Getting started in security research - Kevin Backhouse

Computer security is an unusual field. Many of the most accomplished security researchers are either self-taught or did not come from a formal computer science background. For example, two of the most talented security researchers Kevin knows studied journalism in college. His own path into computer security was more conventional: he studied mathematics and computer science and then worked as a developer for 15 years. But he never expected to become a professional hacker— and his career transition into security was mostly an accident. So how do you get started in security research? There are many paths in, and security is a big field. In this talk, Kevin will give you the specific point of view of a former developer, and will focus on the secure code field. He will cover some of the techniques that he uses: code auditing, CodeQL, and fuzzing. He will also briefly discuss the different mindsets of a security researcher, compared to a developer.