Where are you from and what are you studying at ITMO?
I am from Harare, the capital city of Zimbabwe. I am a Master’s student in Computer Systems Information Security. I am very excited about this subject as it has been my passion since my childhood. I did my Bachelor’s in Software Engineering. But I found that it was not what I wanted. Finally, at ITMO, I am studying what I love. It is like I chased my dream and ended up at ITMO.
What is the difference between software engineering and information security?
Software engineering, as the name suggests, is the art of developing software. A software engineer looks after the entire life cycle of the software like that of a baby. From its creation until the time it is not used anymore. During its life cycle, a software engineer fixes any bugs that might appear in the code and also constantly updates and upgrades it for a smooth user experience. But every piece of software uses data and wherever there is an involvement of data, there is a risk of data theft. That is where an information security specialist comes into the picture. Their role is to take care of the data. To curate it and protect it from theft.
What motivated you to study information security?
The usual trend in my country is to become either a doctor, a lawyer, or an accountant. But neither of these professions were interesting for me at all. When I was 10 years old, my parents bought me a computer and I was fascinated by it. Maybe owing to my experimental nature or simple child-like curiosity, I enjoyed exploring it a lot. What made this exploration more interesting was that I could open something that I was not supposed to. For instance, when I opened the PC case and found out what’s inside the big black box! By the time I was 15, I was able to bypass passwords and encryptions. One day I bypassed the Windows 7 security and it made me feel triumphant. In my head, it gave me joy to think that I could outsmart someone who had spent months protecting something. However, as I grew up, I began to understand the importance of cyber security. Data in today’s world is so easy to leak! If a 15-year-old me could bypass passwords, just imagine the destruction that trained hackers can do. This concerning issue motivated me to study information security and protect everyone’s data from being stolen.
What makes ethical hacking different from “regular” hacking? Is there a boundary that separates the two?
Similar to many other aspects of life, hacking is not so black and white. There is a patch of grey in between as well. You cannot always define which hacking is good and which one isn’t. As far as pirated versions of software like the Windows operating system are concerned, it is bad for the company as it is losing a lot of profit. However, there is a group of people who believe that information should be free. They are the ones who are cracking the original software and distributing it for free as a pirated version. They believe they are doing the right thing by helping those who cannot afford expensive software. An original version of the Windows 10 Home operating system costs $139. Not everyone around the world can afford that but almost everyone needs to use a computer. After the pandemic, with distance learning being practiced more and more, having a computer has almost become mandatory for every student.
Paul has already been in Russia for four years. He completed his Bachelor's degree at Kalashnikov Izhevsk State Technical University. Photo courtesy of the subject
As an information security student, what is your take on this?
It is next to impossible to chase such people. So the approach we follow is upgrading software and making it more secure. If you use Windows, you must be aware of security updates. Microsoft provides these updates from time to time to make your system more secure. It is like a race between hackers and security specialists trying to outsmart each other.
What are your specific interests in the domain of information security?
To be honest, I want to be an ethical hacker. I really love the concept of penetration testing. As the name suggests, it is the technique of penetrating into an encrypted system. It is not just breaking into a system but understanding how it works, also identifying the loopholes in that system. For me, this is a very exciting concept. Some people would definitely put it to bad use and benefit from it but to me it is like, the attack is the best defense principle. Unless you know how to attack, you would never know how to defend properly.
Another popular term on the internet is the dark web? What is it all about?
Usually, when you search for something on the World Wide Web, you find information about it. But, the dark web represents the part of the web where nothing would show up when you perform a search. In other words, it is only accessible by special software, allowing users to remain anonymous and untraceable. To be honest, I have never tried doing anything of that sort. I am actually scared to explore this part of the web. I am expecting some instruction from ITMO about this matter, too. I want to learn more about the areas of the internet that are safe to browse while identifying the ones that are not.
Paul is a student of Information Security and he is learning about protecting data from being stolen. Photo courtesy of the subject
What would you recommend to someone who is not well aware of the internet regarding safe browsing and data theft?
The term used to describe the act of stealing data from someone’s device is known as phishing. It happens when a user replies to a fraudulent email or clicks on a link that is not safe. Usually, these click baits are very lucrative. They promise you rewards like cash prizes or cars. But one should always remember that there is no means of getting rich overnight and hence should avoid such offers. Data can also be stolen if the software or apps on your device are not regularly updated. One should always use anti-spyware and firewall settings to prevent phishing attacks. Many people can also convince you to give away details that are meant to be a secret like your pin code or CVV number. This is known as a social engineering attack. To be safe from these kinds of issues, it is important to educate yourself and stay up to date with this rapidly developing technology. You should know which details you can give and which you can’t, even if it is the bank manager who is asking for them.
Did you have such an experience in your life?
Yes. I was once scammed in a similar fashion. I was ordering sushi for the first time using a link given by someone. In the checkout section, I entered my card details and made the payment. The app showed that the payment was unsuccessful but the money was already deducted from my account. I double-checked it to be sure that the payment did go through. I did not understand whether it was a scam or an internet issue. I knew I had lost the money but what I did not realize until the next morning was that they had taken control over my entire bank account. My debit card was hacked! The next morning I found out that around 5,000 rubles were withdrawn from my account and I was flabbergasted! I felt so stupid because being someone who knows about hacking, it was nothing but utter humiliation to be hacked myself. Luckily I did not have a lot of money on that account. The incident taught me to always be alert, especially while ordering online.
Does the curriculum at ITMO include topics about data security?
I have just started my studies, so I don’t know much yet. But I have looked at the course curriculum and it looks pretty decent. I am so glad that ITMO has incorporated Digital Culture as one of the core subjects for every student. This shows that ITMO is aware of the need for digital literacy. I have also heard some of the senior students talk about the skills that they are taught here, and I have to say, I am very pleased. I am looking forward to making the most out of my time here at ITMO and learning some useful skills in information security.
Paul loves the atmosphere at ITMO University. He never feels left out and enjoys being with both Russian as well as international students. Photo courtesy of the subject
How has your experience as an International student been at ITMO?
It has been fantastic so far. The atmosphere here is so good and comfortable. It is truly a university that respects and cares for international students. I have never felt out of place here. They make sure to involve everyone and make everyone feel equal. That makes ITMO University really unique. I really love everything about it.
Where are you living here?
I am living at the dormitory on Lensoveta St. 23, which is located close to the Moskovskaya metro station. The location is extremely good. It is near Pulkovo airport. There are many cool restaurants, parks, and supermarkets around the dormitory. The ambiance inside the dormitory is also really good. Everyone here is very friendly. We have a lot of parties and games on weekends. We also watch movies together. It is a great team-building practice. It makes all of us feel at home even when we are actually miles away from our families. My roommate is a great guy from Turkmenistan. Interestingly, he speaks Russian and not English, so I get to practice my Russian with him.
What are your plans after completing your Master's?
My plan is to get more and more experience in my field. For now, I love this city, so I would love to stay and work here. But maybe in the distant future, I would decide to go back to my country. But I want to be highly skilled and experienced by then. Once I get back home, I want to introduce something new to my country. Maybe, in the form of a startup or an NGO, but I would like to make a difference. To do that, I need to have a lot of experience and that is exactly what I am looking for right now.
