A new Flexera Community experience is coming on November 25th. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
KPBussey
By
Flexera Alumni

In early August, Microsoft Security Response Center (MSRC) released their MSRC’s 2018-2019 Most Valuable Security Researchers at Black Hat list. Flexeran Behzad Najjarpour Jabbari ( @BJabbari) is No. 35 on the list of 75 researchers that recognizes “the top tier of researchers based on not just the volume of the reports, but also the impact and accuracy of their reports." He took time from patrolling and researching to offer insights into his life as a cybersecurity researcher.

Katie Bussey: First off, congratulations! This seems to be quite the achievement! To ground our discussion, can you give a brief overview of how you came into this role?

Behzad Najjarpour Jabbari: Thank you, Katie. I started learning computer security when I was 15 years old. I've been enjoying Information Security since the beginning because it gives me an insight into what's going on inside different kinds of applications. I worked as a malware analyzer during my studies. I came to Secunia Research when I was 22 years old, which was my first full-time job.

K: Wow! This is not only a career but a passion for you. You have seen the field progress throughout your career – what are some milestones you’ve seen in the security field over the past few years?

B: Computer Security has changed a lot. I remember that it was very straightforward to find vulnerabilities back then. We should employ much more complex techniques to find vulnerabilities these days. Exploitation mitigations weren't as advanced as today. If I can mention a few milestones, I would say that the introduction of ASLR and Sandboxes had a huge effect on securing applications.

K: So let’s talk the present day - what tools do you prefer to use for your research and what are you looking forward to learning next?

B: Depending on the target, we use different kinds of tools. For example, we have a set of tools for web applications and different tools for binary applications. Additionally, I write my own tools for discovering vulnerabilities.

There are lots of stuff to learn in this field. Information Security has become so complicated that one person cannot claim that he is good at everything. I'm currently studying browsers architecture, which is very sophisticated compared to the other applications.

K: It’s certainly a complex field. It seems like this type of work could be misunderstood – what are misconceptions you’ve encountered?

B: Well, that's true. Many people don't even know that this role exists. We are getting recognized better in recent years. But it's because of the so many Ransomware attacks, so we can probably say that people learned it the hard way.

K: Yikes. Given that point, what is the #1 piece of cybersecurity advice you’d offer our customers reading this interview? 

B: I think applying security patches is probably the most crucial thing in keeping a company secure. So if you ask me about the first thing I do for securing my system, I would say that it's keeping my products updated.

K: Finally, how can we track you and your team's ongoing work?

B: We have a web page where you can find the latest vulnerabilities discovered by Secunia Research [1]. There is also a Secunia Research blog [2].

1) https://www.flexera.com/products/operations/software-vulnerability-research/secunia-research/advisories.html
2) https://blogs.flexera.com/secunia-research/

 

(1) Comment