Friday, December 12, 2008

Securing the world, one term at a time

So, the Michaelmas term is over for me and I'm getting ready to fly home for a break. I spent some time during the week evaluating how the term has gone, personally and professionally. Mostly I've written here about fun stuff I've been doing, it's probably obscured that I've been pretty busy getting started as a research student, putting in some long hours in the Computer Laboratory (above) when needed, and learning a lot.

"What does a computer security PhD student do all day?" is a pretty fair question, as I've seen from talking to other Gates scholars that being a PhD student can mean almost anything, depending on field of study, research group, and supervisor. Humanities PhD's read fairly obscure stuff they dig out of the library, some Biology PhD's spend most of their time setting up experiments for their advisor and collecting data.

Even within computer science, which is already a different beast, security is truly unique because one needs to understand broadly a huge number of fields to design security that actually works in the real world. A huge system like the internet or global finance can fail in thousands of ways, and security researchers need to understand all of them fairly well to do things right.

So, I'm forced to jump around pretty crazily from topic to topic. One day I'll be thinking about terrorism and bombs, the next about cryptographic protocols, and the next about the business model for sending spam. The security research group is appropriately diverse, about 10-20 people in various roles doing about 20 different projects simultaneously each. The best part is that we spend a huge amount of time brainstorming and discussing security topics with one another, which is the way to really learn. For me, that's the payoff in being a PhD student: I spend at least an hour a day over lunch learning security from some of the real experts in the field, plus seminars, "official" group meetings on Friday afternoons, and then there are usually afternoon teas. I haven't sat down yet with the group and not learned something.

I spend most of my time talking to people, getting ideas, then reading a lot about them. I've learned to walk around with a notepad, and every time I hear a term like "SCADA" which I didn't know, I pull up the relevant Wikipedia page next time I sit down. I constantly have a pretty big queue of topics I need to read, because they're all things a security PhD needs to know.

Here I am in my office. I'm here quite a lot, I don't spend much time in a laboratory despite the name. The days pass pretty quickly though, with some mixture of:

  • Tracking the daily security news
  • Reading research papers
  • Learning about various other fields which intersect with security
  • Discussing/brainstorming ideas
  • Coding up demo attacks, poking around products looking for issues
  • Going to seminars
  • Writing up ideas and sharing them
  • Supervising undergraduates and passing on the gift.
So I'm never idle, I have an enormous stack of papers to try and work through on my "vacation." Fortunately I'm really enjoying the subject matter, though it's sometimes frustrating to work so hard and feel that there is still a mountain I don't know.

As it happened, I was quoted in this news story today, so hopefully I'm at least a little bit on the way...

1 comment:

Anonymous said...

huge blow to my ego that both the compsci AND math depts are a few orders of magnitude shinier than the eng dept...