Last time, I got to speak with Leila Powell. She went from astrophysics to an exciting career as a security data scientist.
This time, I have the pleasure of speaking with Veronica Schmitt of DFIRLABS, otherwise known as @M4lw4r3z_G1rl. She enjoys reverse engineering code, and she considers herself to be a cyborg!
Kim Crawley: Please tell me about what you do and what led to your cybersecurity career.
Veronica: I have been in the infosec community since the age of 18, straight out of school. I have always loved anything technology-related. I started working as a data capturer in our the Special Investigating Unit in South Africa where I ended up doing work helping with networks. This led to me falling in love with digital forensics and incident response. At 19, I got my pacemaker implanted, and I became enthralled with how these devices are protected.
I am one of two directors in our private practice called DFIRLABS. I have now moved more over to the field of malware analysis and incident response. I am also busy with my Masters Thesis on the similarities between ransomware families, which is very interesting. More so my passion at the moment is reverse engineering malware and doing research on the protection of medical implantable devices in terms of protection from hacking and malware.
KC: What are some of the challenges that are specific to reverse engineering?
V: The main challenges for me was when I started out and learned how to learn to read assembly code, but I was blessed with an amazing support system, both male and female. My biggest inspiration is Malware Unicorn, but currently, my biggest challenge is that the code has become complex and I have had instances where the decompiler itself has failed. It also can take time when obfuscation is used.
KC: What are the biggest misconceptions about what you do?
V: The biggest misconception for me has been that people do not understand the skill which goes into digital forensics and information security. They seem to believe the Hollywood version of you press a button and find the evidence. This sounds very sexy to people, and they expect that the reality is much the same. Where the reality is far removed from the Hollywood version. We spend hours and hours going through digital artifacts looking for a needle in a haystack. When you investigate a hacking case, people think it is just as easy to follow the trail. Well yes, if the trail was not muddled with other events taking place at the same time. I wish there was a “find evidence” button similar to the Hollywood versions.
KC: What do you think the biggest problems in cybersecurity are these days?
V: In my opinion, we should be asking ourselves about how we have organized crime groups operating malware campaigns, but we do not have organized cyber security support teams that share information. We as cybersecurity professionals should report breaches and share information. We also need to decide whether we want to concern ourselves with auditors and compliance or defend ourselves against actual threats, as both are not always possible. Additionally, we should have more collaboration between red teams and blue teams where both understand the opposing team. Sharing is caring, after all, unless you have malware on your machine.
KC: Has any of your reverse engineering of malware given you insight into some known cyber warfare techniques?
V: The biggest thing I have learned in terms of ransomware specifically is that there is a lot of commonality and it seems to be exploiting Windows successfully. The sophistication level has also increased with each campaign. For example, ransomware has evolved now to employ techniques similar to worms as far as moving about in a network. Ransomware-as-a-service is a huge problem because each campaign is becoming more sophisticated and forever changing. The one thing that makes it successful is to hide it in legitimate processes in legitimate code.
KC: Is there anything else you’d like to add before we go?
V: We need to inspire others to continually learn, not berate them for making a mistake. We should use that as a teaching moment to share wisdom. We also need more female interns in this field. We need to place them in the right mentor group and develop these beginners into strong independent cybersecurity professionals. I love being a gen one cyborg with a built-in computer heart protecting the perimeter and acting when it has been breached. This has driven me to make a difference to educate and to keep fighting.
About the Author: Kim Crawley spent years working in general tier two consumer tech support, most of which as a representative of Windstream, a secondary American ISP. Malware-related tickets intrigued her, and her knowledge grew from fixing malware problems on thousands of client PCs. Her curiosity led her to research malware as a hobby, which grew into an interest in all things information security related. By 2011, she was already ghostwriting study material for the InfoSec Institute’s CISSP and CEH certification exam preparation programs. Ever since, she’s contributed articles on a variety of information security topics to CIO, CSO, Computerworld, SC Magazine, and 2600 Magazine.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.