We are continuing series of the interviews with Kaspersky Lab experts enquiring their opinion regarding cyber-security industry and related threats. Here, Maria Garnaeva. She joined Kaspersky Lab in 2008 as a malware analyst. She focuses on botnet research, malware analysis and providing malware detections. Maria is a graduate of the Bauman Moscow State Technical University.
1.Could you please explain the main reason why students should study to be an information security specialist?
For me, the main reason is that this profession is extremely relevant today and there is a high demand for it. Information security skills are applicable in many areas. Besides, teaching information security is itself based on technical disciplines, so it encourages a technical way of thinking, which I see as a useful thing for a person.
2. How are educational institutions dealing with the challenges in the computer industry? It is developing very rapidly, so is must be problematic to provide a course or materials that are up to date.
This is a very tough question. In short, each university or college manages in its own way, some managing better than others. If we compare specific colleges, there may be significant differences between them in terms of educational levels, training practices, courses and disciplines. Naturally, I’m more aware of the academic situation in Russia. I know examples of colleges that teach their students decent IT academic programs, introducing timely updates and adjustments into the syllabus and offering extracurricular classes. But I also see bad cases of out-of-date training courses. In any case, we should remember that a college’s main task is to teach students to “be able to teach themselves”. There is always the opportunity to study something on your own
3.How consistent is the current trend for more information security specialists likely to be?
The development of new technologies and their application means we can regard this as a long-term trend. This growing demand is especially promoted by interest from both commercial companies and state institutions.
4.Does a student who is planning to study information security need to know mathematics and programming?
Yes, absolutely. If we speak about math, it is self-evident: math is an indispensable basis for all technical specialties; it lays the foundations for understanding further specialized disciplines and shapes the necessary way of thinking. As for programming, an IT security specialist needs to be able to tackle practical problems, often related to automating some processes.
5. Are there any computer threats that specifically target students and/or educational institutions?
If you are asking about threats that target ONLY educational institutions and students and nobody/nothing else, then no, there are none that we know of. There are some examples of targeted attacks which are associated with infecting certain high-profile organizations – including some universities – with a malicious spyware program. These cyber spies are typically interested in classified information in a certain area of knowledge, which can be obtained from several sources and organizations.
6.What training course would be most appropriate to teach information security to ALL students, not just to information security majors? What should such a course include?
In my view, it would be a general, not very technical course that explains the background behind the development of information security, introducing the terms and concepts widely used in this area, explaining what the legal regulations are, giving descriptions of the people involved in cybercrime business and explaining their motivations, and highlighting some resonant real-life stories. I don’t think there is a need to tell students about, say, cryptography algorithms if they are unable to understand how these algorithms can protect them. Why tell people about antiviruses if they don’t understand why viruses are created in the first place? As I see it, this is the main problem for non-specialists: lack of a coherent picture of what’s going on in today’s world.
7. Do you notice a trend toward passivity in computer education? Students are taught to use application packages, but are not taught programming and to understand technologies, except in specialized departments.
As far as I remember, there has always been a certain degree of specialization in computer science: some study general stuff, and some study it in depth and in detail. This approach has been there for decades. Whether this is a good or bad practice is another question. It all depends on the specific specialization, and I would not give categorical judgments on this. I might acknowledge that not everybody needs, say, programming. However, basic knowledge of information security (see question 6) is required and it is cool to know.