In-depth Interview: Lukas Rist

Lukas Rist (@glaslos) is a software engineer with Blue Coat Norway where he develops behavioral malware analysis systems. In his spare time, he creates web application and ICS/SCADA honeypots and botnet monitoring tools under the umbrella of the Honeynet Project. He recently developed an interest in industrial security and automated SQL statement classification. He will be giving a live demo on Conpot at the upcoming The Honeynet Project workshop in Warsaw, on May 13. Here are his answers to our questions: keep reading to get to know a bit more about him.

Tell us, how did you get involved in the security community?
When I started my baby steps in information security, I didn’t plan to get where I am right now. By becoming involved with The Honeynet Project and getting pulled in by my fascination, experiencing the fulfillment of creating something and being able to work in this field, I eventually decided to leave my previous paths and to enjoy full time what used to be a hobby.

And what will you talk about?
I will give a demo session about Conpot, an ICS/SCADA honeypot we are currently working on. I hope to inspire people to spend more time on this topic, show how to get an easy entrance into a topic many consider to be too complicated, and how easy it is to learn about the techniques used by the adversaries.

What do you love the most being a security expert?
Creating tools that help to solve or understand a problem is a very strong motivator for me. Efficiency, elegance and the knowledge it is actually usable in combination with overcoming a challenge are the things that get me up in the morning and keep me awake during the nights.

So, what do you think the future security threats will be like?
In his Story of Philosophy Will Durant writes: “So the story of man runs in a dreary circle, because he is not yet master of the earth that holds him.” I wouldn’t call information security a dreary story but we definitely see repeating problems that we haven’t solved yet or maybe never will. The adversaries, their targets and the means used may change, but I assume the fundamental causes will stay the same for some time. What has changed is the amount of data we have to handle, exabytes per day is nothing you just search with grep anymore. Holding that together and protecting it is a challenge we are facing right now and I don’t see a solution in the near future.

And what is your best tip for (upcoming) security professionals today?
Join the circus but don’t get carried away. Many in this community long for recognition, make sure you deserve attention before you ask for it. Save the talking for your forties, write code now, provide solutions, get involved and don’t be afraid to be wrong.

Last question, maybe a little subjective, why should people come to or sponsor the upcoming (and awesome) HP workshop in Warshaw?
For me The Honeynet Project workshop is a unique opportunity to meet a large group of security experts which all have the goal to share, help and discuss. I usually leave the workshop with new ideas, feedback on my work, new collaborations and fresh energy to spend the next 356 nights hunkering over my keyboard. I also heard the beer is cheaper than here in Norway.