For National Cyber Security Awareness Month my colleague Joy Ma kicked off the first in of a series of articles where we’ll be spotlighting some of the women who work at Imperva. Continuing in the series, I spoke with Luda Lazar, security research engineer for the Imperva Defense Center, to get her perspective on the security landscape, how she found her way into cybersecurity, and what drives her passion for it.
Tell me the story of how you got into cybersecurity.
LL: I entered into cybersecurity during my Israeli military service, at the age of 18 until age 21. I was an instructor and team leader of other instructors who trained soldiers on information security and different systems that are used in the military.
When I entered the military I took a beginner course on networking and a little bit about cybersecurity. I performed well and from there was able to choose the area I wanted to work in. During my service I started on a degree in computer science and worked in networking as a student for about a year. But ultimately, I chose cybersecurity because it interested me the most. And I came to love it—I’ve been in cybersecurity at Imperva for the length of my career to date, six years.
What were your interests growing up? Could you foresee a future for yourself in cybersecurity?
LL: As a kid I always loved science and math. I loved computer science. So I knew from the beginning, at least from the time I entered school, that I would work in something related to computers and computer science. But it was in the military where I really found a passion for cybersecurity.
What do you love about your job?
LL: My work is very challenging. One of the things I find most interesting is that I’m constantly challenged to think like an attacker. To learn more about their techniques, tools, practices, and motivations. And the work changes all the time.
For every project I’m doing very different things. It’s not repetitive. I’ve been given the opportunity to grow and constantly work on new assignments. From database protocols to deception techniques, and now on malware analysis and insider threat protection. It’s changing all the time—it’s very interesting and very challenging.
Challenging is a recurring theme. What do you find to be most challenging about your job?
LL: I think providing protection against current threats requires we must always be relevant and updated with new technologies and understand new threats and new attack methods and tools. But even this is not enough. We have to understand the data and the way attackers think to try to predict their next step.
Who has been one of your biggest mentors, and why?
LL: My biggest mentor has been Imperva founder and former CTO, Amichai Shulman. He guided me through all my projects and I learned so much from him. We’d meet regularly and discuss issues and research results. Even now I continue to seek his advice about new projects and topics.
How has the cybersecurity industry changed over the course of your career?
LL: Although my career hasn’t been very long, one of the biggest changes I’ve seen is how the threat landscape has changed. Anyone can become an attacker without exceptional technical and programming capabilities.
I think it’s caused by the industrialization of threats. For example, phishing kits are offered as a service, ransomware is offered as a service…anyone can just buy malware and the infrastructure for malware management. It’s relatively cheap and available online. Compared to just 10 years ago, cybersecurity is more front and center and a top priority. And not just for large companies, but also small organizations, and its filtered down to private individuals. Every person in his home, every company, little or big. Cybersecurity threats are everywhere and changing at such a fast pace.
What advice would you give to someone entering the cybersecurity industry today?
LL: I think my advice is relevant to any industry, and that is to ask questions. Ask yourself why the attacker is doing what they’re doing. Ask for other professional opinions. Ask to read different security reports, to learn more and to be critical—look objectively at the merits and possible limitations of your own work. Always strive to understand things in depth.