• About
  • Subscribe
  • Contact
Thursday, May 8, 2025
    Login
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
No Result
View All Result
No Result
View All Result
Home Technology Security

PodChats for FutureCISO: Getting started as a security researcher

Allan Tan by Allan Tan
December 12, 2022

According to Check Point Research, global attacks increased by 28%in the third quarter of 2022 compared to the same period in 2021. The average weekly attacks per organisation worldwide reached over 1,130.

Complicating the situation is the talent shortage, especially for experienced cybersecurity professionals. According to the 2022 Cybersecurity Workforce Study by ISC(2) there is a shortfall of 2.2 million cybersecurity workers in Asia Pacific. This means that the current 859,000 security professionals are likely stressed and burnout at their place of work.

It can also be argued that CIOs, CISOs and CHROs are themselves frustrated as they look to fill in missing posts while stressed at trying to keep the existing staff from leaving.

Anastasia Tikhonova, head of APT Research at Group-IB, explains that part of her team’s day-to-day job involves researching the crime and the evolution of the attacker’s tactics, tools, and procedures.

“When I took on the team leader role in the advanced persistent threat (APT) monitoring department, my main goal was focusing on tracking the advanced persistent threat operations which are carried out by national state hackers. We found that their main goals are to operate in the interest of states,” she elaborated.

What it takes to become a researcher

Ziprecruiter lists the educational qualifications of a researcher including a bachelor’s degree in computer science, IT, or network systems. Increasingly, schools offer specialised degrees in cybersecurity. Security researchers also gain experience on the job.

Tikhonova confided that when she started, the professional cybersecurity industry was unknown and that nobody could explain it clearly.

“In most cases, only practice makes perfect. I had to learn on the fly from my more experienced peers. Most of my first job was focused on a scene in the underground. We analysed connections between cybercriminals, found their contacts, established their networks and tried to get in touch with them to figure out what their plans were,” she elaborated.

With the growing complexity of security threats, it is suggested that a researcher focuses on a specific area. In the case of Tikhonova, she has chosen to focus on APT.  

Ziprecruiter says researchers are creative thinkers, they have a desire to apart and repurpose software, and are interested in analytical problem-solving. Many security researchers start by working as part of an IT security team or as software developers before moving on to security research.

Avoiding burn out

Check Point Software Technologies says as a region, Asia experienced the most cyberattacks in the third quarter of 2022, with an average of 1,778 weekly attacks per organisation, which is an increase of 21% compared to the same period last year.

Sam Olyaei

"Cybersecurity leaders are burnt out, overworked and in 'always-on' mode," said Sam Olyaei, research director at Gartner. "This is a direct reflection of how elastic the role has become over the past decade due to the growing misalignment of expectations from stakeholders within their organisations."

The ThreatConnect 2022 CybserSecurity Under Stress report revealed that among respondents, 67% say that staff turnover has increased in the past 12 months with average staff turnover estimated at 20%.

To counter the threat of burnout, Tikhonova admits operating on a principle of work hard, play hard.

Anastasia Tikhonova

“What gives my teammates and me, the extra energy is our long-standing mission of fighting cybercrime. I think everyone in our company understands that. The main idea of zero tolerance to cyber criminals.”

Anastasia Tikhonova

“When I wake up every morning, I understand that my job helps makes a real-life impact. Protecting people and companies make the world a safer place. Because we have different types of cybercriminals from all over the world, you could switch focus between different regions, different countries, and different tactics groups. Every time it's something new and interesting, there’s no time to get bored,” revealed Tikhonova.

In-house vs outsourced – which is better?

Should cybersecurity be outsourced or should an organisation have its team?

Keeping it in-house has its benefits because it allows an organisation to build domain expertise, not just around a business’s systems and networks but also day-to-day operations and ongoing projects. Also, in-house teams can be more responsive than outsourced service providers, given that they only have one priority – the company’s business.

That said, Tikhonova observes that APT threats (as this is her expertise) have become more sophisticated than traditional attacks. She adds that tracking and hunting for them require specialised skills. Ordinary workers in non-cybersecurity organisations, likely are not trained for these types of attacks.

“With our skills, we see additional possibilities and track risks and attacks more than others. One of my favourite tools at Group-IB is graph network analysis. This is a Swiss army knife for each APT researcher.

“Each research team has their possibilities, but specific cybersecurity companies have their specialised tools, which help produce more information, tracking and hunting rules,” she added.

Click on the PodChat player and hear Tikhonova share her experience as an APT researcher and discover if cybersecurity researcher is the career for you.
  1. What is a Security Researcher?
  2. What qualities, characteristics and perhaps credentials does one need to become a security researcher?
  3. How do you avoid burnout?
  4. For best results, how should CISOs and security teams work with a Researcher?
  5. When does it make sense to build your own “Research” team or when to outsource?
  6. What is your advice for those interested in a career as a security researcher?
Related:  Offence is the best defence in cybersecurity
Tags: Check Point Software TechnologiescybersecurityGartnerGroup-IBPodchatsstaff retention
Allan Tan

Allan Tan

Allan is Group Editor-in-Chief for CXOCIETY writing for FutureIoT, FutureCIO and FutureCFO. He supports content marketing engagements for CXOCIETY clients, as well as moderates senior-level discussions and speaks at events. Previous Roles He served as Group Editor-in-Chief for Questex Asia concurrent to the Regional Content and Strategy Director role. He was the Director of Technology Practice at Hill+Knowlton in Hong Kong and Director of Client Services at EBA Communications. He also served as Marketing Director for Asia at Hitachi Data Systems and served as Country Sales Manager for HDS’ Philippines. Other sales roles include Encore Computer and First International Computer. He was a Senior Industry Analyst at Dataquest (Gartner Group) covering IT Professional Services for Asia-Pacific. He moved to Hong Kong as a Network Specialist and later MIS Manager at Imagineering/Tech Pacific. He holds a Bachelor of Science in Electronics and Communications Engineering degree and is a certified PICK programmer.

No Result
View All Result

Recent Posts

  • Agentic AI-powered AppSec platform launched for the AI era
  • IDC forecasts GenAI alone will grow at a 59.2% CAGR
  • Dataiku brings new AI capabilities to create and control AI agents
  • Microsoft reveals the rise of a new kind of organisation in the AI era
  • St Luke’s ElderCare enhances data security and user experience with Juniper

Live Poll

Categories

  • Big Data, Analytics & Intelligence
  • Business Applications & Databases
  • Business-IT Alignment
  • Careers
  • Case Studies
  • CISO
  • CISO strategies
  • Cloud, Virtualization, Operating Environments and Middleware
  • Computer, Storage, Networks, Connectivity
  • Corporate Social Responsibility
  • Customer Experience / Engagement
  • Cyber risk management
  • Cyberattacks and data breaches
  • Cybersecurity careers
  • Cybersecurity operations
  • Education
  • Education
  • Finance
  • Finance & Insurance
  • FutureCISO
  • General
  • Governance, Risk and Compliance
  • Government and Public Services
  • Growth Strategies
  • Hospitality & Tourism
  • HR, education and Training
  • Industry Verticals
  • Infrastructure & Platforms
  • Insider threats
  • Latest Stories
  • Logistics & Transportation
  • Management Leadership
  • Manufacturing
  • Media and Telecommunications
  • News Stories
  • Operations
  • Opinion
  • Opinions
  • People
  • Process
  • Remote work
  • Retail & Wholesale
  • Sales & Marketing
  • Security
  • Tactics and Strategies
  • Technology
  • Utilities
  • Videos
  • Vulnerabilities and threats
  • White Papers

Strategic Insights for Chief Information Officers

FutureCIO is about enabling the CIO, his team, the leadership and the enterprise through shared expertise, know-how and experience - through a community of shared interests and goals. It is also about discovering unknown best practices that will help realize new business models.

Quick Links

  • Videos
  • Resources
  • Subscribe
  • Contact

Cxociety Media Brands

  • FutureIoT
  • FutureCFO
  • FutureCIO

Categories

  • Privacy Policy
  • Terms of Use
  • Cookie Policy

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Login to your account below

or

Not a member yet? Register here

Forgotten Password?

Fill the forms bellow to register

All fields are required. Log In

Retrieve your password

Please enter your username or email address to reset your password.

Log In
No Result
View All Result
  • Management Leadership
    • Growth Strategies
    • Finance
    • Operations
    • Sales and Marketing
    • Careers
  • Technology
    • Infrastructure and Platforms
    • Business Applications and Databases
    • Big Data, Analytics and Intelligence
    • Security
  • Industry Verticals
    • Finance and Insurance
    • Manufacturing
    • Logistics and Transportation
    • Retail and Wholesale
    • Hospitality and Tourism
    • Government and Public Services
    • Utilities
    • Media and Telecommunications
  • Resources
    • Whitepapers
    • PodChats
    • Videos
  • Events
Login

Copyright © 2022 Cxociety Pte Ltd | Designed by Pixl

Subscribe