Marion Marschalek, a threat researcher with Cyphort, spoke at both RSA Conference 2014 in San Francisco and RSA Conference APJ 2014 in Singapore. In this Q&A she talks about what excites her about information security and how she got to where she is today.
RSA Conference: Can you provide some background on how you got into the security industry and how you ended up where you are today?
Marschalek: What dragged me into the security business were the challenging problems which surround security engineers every day. I’m still fascinated by the myriad of ways people use and abuse today’s technology. Today I am working as a malware researcher and get to live on the edge of emerging threats.
RSA Conference: What excites you the most about working in the security industry?
Marschalek: The way security is entangled with everyday life. Since technology conquered every corner of society, the risks and threats that came with it created a very vivid field of research. The engineering community is fairly young and driven, a lot of problems still unresolved. This creates a very energetic atmosphere that drives innovation.
RSA Conference: What would you like to see change/happen in the industry over the next 12 months?
Marschalek: In the past, I have watched a lot of businesses improve existing ideas and approaches, but I think changes in entire concepts altogether are what’s necessary. I speak for threat detection technology, where the industry has relied on spotting patterns of evil for more than a decade. Over the years, the pattern design and the gathering process has changed, but not the idea itself. I think we should develop more towards innovation in predictive security through accurate risk assessment and threat modelling, instead of trying to detect unknown threats through patterns we gathered from known threats.
RSA Conference: What security goals would you like to accomplish in the next three years?
Marschalek: Security technology has evolved as a threat protection mechanism, rather than the other way round: as an asset protection mechanism. Defense technology is very much focused on the adversary, and very much careless about the nature of the protégé. Steps have been taken towards compartmentalization and the re-design of systems as a whole. Within the next three years this direction will be pursued much stronger - we need smarter security that adapts to the need of an organization. Key points are the identification of critical data and the appliance of strong security to the data flow process, while minimizing security relevant responsibilities on the end user side. A lot of critical decisions could be taken care of by smart systems, tasks such as access right management, credential management or data encryption by default. The industry should refrain from working on minimizing human failure and instead minimize the impact of human failure.
RSA Conference: If you could pick one thing that has made the most impact on your career and where you are today, what would it be?
Marschalek: Two years ago I won an industry challenge, a reverse engineering contest. This without doubt was the biggest boost for me personally and for my career so far. Not only did I push myself to the limits and learn a lot, also it made it very easy to connect with other engineers in that same industry. I think challenges for young professionals are tremendously helpful to bring people together and have them deliver their best performances.
RSA Conference: Why do you think RSA Conference is important for security professionals to attend?
Marschalek: RSA Conference is a melting pot for security startups, where new ideas are showcased and professionals get together to debate. RSAC is the biggest event for builders to exchange experience and certainly a playground to come up with new ideas.
RSA Conference: What has changed in the industry that would affect what you talked about at RSA Conference APJ 2014 ?
Marschalek: Security professionals have clearly become much smarter in terms of identification and classification of threats along with the risk assessment associated to threats. Last year we presented on malware analysis with focus on the protection of intellectual property. We explained how it is important to understand a threat, to be able to mitigate its impact on company assets. I feel that companies have gained understanding in how to classify threats and focus resources on the most prevalent attacks.