On our last blog post “Know your community” we interviewed Orange Tsai from Taiwan. Today we had the honor to interview Eva Tanaskoska!
Eva is 23 years old, just finished her Bachelor studies in Network Technologies and in the near future will move to the Netherlands to work in the information security industry.
Q: What was the motivation to get into the security field?
A: Game hacking is what initially got me into the infosec field (though I must clarify, I despise cheating in games! My area of interest was mostly model editing in World of Warcraft, which does not provide competitive advantage). From there, I started browsing hacking forums that drew my attention and learning about information security bit by bit, eventually deciding that I want to pursue a career in information security.
Q: What is your expertise in the security field?
A: I’ve always been fond of network security and operating systems, so I’d say those are my strongest sides in the field. I’m quite interested in Linux due to its open-source nature, which provides the advantage of being able to play around with the system and learn how it works. I’m also interested in computer forensics and incident response, though I haven’t had many opportunities to advance my skills in this area so far.
Q: Why did you decided to specialize in offensive security?
A: I strongly agree with the saying “The best defense is a strong offense” because I believe that you must be familiar with the vulnerabilities and attack vectors of a system before you’re able to defend it properly. I think a lot of security experts do not pay enough attention to the attack methodologies, missing out a wire array of potential threats with the defense-only approach.
Q: What is the most innovative project you did as offensive security researcher?
A: I believe that would be my current project, which is focused on profiling Linux’s security measures through research and identifying the most abused and critical parts in Linux’s security infrastructure. These are a lot of areas that still need to be explored and analysed thoroughly, so that’s where I’m planning on focusing my future research.
Q: Where and how did you learn to be an offensive security researcher?
A: I’m mostly self-taught, learning from forums, blogs, whitepapers, videos, etc. I must also mention that I’ve had an amazing mentor, named Hans-Michael Varbæk, that helped me greatly in the beginning by guiding me through the vast cyberspace to the relevant and useful information.
Q: Since 2014 you are part of Zero Science Lab. In 2016 Zeroscience reported 97 (!) vulnerabilities. How many team members are there in the Zero Science Lab?
A: There’s no fixed number of team members, it’s constantly changing.
Q: What is the team goal?
A: Zero Science Lab is a community of researchers and engineers interested in the information security field. It’s an open community and everybody willing to contribute with their skill and knowledge is invited. Our aim is to share knowledge and spread awareness about the imminent threat of cyber attacks that are only going to get more prevalent in the future.
Q: Why did you decided to join the team?
A: Zero Science Lab is one of the few security communities in Macedonia, so I thought it is a nice opportunity to share what I know and meet other people from the industry.
Q: did you take part in the vulnerabilities research?
A: So far I haven’t done any zero-day research as I’ve focused my attention on other things, but I’m definitely planning on doing so in the near future.
Q: I read your articles, and all of them focus different aspect of offensive security – XSS / Linux execute permission mechanism and how to exploit it / encryption.
What is your current research?
A: I just finished my graduation thesis research recently, on the subject of remote exploitation in the Linux kernel. The focus of the research was to identify the most vulnerable subsystems in the Linux kernel that are prone to remote exploitation, as well as to narrow down the protocol implementations that have been known to be poorly designed in terms of security.
Q: How big is the Macedonia security community?
A: Macedonia is a small country and has a rather small security community, however I’ve noticed that with the recent developments in the field that made it out in the public, interest in the field has begun to grow, so I’m hoping the community will soon expand.
Q: How are you supporting the security researchers community today?
A: I’ve always offered guidance and mentoring to people interested in learning about information security, and I still do. I’m here to help anyone who’s a beginner in the field and feels lost between all of the information in this fast-paced field by providing them with materials to advance further in their areas of interest.
Q: I saw that you work as a Coordinator and Mentor in NewMan’s Business Accelerator. could you please tell us more about that?
A: Newman’s Business Accelerator is a cloud academy provider that offers courses in new and developing fields, such as cyber security and animation. The aim is to put focus on fields that have huge demand, to meet the needs of the market by training young professionals with practical examples from experienced mentors.
Q: What kind of services the company provides?
A: Beside the cloud academy, the company offers a multitude of different services, such as co-working space, a prototyping studio where innovative solutions are developed, a SmartUp center training future entrepreneurs, organising hackathons and competitions, etc.
Q: What do you teach there?
A: Since I will be moving soon, I no longer teach there, but I used to teach three subjects:
- Computer Networks and TCP/IP: an in-depth introduction to the TCP/IP model and the networking protocols.
- Network Penetration Testing and Ethical Hacking: a practical course that involves the procedures used in real penetration testing.
- Computer Forensics: introduction to computer forensics, mainly focused on file system forensics, memory forensics and network forensics.
Q: How is that to be a woman in the security filed?
A: I’ve always been treated with respect by my male colleagues in the field and there’s always been that reaction of surprise when people first find out about my profession. Unfortunately, I haven’t met a lot of women working in information security, but the very few that I’ve met, have proven to be very creative and skillful additions to this growing industry.
Q: What’s the single piece of advice you would want to give any young woman seeking out a career in the security filed?
A: Don’t be afraid to pursue a career in a male-dominated profession – women’s expertise is greatly needed if we’re to solve the skill gap that the industry faces today. Don’t miss out on a fun and lucrative career because of the stereotypes!
It was a pleasure, Eva, to talk to you