It Works on My Machine: Why and How Engineering Skills Matter in Threat Research

DISCARDED: Tales From the Threat Research Trenches - A podcast by Proofpoint

Categories:

The Discarded Podcast team is gearing up and working hard for a new season! Until then we have a special Re-Run treat--one of our favorite episodes! Enjoy!Engineering skills can play a massively beneficial role in cyber security, as Pim Trouerbach, a Senior Reverse Engineer at Proofpoint and Jacob Latonis, Senior Threat Research Engineer at Proofpoint, are able to share. They emphasize the importance of understanding the requirements and context of security researchers to build effective tools. The conversation touches on the potential impact of AI and LLMs (large language models) in threat research. While AI tools can be valuable for entry-level tasks, the context, experience, and expertise of human engineers are essential for handling complex code and understanding threat actors' behaviors.Join us as we also discuss:[02:59] The uniqueness of engineering skills in understanding researchers' requirements for data cleaning, tool development, and working in a security environment.[11:06] How the versioning in malware samples can provide insights into the threat actors' behavior and trajectory.[13:24] How malware is simply software with malicious intent, and how practices of developers and threat actors can overlap.[17:10] The tools and techniques used by threat actors, including obfuscation and encryption methods.[21:42] The importance of context and experience in writing tools and understanding researchers' workflows.For more information, check out our website.