You’ve graduated from Ural Federal University’s Mathematics & Mechanics Faculty. How did you come to focus on information security?
Well, if I were to define my area of expertise, I would say it’s systems programming in general. Information security is just one of its most evident applications. In 2012, I’d already completed my Bachelor’s program at the Ural Federal University. Yekaterinburg was the birthplace of the CTF (Capture the Flag) movement - team competitions in computer security, where each team controls a server (searches for and mends its vulnerabilities) and attempts to hack the servers of others. We were the first CTF participants in Russia, and, gradually, teams from other universities joined us.
I'd played for UFU's team XOR a few times before I started my Master's studies at the Mathematics & Mechanics Faculty of St. Petersburg State University. Their local team, Peter Pan, was looking for a reverse-engineering specialist to help them hack programs. Since then, I have begun to focus more on cybersecurity competitions. I got into all of this by accident and ended up spending nine years in CTF.
Also, when I was studying at St. Petersburg State University, the captain of one of the strongest teams - Leet More - taught us virus science. He brought viruses for us to study; many of us spent hours working on them. In part, this is what defined my future career.
Many see hackers as anonymous cyber-criminals who hack servers and steal data, for instance, the “Russian hackers” who were a hot topic in the media lately. So, what are your thoughts on that?
Hackers being criminals is a popular belief, yet in reality everything is slightly different. There’s a good book on the topic - Steven Levy’s “Hackers: Heroes of the Computer Revolution”; it begins with a story about some PhD students who worked under John McCarthy (a renowned American computer scientist who coined the term artificial intelligence -- Ed.). Those students once pulled a trick on him: they told McCarthy that they’ve developed a program that will best him in chess. He got interested, tried to win and lost; eventually, it turned out that the students simply connected his computer to another one, controlled by a student who was really good at chess.
Something like that is called a hack; yet, hacks are not only about playing pranks or stealing information, they can also be used to accomplish something great from a technological point of view. For instance, you enter the airport, wave your hand, and the terminal already prints you a ticket. Hackers like doing things that look like magic; hacking into a neighbor's wi-fi is also just a way to prove one’s capabilities.
You’ve been participating in cybersecurity competitions for years; what did you gain from that?
The main lesson that I’ve learned is about the efficiency of teamwork: two people work not just two, but four times faster. When you’re working on some task alone, you can start googling information about it, but having someone who already knows the subject is a lot better. Also, when you’re working alone, it is a lot easier to get too deep into the details or start procrastinating.
For instance, we were once solving a task for DEFCON (world’s biggest hacker convention in Las Vegas -- Ed.), and I can't even imagine how much time it would have taken were I alone. Yet, my teammate that time was Ilya Zelenchuk, so we’ve completed the task some ten minutes before the deadline.
Why did you decide to leave Yekaterinburg for St. Petersburg?
In 2009, my research advisor, Maksim Baklanovskiy, moved to St. Petersburg. Before that, he led the so-called systemic groups that received advanced training. After he left, we had almost nothing to do for almost a year. Once, he called me and invited me to join him at St. Petersburg State University’s Department of Software Engineering. So, I’ve decided to go there and try something new instead of sitting home doing nothing.
According to statistics, there are about 200,000 programmers in Russia; some 10,000 work with cybersecurity. Though there aren’t many such specialists in Yekaterinburg, they constitute a good team and often work together; though there are a lot more of them in Moscow and St. Petersburg, in these cities, they are disorganized. This is why we’ve collaborated with representatives of the LeetMore team (they now call it LCCB) and Kseniya Kravtsova in organizing the CTF movement in St, Petersburg so that representatives of other universities would have an opportunity to train using a common platform.
What are the projects you are working on now?
Apart from teaching, I now work on several projects. One of them is the CODA project that has been around since the times I participated in CTF, when a group of students came up with some ideas and showed them to Maksim Victorovich; by the way, he didn’t like many of them. With his help, the students won Kaspersky Laboratory’s “Tender on creating the defence of future”. In 2011, Maksim Baklanovskiy planned to bring this project to Skolkovo, which just opened at that time, but that didn’t work out. A year later, my research advisor invited me to the project, so I joined it. Later, I became the company’s head and became Skolkovo’s resident in 2014.
For quite a long time, I’ve been developing this system all by myself. After I’ve started working at ITMO’s Faculty of Secure Information Technologies in February 2016, we’ve decided to use the opportunities of the Future Technologies accelerator. We’ve also applied for the Bortnik Foundation and won. SO, we’ve launched another company, CODA-technologies; after attracting additional financing, I could bring in new employees.
How did you make the decision to focus on your own projects, develop your own company?
Just imagine: you come somewhere, where they show you your table, chair, a high-power computer and say something like “This is your workplace, here is the task, you’ll be responsible for this button on this website, you’ll get good pay every month, come to the checkpoint tomorrow, we’ll make you a pass, work ends on 18:00, dinner’s from 13:00 to 14:00...”. Same thing every day. Well, that’s not my thing.
What I’m doing allows me to use my skills for other projects and strike up acquaintances that allow me to always move forward. I might say that there was much sense in registering the company in Skolkovo just to meet new people. At one of the exhibitions, I got to know Ilya Rabinovich, developer of DefenseWall. It was great to learn from his experience. During my work on another project, I went to the Kaspersky Laboratory where I spoke a lot to one of their managers; as result, we’ve organized a summer school together.
They’ve always told us that if we learn what we’ve decided to study, we’ll be able to do whatever we want to in the future. I’ve done lots of things - 3D engines for games, for instance, websites, applications - whatever I got interested in. I can’t even imagine any other profession that gives you this much freedom. For instance, I once followed a course on programming WCF-services. Some want to do such things, but not me - I don’t like the idea of coding such things for days and even years. I have a Cisco certificate, yet wearing sweaters and uniting routers into networks for the rest of my life is not my idea of a promising future.
You’ve made it to Skolkovo on your third attempt; how did you motivate yourself after the first failures?
How to hold one’s nerve when you fail at something? Well, someone else will always replace you once you fail. You can sit and cry in some corner, but someone else will program and develop once you’re at it. So, my idea is very simple: if you fail at something, just continue working on it.
How do you plan to develop both yourself and your projects in the future?
I hope that in five years I’ll still be surrounded by people who share knowledge and help me learn what I still don’t know. It is most important to always move on, and continue searching for this “magic” side of technologies that hackers admire. As for my projects, I, naturally, expect that people will find it useful; what’s the point otherwise? We are currently finalizing the product and will start to look for customers afterward.