Chapter 6
Becoming a
Security Researcher:
5 Questions
Answered
By Chaz Lever
The role of a security researcher is ever-evolving, requiring individuals to stay up-to-date with the latest threats and technologies. Researchers often need to think outside the box to develop new solutions for cyber defense. Whether you are coming from an academic or non-academic background, this chapter will break down the experience, background, and skills you will need to launch a security research career.
Question 1
What Exactly Is a Security Researcher?
A security researcher is someone who loves diving deep into the world of cybersecurity. They have a curious and analytical mind–and are always on the lookout for vulnerabilities and potential risks in various systems and technologies. These researchers possess a wide range of technical skills and knowledge, from understanding networks and operating systems to programming and cryptography.
Security researchers spend their time investigating, experimenting, and analyzing to uncover security flaws and develop ways to mitigate them. Whether working independently or as part of a team, security researchers stay up-to-date with the latest trends and emerging threats to keep their knowledge sharp and their defenses strong. Ultimately, their goal is to help make the digital world a safer place by contributing to the development of secure systems and protecting against potential security breaches.
Question 2
Do You Need an Engineering or Advanced Degree to Become a Security Researcher?
The short answer is no. Security roles vary, and while many researchers have obtained advanced degrees, this is not a prerequisite. How much engineering you will need to know will vary depending on the role as research is a mixture of both practice and theory. An advanced degree in security and research is almost like an apprenticeship instead of a traditional educational academia environment.
With that said, obtaining an advanced degree often comes with resources that allow you to carry out experiments and studies that you might not be able to do on your own or in another environment. Whether or not you are taking a formal education route or not, there is space and opportunity for those interested in research roles.
Every path to research will look a little different. I personally came to research from the academic route.
I was working on a Ph.D. in an applied degree. Once I completed the Ph.D. I started working as a director position within the university. After a few years, I stepped into more industry roles where today I now lead Devo’s SciSec team – the research arm of the product organization.
But there are certainly many non-academic routes to research as well. Application developers or security engineers are more than qualified to step into the same types of roles as they develop similar skills in a corporate environment.
Question 3
How Can I Get Started in Security Research?
The best way to break into any industry is to put yourself out there and try to connect with community members and groups.
Start by subscribing to newsletters, reading blogs, industry reports, and papers. Taking advantage of conferences is another great way to network and forge community relationships.
You can also learn about emerging topics on social media—whether it’s through forums or Twitter. This is also going to be a useful strategy for you once you are in a research role when trying to address problems: survey what the security community is doing and then come up with ways to tackle them at your company. The more practical solutions you can come up with, the better.
Then get to work doing things to gain real world experience! Create a lab environment where you can experiment with various security tools and techniques. Set up virtual machines or a dedicated test network to practice different security scenarios without impacting live systems. Gain more practical experience by participating in Capture the Flag (CTF) competitions and online hacking challenges. These platforms provide real-world scenarios and puzzles for you to solve, honing your skills in vulnerability analysis and exploitation. Remember security is a practitioner’s domain and there’s no substitute for experience!
Step 2
Question 4
What Traits Make for a Strong Security Researcher?
As a security researcher, you are breaking things and figuring out how to defend against vulnerabilities. A genuine curiosity in how things work and trying them out is going to be your greatest asset.
Other key traits of a good security researcher include:
Curiosity
Problem-solving skills
Technical aptitude
Persistence
Analytical thinking
Continuous learning
These types of people love diving into systems, networks, and technologies, uncovering vulnerabilities, and discovering new attack methods. Problem solving is their superpower—they excel at identifying security issues, analyzing complex problems, and coming up with innovative solutions to protect against risks.
With a solid technical background in networking, operating systems, programming languages, and security tools, they're always on top of the latest technologies and emerging threats. Persistence is their middle name—they never give up when faced with challenging security puzzles and are willing to dedicate long hours to find the answers. They also believe in lifelong learning, stay up-to-date with industry trends, often read research papers, and attend security conferences to continuously enhance their knowledge and skills.
Question 5
What Types of Work Do Research Teams Do?
Research teams are often working on some of the most fun (perhaps I’m biased) and noteworthy projects within an organization.
The type of work could include:
Hover over each card to learn more about each work area.
User entity and behavior analytics (UEBA)
Behavior analytics interprets user behavior patterns to detect anomalies that may indicate security threats, such as insider threats or unauthorized access. Entity analytics examines the behavior and relationships of entities within a system or network, helping researchers identify abnormal or malicious activities. Both techniques use data analysis, machine learning, and statistical methods to enhance threat detection capabilities and strengthen overall security defenses.
User entity and behavior analytics (UEBA)
Incident response and threat intelligence
Analyzing security incidents, tracking threat actors, and developing techniques to detect, respond to, and mitigate threats. Work involves creating threat intelligence feeds, analyzing malware campaigns, and understanding adversary techniques.
Incident response and threat intelligence
Vulnerability
research
Identify and analyze vulnerabilities in software, operating systems, networks, and applications. The goal is to discover previously unknown vulnerabilities and responsibly disclose them to vendors for patching.
Vulnerability research
Malware
analysis
Analyze and dissect malicious software (malware) to understand its behavior, functionality, and propagation techniques. This includes reverse engineering, sandbox analysis, and identifying indicators of compromise (IOCs).
Malware analysis
Cryptography and cryptanalysis
Study cryptographic algorithms, protocols, and systems to identify weaknesses and develop more secure solutions. Analyze encryption algorithms, cryptographic protocols, and cryptographic implementations for vulnerabilities.
Cryptography and cryptanalysis
Network
security
Research network protocols, network devices, and their vulnerabilities. Focus on analyzing network infrastructure, firewalls, routers, and switches to discover weaknesses that could be exploited by attackers.
Network security
Social engineering and human factors
Study the human element in security, including social engineering techniques, phishing attacks, and user awareness and behavior. Analyze the psychology behind security breaches and develop strategies to mitigate human-related security risks.
Social engineering and human factors
As you embark on a potential security research career, leverage your community as much as possible and don’t feel like there is a only one “best” route to becoming a researcher. Drive and persistence pay dividends with any role!
About the author
Chaz Lever
Chaz Lever is a security researcher with over a decade of experience. He received his B.S. in computer science from Duke University, M.S. in computer science from Wake Forest University, and PhD in computer science from the Georgia Institute of Technology. Dr. Lever's research has focused on large scale measurements and data analysis with a focus on network security applications, and his work has appeared at numerous top academic and industry security conferences. Beyond his academic work, Dr. Lever also has industry experience developing scalable, data-centric applications in the business intelligence, financial services, and government spaces.
LinkedIn
Next Chapter
Positioning Yourself for a SOC Leadership Role
Previous Chapter
Navigating Your Cybersecurity Career as a SOC Analyst
Chapters
01
So You Want to Be a SOC analyst...
02
The Hard and Soft Skills Needed
to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher:
5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home
Chapter 6
Becoming a
Security Researcher:
5 Questions
Answered
By Chaz Lever
The role of a security researcher is ever-evolving, requiring individuals to stay up-to-date with the latest threats and technologies. Researchers often need to think outside the box to develop new solutions for cyber defense. Whether you are coming from an academic or non-academic background, this chapter will break down the experience, background, and skills you will need to launch a security research career.
Question 1
What Exactly Is a Security Researcher?
A security researcher is someone who loves diving deep into the world of cybersecurity. They have a curious and analytical mind–and are always on the lookout for vulnerabilities and potential risks in various systems and technologies. These researchers possess a wide range of technical skills and knowledge, from understanding networks and operating systems to programming and cryptography.
Security researchers spend their time investigating, experimenting, and analyzing to uncover security flaws and develop ways to mitigate them. Whether working independently or as part of a team, security researchers stay up-to-date with the latest trends and emerging threats to keep their knowledge sharp and their defenses strong. Ultimately, their goal is to help make the digital world a safer place by contributing to the development of secure systems and protecting against potential security breaches.
Do You Need an Engineering or Advanced Degree to Become a Security Researcher?
Question 2
The short answer is no. Security roles vary, and while many researchers have obtained advanced degrees, this is not a prerequisite. How much engineering you will need to know will vary depending on the role as research is a mixture of both practice and theory. An advanced degree in security and research is almost like an apprenticeship instead of a traditional educational academia environment.
With that said, obtaining an advanced degree often comes with resources that allow you to carry out experiments and studies that you might not be able to do on your own or in another environment. Whether or not you are taking a formal education route or not, there is space and opportunity for those interested in research roles.
Every path to research will look a little different. I personally came to research from the academic route.
I was working on a Ph.D. in an applied degree. Once I completed the Ph.D. I started working as a director position within the university. After a few years, I stepped into more industry roles where today I now lead Devo’s SciSec team – the research arm of the product organization.
But there are certainly many non-academic routes to research as well. Application developers or security engineers are more than qualified to step into the same types of roles as they develop similar skills in a corporate environment.
How Can I Get Started in Security Research?
Question 3
The best way to break into any industry is to put yourself out there and try to connect with community members and groups.
Start by subscribing to newsletters, reading blogs, industry reports, and papers. Taking advantage of conferences is another great way to network and forge community relationships.
You can also learn about emerging topics on social media—whether it’s through forums or Twitter. This is also going to be a useful strategy for you once you are in a research role when trying to address problems: survey what the security community is doing and then come up with ways to tackle them at your company. The more practical solutions you can come up with, the better.
Then get to work doing things to gain real world experience! Create a lab environment where you can experiment with various security tools and techniques. Set up virtual machines or a dedicated test network to practice different security scenarios without impacting live systems. Gain more practical experience by participating in Capture the Flag (CTF) competitions and online hacking challenges. These platforms provide real-world scenarios and puzzles for you to solve, honing your skills in vulnerability analysis and exploitation. Remember security is a practitioner’s domain and there’s no substitute for experience!
Step 2
Question 4
What Traits Make for a Strong Security Researcher?
As a security researcher, you are breaking things and figuring out how to defend against vulnerabilities. A genuine curiosity in how things work and trying them out is going to be your greatest asset.
Other key traits of a good security researcher include:
Curiosity
Problem-solving skills
Technical aptitude
Persistence
Analytical thinking
Continuous learning
These types of people love diving into systems, networks, and technologies, uncovering vulnerabilities, and discovering new attack methods. Problem solving is their superpower—they excel at identifying security issues, analyzing complex problems, and coming up with innovative solutions to protect against risks.
With a solid technical background in networking, operating systems, programming languages, and security tools, they're always on top of the latest technologies and emerging threats. Persistence is their middle name—they never give up when faced with challenging security puzzles and are willing to dedicate long hours to find the answers. They also believe in lifelong learning, stay up-to-date with industry trends, often read research papers, and attend security conferences to continuously enhance their knowledge and skills.
What Types of Work Do Research Teams Do?
Question 5
Research teams are often working on some of the most fun (perhaps I’m biased) and noteworthy projects within an organization.
As you embark on a potential security research career, leverage your community as much as possible and don’t feel like there is a only one “best” route to becoming a researcher. Drive and persistence pay dividends with any role!
The type of work could include:
Hover over each card to learn more about each work area.
User entity and behavior analytics (UEBA)
Behavior analytics interprets user behavior patterns to detect anomalies that may indicate security threats, such as insider threats or unauthorized access. Entity analytics examines the behavior and relationships of entities within a system or network, helping researchers identify abnormal or malicious activities. Both techniques use data analysis, machine learning, and statistical methods to enhance threat detection capabilities and strengthen overall security defenses.
Incident response and threat intelligence
Analyzing security incidents, tracking threat actors, and developing techniques to detect, respond to, and mitigate threats. Work involves creating threat intelligence feeds, analyzing malware campaigns, and understanding adversary techniques.
Vulnerability
research
Identify and analyze vulnerabilities in software, operating systems, networks, and applications. The goal is to discover previously unknown vulnerabilities and responsibly disclose them to vendors for patching.
Malware
analysis
Analyze and dissect malicious software (malware) to understand its behavior, functionality, and propagation techniques. This includes reverse engineering, sandbox analysis, and identifying indicators of compromise (IOCs).
Cryptography and cryptanalysis
Study cryptographic algorithms, protocols, and systems to identify weaknesses and develop more secure solutions. Analyze encryption algorithms, cryptographic protocols, and cryptographic implementations for vulnerabilities.
Network
security
Research network protocols, network devices, and their vulnerabilities. Focus on analyzing network infrastructure, firewalls, routers, and switches to discover weaknesses that could be exploited by attackers.
Social engineering and human factors
Study the human element in security, including social engineering techniques, phishing attacks, and user awareness and behavior. Analyze the psychology behind security breaches and develop strategies to mitigate human-related security risks.
About the author
Chaz Lever
Chaz Lever is a security researcher with over a decade of experience. He received his B.S. in computer science from Duke University, M.S. in computer science from Wake Forest University, and PhD in computer science from the Georgia Institute of Technology. Dr. Lever's research has focused on large scale measurements and data analysis with a focus on network security applications, and his work has appeared at numerous top academic and industry security conferences. Beyond his academic work, Dr. Lever also has industry experience developing scalable, data-centric applications in the business intelligence, financial services, and government spaces.
Website
Twitter
LinkedIn
Next Chapter
Positioning Yourself for a SOC Leadership Role
Previous Chapter
Navigating Your Cybersecurity Career as a SOC Analyst
[ What Exactly Is
a Security Researcher? ]
[ Do You Need an Engineering or Advanced Degree to Become a Security Researcher? ]
[ How Can I Get Started
in Security Research? ]
[ What Traits Make for a
Strong Security Researcher? ]
[ What Types of Work Do Research Teams Do? ]
Chapters
01
So You Want to Be a
SOC Analyst
02
The Hard and Soft Skills Needed to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher: 5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home
Chapters
01
So You Want to Be a SOC analyst...
02
The Hard and Soft Skills Needed
to Crush a SOC Role
03
Advancing Cybersecurity and Career-Readiness in Academic Institutions
04
Break into Cybersecurity by Leveraging LinkedIn
05
Navigating Your Cybersecurity Career as a SOC Analyst
06
Becoming a Security Researcher:
5 Questions Answered
07
Positioning Yourself for a SOC Leadership Role
08
Balancing Your Career and Wellness: A Hopeful Message for the SOC Community
09
Change, Challenges, and Priorities
Back to Home