From Russia with Code: A Malware Analyst's Journey Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

From Russia with Code: A Malware Analyst's Journey

August 11, 2025 • Joe South • Episode 198

Send us a text

Sergey Novikov shares his fascinating journey from early days at Kaspersky Lab through his evolution as a malware analyst and cybersecurity expert, offering unique insights into the changing threat landscape and ethical considerations of security research.

• Started at Kaspersky in 2002 when it was a small startup with fewer than 100 employees
• Applied mathematics background led to research correlating human epidemic models with computer virus propagation
• Worked as a "woodpecker" malware analyst detecting threats 24/7
• Became part of Kaspersky's elite Global Research and Analysis Team (GREAT)
• Team took pride in identifying APTs regardless of national origin to protect customers worldwide
• Described security researchers as "paleontologists" uncovering complex digital threats
• Participated in analysis of sophisticated threats like Stuxnet requiring specialized knowledge
• Left Kaspersky in 2022 after Russia-Ukraine conflict began
• Transitioned to pharmaceutical industry cybersecurity before joining CyberProof
• Observes modern threats have blurred lines between nation-state actors, cybercriminals and hacktivists
• Believes cybersecurity professionals must maintain perpetual learning mindset
• Recommends self-learning and hands-on experience for aspiring security researchers
• Notes AI is enabling more agile, automated attacks rather than quantum computing threats

Connect with Sergey on LinkedIn or visit cyberproof.com to learn more about their security services and research blog.

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1: 0:53

Well, how's it going? Sergey, it's great to get you on the podcast. You know we've been talking about doing this thing for a while now, right and very selfishly. I think I had to, you know, reschedule a few times because I have a newborn in my house and you know she just takes over. Yeah, thank you. She just has a way of taking over everything, right?

Speaker 2: 1:15

I can imagine I'm a father of three boys slightly older than your kid as well, but still it's like a lot of homework with them and a lot of managing at home different stuff. But again, thank you very much for having me. Yeah, it was long awaited, but a great honor to join your podcast.

Speaker 1: 1:33

Yeah, yeah, absolutely Well, sergey, you know why don't we start with you telling my audience? You know how you got into IT, how you got into security. What did that journey look like? Was there something that piqued your interest early on and then you started, you know, working towards it, or what does that look like for you?

Speaker 2: 1:59

that's probably an interesting story, I don't know. Listen, I was like, even being a small kid, I was like looking to different kind of technologists. I was one of the first in school who had the mobile phone, back in 90 something, 96, 97 and I was again one of the first who had a kind of an old pc at home, like I try, I. I was kind of a geeky style person looking to different kind of an old PC at home. I was kind of a geeky style person looking to different kind of technologies. And then I was a big fan of different mathematical classes and so on and so forth and I went to study applied mathematics at the university and then again it was not specifically to the cyber. I was interested in IT in general and I worked as an IT administrator in different organizations when I was kind of a student, first in first courses, and then somehow again I found the position at the beautiful AV vendor classical legacy AV vendor called Kaspersky and I was like wow, that's interesting. And even though even like that wow is maybe not the really truth, because I joined the company in 2002 when the company was a family, small startup, to be honest with you, less than a hundred people were in the company when I joined there and somehow it was like quite interesting, the entire journey of like protecting information data from different customers all over the world. That was like come on, quite challenging on one hand and interesting on another.

Speaker 2: 3:23

And back in those days, let's say after one or two years, there was like I don't know, maybe you were too, too young those days, but I don't know there were like huge global epidemics let's say I love you, susser, my doom Bagel, all this kind of a giant epidemics of computer worms and it was very again challenging to mitigate them, to understand how they work, how they distribute and so on and so forth.

Speaker 2: 3:53

And studying applied mathematics, I did an interesting thesis about predicting the propagation of malware epidemics and we did a correlation with the old medicine kind of models which we use from old real human epidemics and we tried to correlate it with the computer viruses, which again was quite interesting and interesting to apply it on a daily, daily work of being a malware analyst. So this is how I kind of come first in the cybersec industry and then I become a malware analyst and I did like at kaspersky. Every malware analyst we call themselves uh, we call those guys woodpeckers as soon as they're like pecking on the keyboard and trying to identify, detect malware in shifts 24, 7, 365 days a week sorry, 365 days a year, and so on and so forth. It was quite quite crazy, crazy, interesting time.

Speaker 2: 4:43

And yeah then, doing different kind of like malware analysis, reverse engineering job, different kind of a small research development project I started my PhD related to again the same, more or less same subject of spreading and mitigating computer outbreaks, malware outbreaks and then, after a few years, when Kaspersky decided to create and found the famous global research and analysis team, I become a member of that team and afterwards like managing that beautiful global team from Moscow, being part of an incredible investigation. I suppose many of your audience have seen, read, listened to different kind of presentations at different conferences all over the world.

Speaker 1: 5:27

Wow, that is. That's fascinating. It's like you know, you kind of jumped into the deep end, starting out like right off the bat.

Speaker 2: 5:34

It sounds like Not necessarily, but yeah, yeah, it was a journey and kind of a different different things, different milestones, different, very, very interesting research projects and again being part of a vendor.

Speaker 2: 5:48

Yeah, you know it, it's always kind of a why do I like this kind of work, why do I like this industry? It's like always something you it's on a daily basis. You're learning, you are chasing those cyber criminals. You're like looking to, to their ttps and their behaviors and you're trying to mitigate them and be a little bit one step before, like being being proactive in in mitigation and it's it's always. It's always very interesting. Especially again, besides all this kind of vendor stuff, you're part of the most famous research team in the industry, in my opinion at least, how I see it, and of course, I suppose everybody has different opinions, but I think back in those days, kaspersky's great team was the top-notch researchers. Again, a lot of hands-on stuff. I was more focusing on kind of a team leadership, management or a kind of a motivation stuff, but also I had my hands dirty in a couple of different research projects as well. So, yeah, especially again working with so smart people from different countries, different regions, with different kind of an approach to work, different mentalities. I was like, come on to be honest, wow, wow, interesting, good old times. Today I do not provide any comments about what the company looks like today or what the great team is today, but it's not. It's a completely different story.

Speaker 2: 7:12

I left Kaspersky just after this geopolitical tensions between Ukraine and Russia when the war started. So I spent almost 20 years in the company, starting there in 2002, leaving the company in 2022. The war started at the end of February and, like again, everybody has their own kind of red lines and maybe that particular crazy stuff was my kind of end of my career in that beautiful company. First of all, me and my family. We relocated from Russia to another beautiful country called Israel and that was an obvious kind of reason to leave the company Kaspersky. And after being almost 20 years there, I decided to look at the security domain. Like being inside the vendor for so long, I said, like beautiful, that's maybe a little bit too much. Let's look at the security domain from like another angle, from completely different domain.

Speaker 2: 8:08

And I joined one of the biggest pharmaceutical enterprise companies also doing kind of a cybersecurity research. So I was leading their cybersecurity research center, which then again consisted of classical red team, not so classical but strategic blue team and classical threat intelligence Like it's a giant organization and they're investing a lot into cybersecurity as soon as their intellectual property is one of the key asset A lot of crown jewels, a lot of like important information, critical information to protect so they're investing into ISR jewels a lot of important information, critical information to protect. So they're investing into ISRM a lot. And yeah, it was a completely new world, new experience for me.

Speaker 2: 8:45

Being inside the vendor and then inside the giant enterprise organization was such a crazy change, to be honest with you, but interesting. It also based on my knowledge and my vision and my experience. It gave me really a lot. And now I'm very happy to be somewhere in the middle, which is a security service provider. We're not a vendor, we're not an enterprise, but we're working with so many different cool vendors protecting different giant enterprises all over the world. And there's a beautiful MSSP called Cyberproof and I'm responsible for a bunch of security services we're providing, including kind of a use case management. This is mainly like detection engineering so part of the detection piece and automation on top of this, providing response and then advanced threat hunting and cyber threat intelligence. So those kind of three services I'm responsible at the moment.

Speaker 1: 9:41

Wow. So there's a lot that I want to dive into. With your 20 years at Kaspersky, it's really fascinating to me because I was actually a customer of Kaspersky for a long time and I would get critiqued by it, right, like, why are you going with this Russian product and everything? But you know, genuinely, I trusted that. You know, even though it was a headquartered, you know security product in Russia, I still believed, you know, that Russia probably wasn't monitoring it or, you know, didn't have like a backdoor or whatever. I did trust the product or whatnot. And I want to maybe backtrack just a little bit. Right, when you were researching the malware, did you ever research, you know, like Stuxnet or any of these, like infamous pieces of malware or hacking tools, even right, that was, you know, disclosed by Snowden potentially? Did you ever like reverse engineer any of those? You know, what was it like potentially, if you did?

Speaker 2: 10:46

Me personally, yes, again, not a lot, I'm more focusing on kind of a leadership or guiding the guys of where to go and why to go there. And not only that, but again my team, my folks, they did a lot of reverse engineering of those kind of NAPTs and it was one of the most sophisticated stuff we've ever seen in our lives. Again, the most interesting and one of my colleagues called it like we're doing paleontology the most interesting piece was to again to track those kind of anomalies in the traffic. We analyzed so many kind of different logs to hunt for those anomalies, to hunt for those kind of interesting, spicy stuff which is not common. Yeah, and we were quite successful those days. Definitely not now and maybe not the last many years, but at the beginning we were very, very successful in finding maybe the biggest amount of APTs. And what I'm again talking about geopolitics and talking about this Russian vendor, what I'm really proud of and I can say it without any doubts and it's not a marketing terminology it's like the thing we did really believe in. We identified any APTs, no matter what. We identified a lot of Western APTs. We found out a lot of Russian APTs, ukrainian APTs, middle Eastern, chinese, north Korean.

Speaker 2: 12:09

We didn't really care Like, at least at the beginning, and maybe like people in the West, they looked at the Kaspersky and thought that what are you guys doing? Why are you doing all this? And at the beginning we didn't monetize it anyhow. We didn't even have our own Kaspersky threat intelligence service. We launched it after a few years, but I saw it, at least on my level. I saw it kind of a Robin Hood of internet. We didn't care of the origin of this kind of a state-sponsored attack. Our main goal was to protect our customers. Our main goal was, as soon as Kaspersky had customers all over the world, as you're saying and I appreciate this a lot, your trust it means like a lot, at least to me who was like almost 20 years at Kaspersky. Thank you for this. So Kaspersky had the customer base all over in the US, in different Western countries, in Europe, of course, russia, middle East, latin America, all over. We had those days. We had so huge telemetry and it was interesting to analyze this telemetry.

Speaker 1: 13:35

Yeah, I bet I remember when I was doing my figure out, you know the ins and outs of a piece of malware or whatnot, and I actually remember, you know, during my master's program I applied to Kaspersky. I didn't get the job or anything, I didn't even get a phone call, but you know it was widely known in the industry even at that time that, like you know you want to do, you know some cool stuff, you want to go do malware, reverse engineering. Like there's two players, kaspersky is the best one. Like you should be going there. You know, if you want to be the best, you have to go, work with the best, you have to go. You know, live it, breathe it. You know, and that was widely known in the industry. I mean that was a very highly lucrative company to work for. Even I mean like that's. Even. You know I'm in America. Right, I've never been to Russia. I would actually love to go to Russia. I would like to see it because I like to travel and see the history and everything like that.

Speaker 2: 14:30

Not necessarily now. Not necessarily now.

Speaker 1: 14:32

Sorry to interrupt. Right, right, right.

Speaker 2: 14:33

But when this whole shit will end? Definitely this whole shit will end, definitely. It's a beautiful place. It's a beautiful place, trust me.

Speaker 1: 14:46

Yeah, but you know I say that as coming from, you know, an American looking at a Russian company and saying like, yeah, I want to work there. You know, I mean like if they would have offered me a job in Europe or Russia or something, at the time, I would have been like all right, bye, mom, I'm going, you know. Like you know, it doesn't matter, respect, I'm going, you know it doesn't even matter.

Speaker 2: 14:58

Respect, I'm so happy to hear it.

Speaker 2: 14:59

Listen, in this global research analysis team, definitely, we had guys in the US and maybe you know some of those names pretty famous people in the industry, and I was pretty proud to work with those guys to recruit those guys. Unfortunately, we didn't recruit you. Yeah, my fault, you can always blame me about this but yeah, it was a great, great honor to, to to be part of this still russian company, having working with like people all over the world, including us, east coast, west coast because first came back in those days, we did have a bunch of offices in the us. That market for, of course, was like, was like very important market for us, but then all those geopolitical tensions started I don't remember 15, 16, maybe I'm wrong already, but yeah, when all those geopolitical tensions started, that's it, goodbye. And still, even after I left the company in 2022, we still had, for one or two more more years, several people working in the US From a research perspective not only business, not only kind of sales, but also a few researchers still worked at the company even after 2022.

Speaker 1: 16:15

So you know, in America, right and this is like pretty well known, I'm not saying anything, I probably shouldn't say or whatever, right, but in America, when a research team at say, microsoft or Google or Apple, whatever right, let's say a zero date, you know there's a backdoor communication to the NSA, to the CIA, and say they always say, hey, I found this thing, can I disclose it right, or can I patch it? Now, me personally, I would assume a similar thing happens. You know, at Kaspersky right in Russia. I don't see why not. But did anything ever like that ever take place? Because it would make sense, right, russia's operating in the best interests, theoretically, of the Russian people. It makes sense for them to be plugged into the research side of that world, of that company. Was anything like that ever take place or anything that you could even talk about? You know, I don't want to put put you at potential risk of saying something.

Speaker 2: 17:23

It's first of all, no worries about this.

Speaker 2: 17:25

Second, again, I don't, I don't have it handy, but we did have a bunch of zero day announcements to vendors like certified by google or microsoft. So they acknowledged my great guys for those findings. So we report, we report those zero days to the vendors and again, answering your tricky question, I'll tell you like at least I don't know, I again, my guys, and I know it for sure, my guys at Global Research and Analysis team, they reported to the vendors any findings and they never reported to any kind of agencies anything like this. So it was kind of a kind of and yeah, I'm, I, I trusted this to my team and I can't say anything for the rest of the company. And again, my my team back in those days, just for your, for your information, and I suppose it's more or less known, it's kind of elite researchers, it's elite reverse engineers, in my humble opinion, one of the best in the industry Again, finding vulnerabilities and doing reverse engineering slightly different things, but still, even my guys, they found a bunch of different zero days.

Speaker 1: 18:34

Yeah, it's just, you know it's a fascinating situation, you know to kind of think about, right. So you know it's a fascinating situation, you know to kind of think about, right. So you know, if I were to or if someone were to, you know, try and get started today. Right, try and get into malware, reverse engineering today. What would you recommend that they do? Where should they start? Is there a book that they should get to go through? And, you know, set up a lab at home. I mean, there's a lot of databases out there with a bunch of, you know, different kinds of malware in it that you could potentially download and hopefully you don't infect yourself and you know, reverse it right. But what do you recommend for people that are trying to get started?

Speaker 2: 19:16

Listen, the simple piece of advice, at least from my side, if you do want to focus on reverse engineering, which is slightly strange nowadays, right? Yeah, I don't know so many people focusing on reverse engineering, but still I know, by the way, very cool young minds, at least in the country where I live now. They're such crazy, interesting people and they're becoming more and more so. It's about self-learning. It's about there are so many different courses available online. Just watch it, read it, play with it. The more you have your hands dirty, the better. As you said, set up some kind of a lab environment at home. Be careful with all those payloads. I don't know. And it's just about like the obvious question is why do you want to do it Like? What is your main interest?

Speaker 2: 20:09

My usual kind of reply and vision and I did, like so many different lectures in different universities, not only in Russia, in many different places, like people are asking how do you define? Is it like a good reverser or a bad reverser? And you can't define it on the first interview, right? But the obvious thing is that when you're bored by developing, you're not interested in the development. Development is boring when you're a big fan of cracking, when you're a big fan of broken something when you're a big fan of cracking, when you're a big fan of broken something when you're a big fan of hacking something. That is the story behind the good reverser in my experience. But yeah, it's more or less. There is no any kind of university or college where you can learn for reverse engineering. It's mainly about a huge amount of time you're investing to self-learning.

Speaker 1: 21:03

Yeah, no, it makes sense.

Speaker 1: 21:05

A long time ago I tried to go down a little bit more of that path, right, to learn it a little bit better, and I will when I'm done with my PhD.

Speaker 1: 21:15

But I just remember trying to get I think it was like the Cuckoo Sandbox, I think it might have been I tried to get that thing working and I just could not figure out how to get it working properly to, like you know, properly configure it and have it sequestered off from the rest of the device and the internet and everything. And I spent probably like a month just trying to get that thing to work. But it, you know, it's a really fascinating area, right, because I'm I'm not a fan of coding myself, you know, like it doesn't pique my interest, it's quite boring. I'm much more about figuring out how it does, what it does behind the scenes, you know, and stepping through it like that, right, like that's what piques my interest and that's kind of where I'm. I think that's kind of where I'm going, you know, in my career path, right, like more of a security researcher side at this point, because you know it's like the Joe why nobody called you back when you, when you submitted to Kaspersky position Right?

Speaker 1: 22:22

Again my fault. I'd still be there today.

Speaker 2: 22:23

Yeah, it's fascinating, you know, and it's very interesting.

Speaker 2: 22:25

I mean, again, another thing I truly believe in and it may sound stupid, I don't know, but when I was talking a lot to different students in different universities, I said, like you won't even believe how interesting it is.

Speaker 2: 22:38

You won't even believe how interesting it is you won't even believe that only again, on a daily basis you're learning, you're kind of gaining this interesting experience and what I also tried and I did really believe in this when you show to those young minds the light side of the story, the thing that you can do kind of reverse engineering like hacking, in a kind of a blue teaming in a defensive way, in a kind of reverse engineering like hacking, in a kind of a blue teaming in a defensive way, in a kind of a constructive, positive way, and you can also earn good sellers, you can build your brand, you can deal with so many interesting pieces of code analyzing this code.

Speaker 2: 23:16

That's how I try to motivate those young mites to look to the kind of defensive side of the story. Well, again, I honestly do believe you can't do a very good defensive without knowing good defensive. So it's always kind of a balance. It's quite challenging for me, based again on my background and my kind of a vendor experience, but I still believe that you have to learn both sides of the story. You need to learn all those kinds of offensive tricks and what are they doing? How do they operate all those kinds of offensive exercises to again to evolve your defensive skills as well.

Speaker 1: 23:57

Yeah, no, it's really fascinating. I read the Stuxnet book written by Kim Zetter I think it was Zetter. Yeah, it's a beautiful book, by the way, it's a okay. Well, how interesting can she really make? You know, a piece of malware like sound, you know.

Speaker 1: 24:24

But then you, you hear about it and I mean my my first impression, right, when I heard, okay, there's different modules that are encrypted, with different keys, written in different languages, languages that aren't even taught anymore, right, like the people that were reversing it had to go like find these books that haven't been opened and read in years, to go and see what the language was, to actually figure out what the module was doing in the code.

Speaker 1: 24:52

Right with, that piqued my interest, like that kind of it almost like cracked my mind open to hearing what's actually possible. You know, because you always think about it in terms of, like it's A to B, maybe there's a C stop in this thing, you know. But you always think, okay, it's not that deep, it's not that complex, it's not that, not that crazy, right, but then you see this level of sophistication and I mean it, just it just blew my mind, right, like it just completely blew my mind, kept me captivated even to this day. You know, I mean, like I, my wife can't stand me talking about it, you know. But like you know, you get me going down that rabbit hole. I mean I'll talk for days on.

Speaker 2: 25:37

I mentioned this paleontology stuff. It's an interesting term. We saw ourselves, the entire team, as the team of paleontologists. And again, a quick comment about this is that, first, during the last five, seven, maybe seven plus years, there are not so many announcements anymore. There are not so many big APTs anymore. Do you know why? Yes, what do you think?

Speaker 1: 26:03

I mean, I would assume that a lot of them are being used and deployed right now and so it's kind of being sheltered in the community somehow.

Speaker 2: 26:12

We don't know about them, we don't know. So what we see and what we know is like just a peak of an iceberg. I do believe in this. First of all, I don't know this is kind of my assumption but I'm pretty sure that there are so many high-level, very, very sophisticated, state-sponsored APTs that we simply I mean that makes sense.

Speaker 1: 26:36

You know like, we're not aware of them until it's like already done its thing right, until it's already done its damage. I mean with Stuxnet, it was in Iran's nuclear facilities for years, apparently, and I mean when I heard that they ripped out every cable in those facilities, you know, and replaced it three, four, five times over. I'm sitting here like man. If I was that engineer, if I'm still alive at the end of all that, right, I mean I still have no answers. You know, like, how do you explain? Okay, I ripped out the entire infrastructure, shredded the servers, shredded the cables, and this thing is still in our network and we don't even know where it is. You're right, you're right.

Speaker 2: 27:28

Joe, may I ask you another tricky question at least, or at least the kind of a question that community is talking about quite a lot, and I'm thinking myself about this a lot and I don't have like a proper answer, to be honest with you, but I wanted to share it with you and maybe it will be interesting for your audience as well. What about kind of again nation state actors which are doing counter-terrorist operations? Do vendors should detect it? Do researchers should detect it or not? And how do you know when you're found something that it's a counter-terrorist operation?

Speaker 1: 27:56

Yeah, that's an interesting question, right. That's an interesting question, right. That's really hard, because if it is like, let's say, you're an American company, American research team, right, and you discover something that, like the NSA or the CIA is using in an active mission, you know they're not signing their code with hey, this was the NSA, right, there may be different markers in it like this technique.

Speaker 2: 28:27

We'll interrupt you for a sec. This is more or less I know what you will say next, like more or less understandable situation. But if you're not an American researcher, if your research team is not based in the US, if your research team is based, let's say, in some neutral place I don't know Swiss and you found some NSA operation Again, I'm just imagining. I'm sorry for opening this discussion, but I'm thinking about this a lot. Where is this fine line? Where is this fine line and how to understand? What exactly did you find?

Speaker 1: 29:04

this fine line and how to, even, how to understand what exactly did you found? Yeah, I think so honestly. I I think research teams themselves should be unbiased, you know, regardless of the country that they reside within. You know they need to be unbiased because if they're not, if they, if they are biased, then you, then you're going to have an American company that's only disclosing Russian or Iran APTs, right Like the enemy APTs, but none of the NSA, right? That feels unfair and wrong, to be honest with you, because everything in security is built on trust, whether you're talking about a network or me to you, right Like there's some level of trust there that takes place, and I think when, especially for the research community within cybersecurity, I think once the trust breaks down there, the whole community as a whole begins to break down and you know you can no longer then trust your vulnerability scanners, you can't trust all the threat intelligence that you have and all that sort of thing, right? So it needs to be as unbiased as possible, in my opinion.

Speaker 2: 30:08

I agree and I like your answer. I appreciate this vision. I think more or less the same way. At the end of the day as soon as this was my background when we started, when we started finding all those kind of cool APTs the main message, the main mission behind was we don't care. We don't care Our customers all around the world, our customers in the US, our customers in Russia, our customers in Western countries, in Eastern countries, in Iran, in Israel, in Egypt, in UAE, whatever those guys are the most important and customers I mean B2C, b2b, b2g, b2, whatever, so any kind of level customers. So that was a priority and this is kind of my mindset. I believe that I don't care about who is standing behind and it can sound maybe stupid, I don't know, but yeah, that's how we were thinking about this.

Speaker 1: 31:06

Yeah, I mean, you know it's not like these viruses are only meant for, you know, let's say, like a Russian domain or a domain in Iran or anything like that. I mean even Stuxnet, with how precisely it was made. Eventually it was modified to the point to where you're starting to find it on just normal civilian, you know, laptops and desktops and companies that had nothing to do with either party or the situation you know.

Speaker 2: 31:40

And again, you know why? Right, because those guys need to test their development somewhere.

Speaker 1: 31:46

They can't test it in the real target, they need to test it somewhere else, Especially when it's something as sensitive, you know, just as Stuxnet right. That's the example. But a great way to test it is to just launch it into the wild and if it destroys a whole bunch of computers, okay, that was too aggressive. That's not what we were aiming for. We were aiming for something that looks for this hardware, where, in reality, it just saw a Dell laptop and was like, yeah, I'm going to siphon all the data. Yeah, I'm going to siphon all the data, right. But yeah, that's a great way of testing it. If you look at the initial tests of Stuxnet right, when they blew up that generator in Idaho National Labs, I mean that was a very precise thing, but they still had to go blow up a generator that's worth like $100,000 to prove it out.

Speaker 2: 32:39

And, Joey, if you don't mind, let me make, at least for me, a reasonable bridge to what's happening today. Like today and this is one of the obvious trends and this is what we like different researchers, different vendors are like talking over and over again. The lines of the borders are blurred so you don't even know whether it's a state-sponsored APT, whether it's a cybercrime, ransomware operation, whether it's some hacktivist bullshit. It's all kind of a mix of different kind of approaches and it's not the same kind of a threat landscape like it was 10, 15 years ago. Now there are no kind of borders between those three, those four or five different scenarios.

Speaker 1: 33:23

Yeah, no, it's a fascinating world which kind of takes me to, you know, I guess, the next part. I mean, like man, I feel like we could talk for another three hours, right, like I need to have you back on. I'll tell you that right now.

Speaker 2: 33:40

I may well be happy. I'm enjoying it as well, so let's schedule something yeah, yeah, absolutely.

Speaker 1: 33:46

But you know, with how the world is going and evolving right now I mean we have major geopolitical events going on, right. I mean like it feels like it feels like the world is, you know, any random day of the week now, right, which is very unfortunate that we're in this type of situation. And with the advent I don't want to say the advent, but with the evolution of where AI is right now and quantum computing, are you seeing potentially, you know new kinds of attacks that you know we've never seen before, exploits that we've never seen before, never even thought of before, that are entering? You know the wild potentially generated by AI and maybe hacktivist groups, or you know organized crime groups.

Speaker 1: 34:38

I had someone on that was talking about you know these hacker groups, right, and they were saying how the legacy, you know mentality of it, is that, oh, there's a bunch of nerds that are on some IRC chat, right, living out of their parents' basement. You know that. Call themselves a certain group that get a zero day here and basement. You know that. Call themselves a certain group that get a zero day here and there. You know that, like you know, make CNN right for 24 hours or something like that right? Well, they described it now as being closer to, like the mafia. You know it's more closer to organized crime legitimate organized crime groups that are. You know hacking companies that I mean in the security world, these companies, they seem like they're top-notch companies where it's places that I would want to go work. Right, are you seeing a new evolution of you know these attacks that are?

Speaker 2: 35:35

coming out. Joe, 100%, you're absolutely right. If you don't mind, I will not provide any comments about this quantum computing threats or something and the reason behind is simple. That again, don't get me wrong. Maybe I'm wrong, Maybe you know better. I haven't seen any kind of real quantum computing threats or something, Some concepts maybe, some kind of I don't know, even I will not say POCs or something. People are like buzzing about this, but real, tangible quantum computing threats, what are we talking about, While at the same time and again, maybe I'm wrong, I can admit, but at the same time definitely we are moving from kind of a threat landscape dominated by large, slow-moving actors to, as you said, to a very agile, automated system incredibly powered by all this AI, agentic stuff.

Speaker 2: 36:30

Threat landscape, as, like several key kind of trends or shifts I already mentioned, nation states have blurred the lines between cybercrime and cyber espionage, between nation state APTs and ransomwares and hacktivists and so on and so forth, Often again using proxies or kind of a dual useuse operations. A lot more. We see it more and more. Ransomware as a service has evolved as well, being much more professionalized. The cybercrime economy, with the supply chains that rival software startups a lot of and I know it's your kind of area of expertise. A lot of cloud exploitation has become one of the top priority targets due to misconfigurations and I don't know, identity-based attacks, attackers to scale social engineering, phishing, reconnaissance with like minimal effort and a lot of kind of speed up, making it much more faster than before.

Speaker 1: 37:38

Yeah, you know, it used to seem like, you know, creating a hacking tool was just so out of the realm of possibility, right, at least for myself. I mean, maybe I'm an idiot, right, like I don't know. You know Python and C++, you know inside and out or whatever, but it just seemed like that was reserved for an elite group of people that dedicated a whole lot of time to creating these tools. You know to use them either for good or bad. Right to creating these tools. You know to use them either for good or bad right.

Speaker 1: 38:17

And now with LLMs, you know I'm a heavy user of Grok. It's maybe a little bit embarrassing how much I use it, but I use it quite a bit, you know. And just for fun, right, I started having Grok create me. You know, a hacking LLM Not really even a hacking LLM, it's like a hacking AI model. Where it starts, it has a base model. It learns from all the previous attacks, looks at all the different kinds of malware out there and then it starts, you know, formulating new attack methods and hacking tools, reconnaissance tools. Works you right through the MITRE framework, right? And you know, logs it all.

Speaker 1: 38:57

There's a new iteration that I have to put it through.

Speaker 1: 38:59

It's up on my GitHub but it's not public, right, I'm a little bit nervous about making it public, but it's so accessible, right, like I'm not, I'm not a developer, I am not a developer and I can just put it into Grok say hey, give me a nice UI. Right. Build this on a Linux OS. Right, like. Make this the core OS component. Right, base it off of Kali Linux. Or base it off of Parrot OS. Make it portable so I could run it on a Raspberry Pi. Right, like that's actually. One project I'm doing right now on the side for my PhD is actually getting Kali Linux it on a raspberry pi, right, like that's actually. One project I'm doing right now on the side for my phd is actually getting cali linux running on the docker container on my android phone, just to see if I could do it right, because I kind of want to walk around and, you know, maybe hack some wi-fi networks as I go, which no, can you elaborate a little bit more, like I yeah I.

Speaker 2: 39:48

I watched your previous series, but if you can just just to remind what is the main story behind your PhD.

Speaker 1: 39:54

Yeah, yeah, so my PhD is. It's focusing on cybersecurity and satellites, specifically deploying the Zero Trust Framework to satellite infrastructure in an effort to prepare it for post-quantum encryption. So a part of my research aside from the technical aspects right is actually meeting with experts in each of these fields to discuss it with them and kind of give them, like I call it, like leading questions, almost right to where it's not exactly addressing the research, but it's a component of the research and all of these things are lining up to support each other. Hopefully it's not exactly addressing the research, but it's a component of the research and all of these things are lining up to support each other, hopefully or maybe I'm an idiot and none of it's going to work right, but I think I have a pretty good shot at actually making it work.

Speaker 2: 40:46

Wow, wow. First of all, sounds sexy and interesting and very futuristic. I mean, definitely you're like looking to kind of a future, potentially future attacks, which is like always interesting.

Speaker 1: 40:57

Yeah, you know that's. The thing that I love about cybersecurity is that there's always something else that I can learn and still stay in the same field. That's kind of what drew me to it. What about that?

Speaker 2: 41:10

kind of a feeling that you're always behind. You always have to learn something new again on a daily basis. What about this kind of a feeling like you can't be pro. You can't be pro, you have to admit Because, on a daily basis, new technologies, new kind of tools, new domains, new, as you're in a domain for 10, 15, 20 years.

Speaker 1: 41:35

You know it inside and out. You know it better than the back of your hand right, and so you build an ego with it, whether you emphasize it or not. With it it's a comfortability zone and for me, I try to remove all the ego from everything that I do and I go into it assuming I just know nothing. You know, and I'm used to that feeling Like I'm so used to it, I embrace it. And you know, when I'm talking to other, like friends in the industry and they're you know they're asking me that question it's like, well, I get, I get really uncomfortable when I'm comfortable, right, like my comfortable. My comfortable part of my life is actually my nine to five and I'm trying to switch that up to make sure that I'm not comfortable with my nine to five now as well. Hence the security researcher part. But yeah, like something I don't know what it is Something in me, if I'm too comfortable for too long, I get really uncomfortable and I call it embracing the suck right when you're going into something that is going to suck every step of the way, like I mean when I'm doing my research. I'm sitting over here like I am such an idiot.

Speaker 1: 43:02

Why did I start this. I'm not a quantum researcher. I can barely spell quantum. You know why did I go? Why did I choose quantum with satellites, right, I don't know anything about. Did I choose quantum with satellites? Right, I don't know anything about satellites. I've never worked for NASA, I've never worked for the government, you know, like I don't know anything about satellites, I know zero trust because I've deployed it, I use it, I talk about it. But these other two, you know main components, right, like I have to embrace the fact that I know nothing and now I'm going to lean on the community to hopefully learn, right? I can't tell you how many times I've had to reread research papers on quantum because I just could not follow along with what they were saying. And then I have to pop it in a grok and say explain it to me. Like I'm a nine-year-old, you know.

Speaker 2: 43:51

Joe, respect, respect, explain it to me like I'm a nine-year-old, you know. Like, joe, respect, respect, I'm completely honest with you. It's, it's, it's cool. It's cool how, how like kind of a passion you are you are about all this and how passionate and honest. So I like, I like the way you are, you're explaining and sharing this yeah, thanks I.

Speaker 1: 44:06

I really appreciate that not not a lot of people get that level of passion out of me, you know, but like I feel like I could tell you know you're passionate about like threat intelligence and malware analysis and everything like that, you know, and it's it spikes that interest in me right again, right where I'm like man, I need to be a security researcher, I need to be going and doing this, you know.

Speaker 2: 44:29

It's never late, and then I definitely you have a solid background for coming back to this security research area.

Speaker 1: 44:39

Yeah, absolutely Well, you know, Sergey, unfortunately we're at the top of our time and I really try my hardest to stay on top of, you know, the time that I set for everyone, so I don't want to go over. I know everyone has a really busy schedule. But you know, I definitely want to have you back on for a part two where we dive into more of what you're doing now and, you know, focus on that and maybe give some career advice to people that are starting out, that want to, you know, get into the field and whatnot With pleasure.

Speaker 2: 45:08

I have a lot of interesting insights to share and, again, as I explained, kind of my career being so many years inside the vendor, then a few years inside enterprise and now being part of service provider. It's kind of a very, very different roles, very different domains. But I'd love to share more details about this and, yeah, let's definitely set up something for the future.

Speaker 2: 45:30

Yeah, absolutely, well, you know before I let you go. How about you tell my audience where they could find you if they wanted to connect and maybe, you know, learn a little bit more about you, and where they could find your current company if they wanted to? You know, learn more about the services that you guys are offering? Sure, thank you for this, joe. First of all, linkedin I'm not that kind of active in LinkedIn, to be honest with you. It's kind of again Swierski background probably. But at least all the recent webinars, publications, research we're doing, I'm trying to post, so Sergey Novikov at LinkedIn and I hope it's not that difficult to find me there. And then Cyberproof Again, don't get me wrong, it find me there. And then CyberProof again, don't get me wrong, it's a very niche, interesting service provider.

Speaker 2: 46:15

We are trying to build our own brand and image into like security research and threat intelligence. So recently we started like doing a lot of public research and different, different kind of publications. So I want to encourage you guys to go to sampleproofcom domain. Look at what we're offering in terms of like service portfolio and a research blog. I think, again, the recent publications are good enough from a quality perspective and interest like general interest perspective, there is like a lot of tricks, suggestions, tips for threat hunters, how to better hunt for that specific actors, threats, tdps and so on and so forth. So please take a look. I don't know whether you can put any kind of a comment in the description, but I would appreciate this as well and I'll definitely think that you guys will find it useful.

Speaker 1: 47:08

Yeah, absolutely All of the links that he mentioned will be in the description of this episode. You know, as always, you know it was a real pleasure talking with you today and everyone listening and watching. I hope you enjoyed this episode. There will be a part two at some point in time. All right, well, thanks everyone. Thanks guys. Thank you for

People on this episode

Joe South

Host