One interview from the life of a shift analyst
Hi, Habr!
Happy New Year! I wonder how many of you had to work on New Year's Eve? And imagine doctors, militiamen, transport workers and other "watch" professions? We also have one relevant story that we will tell you today. So, meet Boris Yampolsky, the head of the shift analytics department at Kaspersky Lab.
Boris, can you tell us briefly how the work of a team of shift analysts differs from ordinary virus analysts? What are the specifics?
Can! Shift analysts have a difficult task - not to miss something really loud and dangerous in the huge stream of Malvara. Senior analysts from other groups receive already selected files that require careful examination. There must always be someone on guard, one shift replacing another - these are the specifics of shift analysts. If the antivirus is a locomotive, then these guys are the firemen, who throw coal around the clock around the fire so that the locomotive rushes at full steam.
')
You talked about loud Malvar - and often you have to catch something such? Maybe a couple of examples from the last?
I have to say, however, that the group of shift analysts is far from the only one that catches loud malwar, we just work 24 hours 7 days a week. In general, we catch something special about once a month. From the last one, I would call Duqu (Trojan.Win32.Duqu), the latest version of TDSS (Rootkit.Boot.Sst.b), and today (December 26 - editor's note), for example, Trojan-SMS.AndroidOS.Arspam. a - a new trojan for Android.
The work schedule of your colleagues is quite diverse - in general, the name of the group also speaks about this. How do you manage to coordinate the work of so many people with different schedules?
Coordinating removable virus analysts is easier than it might seem. There are day and night shifts. Every morning at 10:00 the daytime replaces the night one and every evening at 20:00 the nighttime replaces the daytime one. In general, the system is quite flexible. Even if someone is sick, someone is on vacation, someone needs to be at the institute today - there are always virus analysts in the shift who can quickly respond to the appearance of a new threat.
There are a lot of junior virus analysts in your division. Who takes on the role of a mentor?
Probably destroy the template, saying that we do not have mentors as such. Rather, he has the first 2 months of work - on probation. This is usually a senior virus analyst with experience. The main training takes place already in “combat” conditions during the shift. It is important to understand that not only threats change, but also our tools that we use to combat new threats. I know many employees in our anti-virus laboratory and in the research and development department in general, who started their way to the company in the group of shift analysts, but few of them will be able to sit down right now and start working on the shift. We do not stand still. We have something new every day.
How do you interact with other departments of the Department?
If we talk about the department, then we have the maximum interaction with the departments of infrastructure support and the update release team. We update the anti-virus databases, after which they are tested and laid out on public servers. That is, it requires operational and well-coordinated work, so that there is really little time between the time of detection and the creation of an update. Well and, of course, it is difficult to imagine our work without all the variety of utilities and various services.
Do you have any rule that analysts work out only about 2 years per shift. And what happens to them then?
Not a rule, but rather a tradition! Virus analysts, who have worked for more than 2 years, are aware of their future path in the company. As a rule, this study of a narrow area of the industry. Often, virus analysts go into groups of heuristic detection, research of complex threats. Some become programmers and create tools for us. Many people, who once started working as junior virus analysts, have now grown to department heads, leading experts, and general directors :). That is why I easily accept this tradition, albeit with some sadness in my heart.
And perhaps the last question: What are your requirements when applying for a job?
Finally! The candidate gets a lot when he comes to us (in addition to the social package and free meals): this is an invaluable experience, communication with experts, the opportunity to study the latest threats. Therefore, the requirements are high. The main requirement is to be a fanatic in the good sense of the word. Really interested in the industry. Do not be afraid of some routine that will inevitably be encountered in analyzing the flow of suspicious samples. Of course, there are basic requirements for technical skills: this is knowledge of Windows OS and knowledge of Assembler. And finally - the willingness to work at night. Usually this requirement stops girls and family candidates from working with us.
Thank you very much for the interview! And see you in the new year!
Happy New Year! I wonder how many of you had to work on New Year's Eve? And imagine doctors, militiamen, transport workers and other "watch" professions? We also have one relevant story that we will tell you today. So, meet Boris Yampolsky, the head of the shift analytics department at Kaspersky Lab.
Boris, can you tell us briefly how the work of a team of shift analysts differs from ordinary virus analysts? What are the specifics?
Can! Shift analysts have a difficult task - not to miss something really loud and dangerous in the huge stream of Malvara. Senior analysts from other groups receive already selected files that require careful examination. There must always be someone on guard, one shift replacing another - these are the specifics of shift analysts. If the antivirus is a locomotive, then these guys are the firemen, who throw coal around the clock around the fire so that the locomotive rushes at full steam.
')
You talked about loud Malvar - and often you have to catch something such? Maybe a couple of examples from the last?
I have to say, however, that the group of shift analysts is far from the only one that catches loud malwar, we just work 24 hours 7 days a week. In general, we catch something special about once a month. From the last one, I would call Duqu (Trojan.Win32.Duqu), the latest version of TDSS (Rootkit.Boot.Sst.b), and today (December 26 - editor's note), for example, Trojan-SMS.AndroidOS.Arspam. a - a new trojan for Android.
The work schedule of your colleagues is quite diverse - in general, the name of the group also speaks about this. How do you manage to coordinate the work of so many people with different schedules?
Coordinating removable virus analysts is easier than it might seem. There are day and night shifts. Every morning at 10:00 the daytime replaces the night one and every evening at 20:00 the nighttime replaces the daytime one. In general, the system is quite flexible. Even if someone is sick, someone is on vacation, someone needs to be at the institute today - there are always virus analysts in the shift who can quickly respond to the appearance of a new threat.
There are a lot of junior virus analysts in your division. Who takes on the role of a mentor?
Probably destroy the template, saying that we do not have mentors as such. Rather, he has the first 2 months of work - on probation. This is usually a senior virus analyst with experience. The main training takes place already in “combat” conditions during the shift. It is important to understand that not only threats change, but also our tools that we use to combat new threats. I know many employees in our anti-virus laboratory and in the research and development department in general, who started their way to the company in the group of shift analysts, but few of them will be able to sit down right now and start working on the shift. We do not stand still. We have something new every day.
How do you interact with other departments of the Department?
If we talk about the department, then we have the maximum interaction with the departments of infrastructure support and the update release team. We update the anti-virus databases, after which they are tested and laid out on public servers. That is, it requires operational and well-coordinated work, so that there is really little time between the time of detection and the creation of an update. Well and, of course, it is difficult to imagine our work without all the variety of utilities and various services.
Do you have any rule that analysts work out only about 2 years per shift. And what happens to them then?
Not a rule, but rather a tradition! Virus analysts, who have worked for more than 2 years, are aware of their future path in the company. As a rule, this study of a narrow area of the industry. Often, virus analysts go into groups of heuristic detection, research of complex threats. Some become programmers and create tools for us. Many people, who once started working as junior virus analysts, have now grown to department heads, leading experts, and general directors :). That is why I easily accept this tradition, albeit with some sadness in my heart.
And perhaps the last question: What are your requirements when applying for a job?
Finally! The candidate gets a lot when he comes to us (in addition to the social package and free meals): this is an invaluable experience, communication with experts, the opportunity to study the latest threats. Therefore, the requirements are high. The main requirement is to be a fanatic in the good sense of the word. Really interested in the industry. Do not be afraid of some routine that will inevitably be encountered in analyzing the flow of suspicious samples. Of course, there are basic requirements for technical skills: this is knowledge of Windows OS and knowledge of Assembler. And finally - the willingness to work at night. Usually this requirement stops girls and family candidates from working with us.
Thank you very much for the interview! And see you in the new year!
Source: https://habr.com/ru/post/136163/
All Articles