Last time, I had a great chat with Anna Westelius. She has a lot of experience with everything from web security to Linux driver development, and I learned a lot from her.

This time, I had the pleasure of talking with Virginia Robbins, otherwise known as fl3uryz. Not only is she an expert in malware detection; she also founded The Diana Initiative, a cybersecurity event focused on women in our industry.

Kim Crawley: Please tell me a bit about your cybersecurity career and how you got there.

Virginia Robbins: Originally, I gained an interest in computers in my teens by simply watching my big brother using a computer. I later acquired an 8086 and started coding. I loved it so much that I studied for a BS in Electrical Engineering followed by an MS in Computer Science after I realized how I loved both hardware and software. I gained an even stronger interest in cybersecurity by chance as a sysadmin at the university and while working at Intel as a security software engineer developing self-modifying agents and other security applications.

I continued on that path by working at Microsoft and McAfee on diverse projects researching and developing TPM, BitLocker, Elliptic curve crypto for TLS, anti-malware products, endpoint security and so on.

KC: Well, that’s pretty cool! Considering your work on anti-malware, what do you think about different kinds of heuristic malware detection?

VR: Aside from behavioral-based detection techniques, which has false detections and performance issues, there is research and integration of diverse heuristic detections techniques out there using machine learning and data mining that all have their pros and cons.

For instance, API system call technique is good at detecting unknown malware with fewer false positives and good performance; however, it only does binary (Read more...)