“For security researchers the learning never stops”

Everything is possible if you are eager to learn and improve your skills throughout your life, believes Noushin Shabab. As a Senior Security Researcher at Kaspersky Global Research & Analysis Team (GReAT), she specializes in reverse engineering and targeted attack investigations. In this episode of the Women in IT podcast, she talks about her career path and provides helpful advice on becoming a successful cybersecurity professional.

Noushin Shabab
Senior Security
Researcher at

Noushin Shabab considers herself a cyberdetective. Like any true detective, she is rigorous in her investigations, trying to establish who is behind the attack, how it happened, identifying potential victims, and how to protect users and organizations in the future. To stay one step ahead of cybercriminals, Noushin constantly monitors sophisticated malware and threats, analyzing how they evolve and identifying new emerging trends in the cybersecurity threat landscape.

Noushin prides herself on her expertise in targeted attacks, which she researches and shares regularly in published reports that reveal the technical details behind these attacks: “I believe it’s important to share the results of your work with people so they can benefit from your research. Your knowledge can help users and organizations identify and prevent targeted attacks and emerging trends in the cybersecurity threat landscape. If you do not share your specialist knowledge, it will be lost to the industry, and benefit no one.”

“My favorite part of the job is that every day there are new challenges and puzzles to solve. To become successful in security research, you need to be courageous and have the curiosity to learn and broaden your knowledge. No two days are the same, which means my job is not routine, which I like very much.”

Get ready to become a security researcher

Being a security researcher is a very exciting career, according to Noushin Shabab. She says: “Cybersecurity is a vast field, providing plenty of opportunity to find the niche that interests you the most. To enter this line of work, you will need a good understanding of how computer systems and networks work and then see how you want to develop further. Most importantly, keep improving your skills and do a lot of practice – there are many resources and communities that can help you realize your ambition.”

For those looking for a first job in security research, Noushin recommends participating actively in student conferences where companies’ representatives are usually present, providing a perfect opportunity to demonstrate your knowledge and skills. If you are offered an interview, take time to prepare thoroughly, do your research, sign up to test tasks and put maximum effort into passing them to demonstrate you’re the ideal candidate.

Noushin’s own story is proof of that. She says: “The hiring manager from Kaspersky gave me a new piece of malware from a sophisticated attack to reverse and find whatever I could from the file. I spent day and night for a week on the project, and I went as deep as time permitted. The hiring manager expected me to submit a one or two-page report from the analysis result. But when I summarized my work, it was 14-15 pages long. He was really surprised that I had gone ‘above and beyond’ in the task, and that is why I got the job”.

Noushin Shabab book recommendations for beginners:

  • \\ Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software, Andrew Honig and Michael Sikorski
  • \\Practical Reverse Engineering: X86, X64, ARM, Windows Kernel, Reversing Tools, and Obfuscation, Alexandre Gazet, Bruce Dang, and Elias Bachaalany
  • \\Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, Matthew Richard, Michael Hale Ligh, Steven Adair, Blake Hartstein
  • \\ Reversing: Secrets of Reverse Engineering, Eldad Eilam
  • \\ The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, Jamie Levy, Andrew Case, Michael Hale Ligh, Aaron Walters

Listen to the full story in our Women in IT podcast.