Malware analyst: Is it the career for you?
It’s the role of a malware analyst to reverse-engineer the attacks hackers use to breach systems to best understand how to defend against them.
While cybersecurity is considered an evolving field, one thing never changes: the constant flow of malware. Malware authors are forever creating new attack methods such as viruses, spyware, Trojan Horses and others to steal data and disrupt business. The AV-Test Institute registers over 350,000 new malware programs every day and the global cost of ransomware according to Cybersecurity Ventures is predicted to hit $20 billion this year.
If you’re thinking there must be great job security in a career as a malware analyst, you’re right considering the mountain of work that must be done to keep organizations safe.
According to Dr. Richard Ford, chief technology officer at Cyren, malware analysis continues to grow in importance as the volume and seriousness of cyberattacks escalates. What started in the 1990s as a group of people exploring the implications of connecting computers together was closely followed by chaos and then pain, however unintentional it may have been then, to a full-on war between attackers and defenders.
“Today, it’s the difference between joy-riding and axe-murdering,” Ford says. “Nation-states, organized crime and big sums of money are involved.”
What does a malware analyst do?
A malware analyst starts with a piece of malicious software and the goal of understanding what did it do and how did it do it. How was the affected machine(s) impacted and what was the threat vector used to accomplish such an attack? Some may consider the examination of computer code tedious work but for others, the thought of piecing together such an important puzzle brings great reward.
Generally, there are two employment settings for malware analyst careers:
- Working for a cybersecurity vendor
- Working for an enterprise security operations team
Both are tasked with reverse-engineering malware to better defend against it in the future. An industry vendor malware analyst will focus on how to create solutions that automate stopping the attack for the benefit of the company’s customers. An in-house malware analyst will work to build defenses against the malware too, but they are also concerned about overall business impact and long-term strategies to bolster their company’s security.
How to become a malware analyst
Malware analysts often write signatures to identify “known” malware and add that signature to a database that becomes the fuel for anti-malware defenses. “They start off by writing a lot of signatures,” Ford says. “As they progress in their career, they begin to look at detection techniques that fit well with specific families of malware,” for more advanced protection.
As malware analyst skills evolve, they work with the rest of the security team on what was the impact to the organization’s network and how they can proactively detect the larger malware group before it hits the company’s system.
To isolate and investigate malware, malware analysts use a variety of forensic tools that weren’t available in the early days of malicious software. This is particularly helpful today as the complexity levels continue to increase. “Back in the day, you had to create your own tools because essentially, you need to draw a border around the malware,” Ford says. “But pieces of malware now reach out and pull-down updates through an online command and control making them dynamic. They morph and they monetize — things are crazy complicated today.”
What skills do good malware analysts have in common?
Many senior malware analysts today don’t have computer science degrees — they were university students in the era of math, physics and the like. Today, computer science degrees will help, but according to Ford, they aren’t always required if you’re looking to get your foot in the door. On-the-job training is common, particularly with the rate at which malware and forensic tools evolve.
Malware analysis is a lot like solving puzzles so curious, persistent people do well. In the spirit of effective problem solving, the willingness to take initiative is also a valuable skill in this field. In the absence of these characteristics, the role may be frustrating.
“It isn’t CSI; you’re not a super cyber sleuth all the time,” Ford explains. “You have to look at a lot of malware and, depending on where you go, it can start to feel as though you work on a production line. Grinding through a huge bucket of malware on a conveyor belt can be not very exciting.”
But for the inquisitive, malware analysts can map out very successful career paths within their company, and across the cybersecurity industry. Dr. Ford’s path has included malware analysis for a host of companies, university teaching and chief technology officer.
“There is significant cooperation in cybersecurity and, as you’re trading malware samples, you’re also building lifelong professional relationships,” Ford says.
As a kid who quickly became more interested in how computers worked over the games he was playing on them, Ford encourages aspiring malware analysts to be curious. He also suggests you be friendly because “climbing up the ladder does not mean pushing others down. Help people and they will help you back.”
To learn more about what it’s like to work as a malware analyst, watch our Cyber Work Podcast on malware analyst careers with Dr. Richard Ford of Cyren.
- Malware Statistics, AV Test
- Ransomware is a real pain in the wallet, Cybersecurity Ventures