to visit Boulevard World near Riyadh. It’s a 40-minute bus ride, during which I met Vikas Khanna. It turns out we had a lot in common as foreigners of similar age living in Singapore, so we hit it off right away. While I enjoy listening to OG hackers from the pre-cybersec industry era, it is also great to connect with your peers. At BHMEA you get to do both.”

Thanks to Jakub Pruzinec at Nanyang Technological University. Join us at Black Hat MEA 2024 to immerse yourself in the global cybersecurity community.