How IT professionals work. Nikita Abdullin, security analyst at Riscure

We continue to ask specialists about the mode of work and rest, professional habits, the tools they use, and much more.

It will be interesting to find out what unites them, in what they contradict each other. Perhaps their answers will help to identify some general patterns, useful tips that will help many of us.

Today our guest is Nikita Abdullin, Security analyst from Riscure.

Nikita has over 7 years of experience in the field of electronic payment technologies, security and performance of payment card data processing systems. He also specializes in the security of embedded systems, virtualization systems, databases, and the elimination of in vitro bugs in especially large and critical software for a wide range of platforms and architectures.

What do you do in the company?
')
Every day I break protected products for our customers. They bring us products, we deliver them to the ground and write a report. Then they are satisfied leaving him to repair, so that the bad guys will not break it.

One phrase (phrase) best describes how you work:

Intuition.

I first accumulate the data, and then turn on the intuition.

How many hours a day do you spend on work?

At least 8 hours. In general, I had a period when I studied and worked at the same time. Then I was busy around the clock: even at night in my dreams I was thinking about what I was doing. Now I do not need so much time to spend on self-improvement.

I know people who continue to do this.

How much do you sleep?

On average 6 hours.

How long does it take to go to the office?

Half an hour.

How do you spend your time on the road?

I look at ducks and swans. On the way there is a pond.

What kind of todo-manager do you use personally?

Grindstone. I use time tracking and sorting personal tasks.

What issue tracker'om / repository do you use?

I do not use these tools. The specificity of my work is that I break one product at a time. They just give it to me, and I do it.

For version control I prefer git. As an issue tracker I prefer JIRA. In other situations, forced to use what is used historically.

What else do you use for work?

On Linux, this is coreutils known to all. I am a “console worm” - for several years now. On Windows, I love FAR and ConEmu, a multiplexed terminal. These tools, along with MSYS2, completely change the paradigm of work in Windows: I work there the same way as in Linux.

When I audit iron, I use the physical tools that our company produces. They are specially sharpened for these purposes. In addition, of course, I have a standard set of electronics - oscilloscopes, logic analyzers, power supplies, and so on.

For reverse engineering software I use a standard set of software - disassemblers, debuggers, parsers of various data formats and other auxiliary utilities. Other things being equal, I choose IDA Pro, rather than radare2, due to stability and ergonomics, although for some architectures IDA loses (for example, for AVR).

Do you have any internal projects or libraries in your company and why were they created?

Initially, the company is positioning itself as a symbiosis of people who break to break and manufacturers of tools to perform these tasks by customers on their own.

Therefore, if some employee conducted an attack, wrote an instrument for this, or collected some iron on his knee, it might grow into a product. Then this product will come back to us. We as analysts will use and improve it.

What annoys you most when you work?

When I can not break something. All the rest is temporary difficulties.

What professional literature would you recommend?

The industry is very dynamic, and people, unfortunately, do not have time to write books.

What do you prefer: electronic reading rooms or paper books?

I would like to read paper books, but I have to read from the screen.

What technology (computers, tablets, smartphones) and operating systems do you prefer at work and at home?

I, as a security man, can not disclose this information. But I can tell you the principles by which I choose them.

Due to the nature of my position, I am quite an interesting target for the attackers. First of all, I estimate how much it will cost them to attack. Based on this, I choose the platform.

Do you listen to music when you work?

I use music as a clock: I just set myself a rhythm. I use hard and rhythmic music for this - metal, death metal, melodic death metal. But at the same time I try so that it does not hit the brain hard.

Which life hack allows you to be more efficient?

When I had an internship, I was informed that there would be lectures on time management. Then it turned out that the person who gave this lecture had a record for being in the office - about 36 hours in a row. There are a lot of things that do not work.

Of course, such a technique as “to eat a frog in the morning” works: “If you eat a frog in the morning, the rest of the day promises to be wonderful, since the worst is over for today”.

The Frog is the biggest and most important work, the one that you most often put aside. However, it is she who is currently positively affecting your achievements, and most importantly - your life. The rule of eating frogs: of the two proposed, you need to start with the most disgusting.

Only you need to understand what tasks really benefit the company. In general, I try to work in good companies, where you can always explain why you are not doing certain things. Of course, provided that you have established yourself as an honest engineer.

What applications and services can you do without in your work or in your personal life?

Without Google services, we (“we” are about the entire ecosystem, the whole industry, all of humanity) could not grow so fast. I can not live without a two-pane file manager. One panel is not enough for me, I need functionality every day and hour that allows you to work flexibly with the list of objects and their attributes displayed on the manager's panel (and these are not just files!), As in the spreadsheet editor a la Excel. FAR allows this with minimal or no customization. FAR is also suitable for me because there is a common command line for two panels. Therefore, information can be easily transferred from one panel to another, and between the panel and the result of command execution (including commands that use text / data from the panel). FAR allows you to do things that would otherwise require me to be scripted in the shell.

How do you feel about messengers?

Negative. They take attention. Although, when you need to contact people who live in the same rhythm as you, when you know that you will not get it out of the streaming state with your message, it is appropriate to use the messenger.

But unfortunately, all people have different expectations from communication. Therefore, let either the company aligns it, or the person himself must negotiate this with each individually.

What would Nikita Abdullin write in a letter to future generations?

When the students showed us after graduation, I had to say a few words. Then I gave advice to the younger generation.

The most important of them is not to be afraid of complicating the task. Personally, I love working in stressful conditions, because only then can you grow. If you are still learning and think that the teachers are not pulling, the university is not giving you something, so give yourself this.

The second tip is a dream. It is so important that you can even ask relatives and other close people to force you to sleepiness (smiles).

You have traveled a serious path. And someone is now at the beginning of this path. What would you recommend to a person trying to go the same way?

If you want something, this in itself will not be realized. Or if there is talent ... Many people think that a talented man waved his hand and it all worked out right away: Ali-Baba’s cave opened in front of him. This is not true.

If a person really wants to do cool things, he has to develop the habit of putting every “Wishlist” into simple, executable steps according to some scheme. In psychology and pedagogy there are many dirty tricks that allow you to successfully process and zombie yourself. They work. So, do not hesitate to zombie yourself, exploit.

Track your progress, try to understand which direction you are going. Ask other people about this. Why you always need a teacher, because you need a person who will give you a quality feedback.

In general, you need to be able to give people high-quality, constructive feedback. It is not necessary to get personal, you need to go to those things that a person in himself can fix. If a person made a mistake, there is no point in scolding him for it. Need to tell how to prevent it the next time. There is such a topic in pop psychology that the human brain is not able to perceive negative statements.

Therefore, you need to be able to “zombie” yourself using positive statements.