Mr. Ruban, could you tell us about yourself, your background and professional goals.
I have been working as a full-stack developer for about seven years. My career started with the ubiquitous mistake – accidentally, I’ve added SQL injection to the existing web application. When discovered (luckily before the deployment to the production), I was not the happiest person in the world. However, I understood how easy developers can compromise the application and how important security is. Now my goal is to help developers create secure applications without extra pain. My company Itera (https://www.itera.com/en/what-we-do) is trying to show that security might be efficient and straightforward.
How would you describe the progress of cybersecurity and protection of data online in the past years?
The progress of cybersecurity and protection of data online rapidly growth. People start paying attention to their personal data, limiting their permission to the application, and becoming more and more aware of the risks. Five years ago, nobody would believe that you would be able to limit tracking from Facebook simply by not giving permission.
On the other side, companies also understand they are at risk, so they spend more and more effort securing the infrastructure and applications. What is really great is that cybersecurity nowadays is not something for big companies only. Even small local companies start asking how to store the data and prevent leaks. I would state that nowadays, cybersecurity transforms from something for the chosen ones to the more-less standard tool, and this is great.
What are some trends in cybersecurity that you have a strong impression of?
The most important trend I am happy with is moving the cybersecurity activities from the end of the development process to the beginning. My talk about DevSecOps was precisely about how to keep high time to market and still stay safe. DevSecOps approach dramatically decreases time and price for fixing the vulnerabilities and helps deliver the secure application. It’s not yet adopted everywhere (and probably will not be), but the trend is fantastic. Having the safe application by design with small extra costs – give me two!
How would you describe effective cybersecurity?
From my point of view, effective cybersecurity should be regular, automated as much as possible, and sufficient enough. I would say that effective cybersecurity targets to prevent the security breach first and react as soon as possible when it appears.
Could you share an important lesson you have learned throughout your career?
If we are talking about cybersecurity, the most important lesson I learned is that cybersecurity is unforgiving. Sad but true, one simple mistake, even a typo, might cause serious reputation and money loss. The second important lesson is that if you are trying to reinvent the wheel, you will make that mistake. In other words – learn hard, trust proved solutions when building your application, and don’t try to experiment with the security.
What is something you would like to share to people who want to start a career in the field?
In case you are at the very beginning of your career, I suggest you look into the White Hacker education. It might be you shouldn’t try to jump into it right now, but from my point of view – the best defender is those who can successfully attack. And books, books will be your best friends. Sometimes they might seem outdated, but we are still using the TCP/IP stack from 1983. Video courses are great to get an overview. However, they tend to simplify, and in the case of cybersecurity, this might cause serious issues. Nevertheless – cybersecurity is extremely rewarding and one hundred percent worth your efforts.