So you want to be a security researcher? Security researchers are much in demand these days due the rise in cyber security threats as well as growth in tech companies. Some of you want to become a security researcher for the fame it offers while others may be in it for the awesome money. Security researchers need a broad set of skills to investigate a constantly-changing threat landscape. But if you broaden your spectrum you may end up being a jack of all trades. Therefore specializing in areas such as reverse engineering or network forensics will boost opportunities for you.
A reader on Quora aptly put the following requirements for becoming a security researcher :
Firstly, one should know many programming language like Java, Python, Ruby, C and many more. First the learning part, learing C and C++ programming language will set you up nicely. The two languages will open the doors for further learning.
Secondly one should have proper knowledge of computer system i.e., operating system and computer networks and how these work. You should learn how the internals of operating systems work. Here reverse engineering will help you immensely.
Also study the tools and software which check for vulnerabilities. Reverse engineering these will give you a pretty good idea how you can hack computer system and networks.
Practice! At this point get to master the first three steps above until you know everything about each one inside and out. For tools just focus on IDA-Pro, Ollydbg, Immunity Debugger and Windbg.
Join online courses offering certified hacking courses.
Read books. There is no substitute to a bit of learning and books are the best bet. There are many books like The Art of Deception , The Art of Intrusion by world famous former Hacker Kevin Mitnick
Security research includes a wide spectrum of tasks, says James Treinen, vice president of security research at ProtectWise, developer of a cloud-based platform that uses a virtual camera to record everything on an organization’s network, letting security personnel see threats in real- time.
Security researchers take apart malware to see what vulnerabilities the malicious software is exploiting and glean intelligence out of the malware – how it communicates and how it is structured. They use that information to track adversaries and groups by the attack methods they have deployed. Among other things, they then build behavior profiles so security analysts and incident responders can find future instances of the malicious software.
Another user from StackOverflow has a different perspective, he says :
A security researcher does research, and that’s a wide term.
One side of research is academics. Go to a university, study, study more, do a PhD, and voila! you are a researcher. Academic studies are, well, academic, which means that they are not necessarilypractical; but knowing how to do research means that you know how to learn, and you can then catch on the practical side of things.
The other way is to start by the field work. Try exploits, learn programmation, spend some time on machines, spend more time, and after having accumulated experience you will have an extensive skill range. You will then be able to rely on that experience to catch on the theory which you initially neglected.
Either way, the two key ingredients are spending time and learning theory, not necessarily in that order.
To become a security researcher (or any kind of researcher) you choose a security topic and master it. Learn everything about this topic, and if you explore this topic far enough will find something new. A CVE on your resume will work wonders during a job interview.
In the security industry right now web applications are king, closely followed by mobile applications. Master the owasp top 10, hack DVWA and hunt for bugs in open source web applications. Write exploits for these flaws, report them to the developer and obtain a CVE number.
Search for breadcrumbs left by cyber criminals. Study a malware. You can get automated tools to break a particular malware and assemble code to determine how it executed an attack. Once you understand the execution part, you are more closer to being a security researcher than you think.
Remember, a life of a security researcher is hard. Sometimes they are arrested by police even for reporting flaws or exposing leaks in public. Other times you may run foul with a particular cyber criminal or hacking group who may dox you, threaten your or hack your accounts.
It also helps to study a particular hacker like the member of Hacking Team who published his exploits online. In the end, if you strive long enough and are patient, you will become a good security researcher.