Wednesday, February 11, 2009

Egg head

I was somehow thinking, why a human never use his brain 100% ? Even during my schooldays, there was a Hong Kong comic making fool the readers that those "adiwira" can defeat their enemies by optimizing certain percentage of their brain usage. Kinda joke but somehow I manage to read them (of course, hardly to buy those things).

When I decided to pursue my graduate work on computer security, I was first surprised that previously I only knew that people who self proclaim themselves as researchers are not more that users who run applications. Now that I already knew that it needs significant amount of advanced mathematics to become a competent security researcher, I keep wondering whether we will be able to produce effective security based application developer.

There are several stuffs that I believe have to be mastered, networking, mathematics, psychology, laws and operating systems.

However, given that you want to focus on technical part, drop the psych and laws part. I am yet to see Malaysian's thesis on operating system thesis which focusing on security aspect, but I saw a person did his Phd on wireless security, another one on Spam mitigation in UVic Canada, several persons on cryptography, and one in UKM on anti virus core engine - and he did presented his work in Defcon Las Vegas.

Honestly I saw A LOT on intrusion detection.

I read for quite sometime ago an electronic article on Why not to research in computer security. Ironically, the article was being written by a person whom a security researcher as well! He was suggesting something else instead.

I think computer security in a way is an area for *applied research*, where you will deploy all those theoretical research such as string search - on IDS, machine learning - on malware detection and network traffic classification, Bayesian - on SPAM detection . So things like that.

When I was being interviewed by a Prof from Netherlands previously, he asked me - whether my research will be on application level or theoretical part. He is expecting theoretical part plus with hardware solution. Well, he did not update me with the result, so I guess the answer is a big NO.


No comments: