As we all know, security is a top-of-mind concern in the IT world as compliance requirements get stricter and cyber threats get riskier. Having knowledgeable InfoSec professionals on the team are vital, and that’s why I’m delighted to introduce you to our new ultra-smart Security Analyst, Philippe Dugré!
I recently had a chat with Philippe to learn about his background and role. Among other things, I discovered that he shares my passion for bouldering. In case you have no idea what I’m talking about, bouldering is a type of rock climbing that requires a mix of strength and technique.
Here’s a snapshot of my conversation with Phillipe:
Can you tell me a bit about your background?
I began coding when I was 9 years old, after my father bough me a refurbished computer. I found some tutorials on the internet, and started doing some basic stuff in C. The more I practiced, the better I became. Later in high school I started writing full programs in my spare time, and decided to study computer science in college, and then software engineering in university. That’s where I joined the computer security club and started going to conferences and CTFs, which are basically security competitions. I also continued developing my knowledge and skills in my free time.
What would you say is your biggest achievement so far?
Competitions! I’ve been to many security competitions, notably CSAW CTF, Hackfest and NSec, and each time our team ended up with a pretty good score. I always ended up doing some crazy challenges that I had no idea I could accomplish. Sometimes, the experience was so intense and I had to concentrate so hard, that I didn’t know how I did something until the competition was over! As for specific achievements, I’d say the most satisfying one was when I found a way to bypass protection that was specifically made to guard a system. That really helped me confirm that this was what I wanted to do with my career.
What was it about Devolutions that made you want to work here?
I met our CEO David at an event hosted by our university, and I was amazed by how down-to-earth and friendly he was. I started to learn more about Devolutions, and grew excited about how I could apply my security knowledge here. I also like the fact that Devolutions isn’t in a big city. I’ve always liked working in more rural areas.
What would you say are your top three strengths at work?
My biggest strength by far is my passion. I love security analysis, and I get very focused and driven when I’m working on a task or have an idea that I want to try out. During those times, I can basically work non-stop and never get tired! Also, I learn things quickly and am comfortable working independently. Finally, I’d say that I’m a good team member, and am always willing to help my colleagues if they need me.
What tasks do you carry out in your job, and what are some of the tools that you use?
As a security analyst and developer, most of time is spent doing pen testing, which is basically attacking our software to find security flaws and reporting them. I also fix some of them, and work a lot on encryption and injection filters to help reinforce our products as a whole. I love the fact that we are not restricted in the software tools available to us, and so I use Visual Studio for development and debugging, and tools like Burp Suite, ZAP, OllyDbg, dnSpy, Sysinternals and the Python Framework for pen testing. I also use a Linux partition for cryptanalysis and web attack, which is based on Arch Linux with added tools.
What are your impressions about working here?
I didn't even know a workplace this great existed. We have everything we need here to succeed and have fun, like pinball and arcade machines, video game consoles, and even a volleyball court! As employees, we have a lot of autonomy and independence, and people don’t make impossible requests. There are also no politics here, and everyone is treated respectfully, whether they are an intern or in management. Even David doesn't have an office on the top floor, he works in the middle of the main room, on a desk that is the same size as everyone else’s. It's actually fun to come to work!
What goals would you like to achieve at Devolutions?
Security breaches are a constant threat, and I want to help make sure that we’re always ahead of the curve and prepared for both known and unknown possibilities. My ultimate goal is to ensure sure that our users trust our company and products.
On a personal note, what are some of your hobbies and interests?
I've been playing guitar for over eight years, and I write music too. Music has captivated me since I was a kid, and once I started I couldn’t stop! Even now, I can play for hours and I'm always excited to learn new and weird techniques. I’m also interested in computers (of course!), and I am really into speedcubing, which involves solving twisty puzzles as fast as possible. It's great for impressing people, and it also decorates my desk, which now has over ten different puzzles. I'm trying to bring down my average on the original 3x3x3 cube to under 20 seconds before I go to an official competition. Right now, my average is 25 seconds. I'm also learning to do it blindfolded!
Please share a few words with our community of IT pros:
Information security is vital in every kind of IT work, and I’m always trying to keep people informed and aware of what we need to do to stay safe. Many people still use passwords that are too easy to guess or hack, or that are stored in a spreadsheet or text document. And that’s just the beginning! There are also many disabled firewalls, weak encryption systems, and other major security vulnerabilities. Having a good password management system, privileged access management and overall access rights are all essential. This is something that I think is missing in many professional certifications, whether at college, university or private training organizations. If a person doesn’t specifically study security, then there’s a good chance that he or she has never had a single class on the topic. I believe that everyone needs to have a solid foundation of knowledge when it comes to security. And so, my advice is: never underestimate this aspect of IT, as it can save your company, your users, and ultimately your job!