#LifeAtWebroot

Crime and Crypto: An Evolution in Cyber Threats

Cybercriminals are constantly experimenting with new ways to take money from their victims. Their tactics evolve quickly to maximize returns and minimize risk. The emergence of cryptocurrency has opened up new opportunities to do just that. To better understand...

Cyber News Rundown: Bluetooth Man-in-the-Middle

Paired Bluetooth Devices Vulnerable to Man-in-the-Middle Attacks A new vulnerability has been discovered that would allow an attacker to easily view the traffic sent between two Bluetooth-paired devices. The core of the vulnerability relies on the attacker’s device...

3 Cyber Threats IT Providers Should Protect Against

With cybercrime damages set to cost the world $6 trillion annually by 2021, a new bar has been set for cybersecurity teams across industries to defend their assets. This rings especially true for IT service providers, who are entrusted to keep their clients’ systems...

Social Media Malware is Deviant, Destructive

We've seen some tricky techniques used by cybercriminals to distribute malware through social media. One common threat begins with a previously compromised Facebook account sending deceptive messages that contain SVG image attachments via Facebook Messenger. (The SVG...

Get to know Cathy Ondrak, Product Owner

Reading Time: ~3 min.

While one-click shopping on Amazon (or Webroot.com, for that matter) seems super easy when you’re the consumer, there are a lot of complex strategies and processes going on behind the scenes.

We chat with Cathy Ondrak, product owner for Webroot.com, to get a glimpse behind the curtain. In her role, Cathy works with developers, business analysts, and other stakeholders on a daily basis to ensure Webroot customers’ needs are being met online.

Tell us a bit about yourself.

I have three amazing kids—ages 9, 11, 13. We’re just getting to the teen years, which scares me to death. When I’m not working, I’m probably ushering my kids to one of their various activities. My life revolves around them; from baseball, softball, and soccer to basketball, parkour, or art activities, they stay busy and keep me on my toes. I also lead my nine-year-old’s Girl Scout troop and participate in my kids’ school accountability committee (SAC) meetings.

I was born in North Carolina (go Duke!) My parents moved us to Aurora, Colorado when I was a year and a half old. They still live in my childhood home. My sister and her family live about 2 miles from me, so you can regularly find my family attending one of the grandkids’ activities. (We travel in a large pack, and our kiddos always have a cheering section.)

How did you get into tech?

I began my career in public relations, moved to marketing, then product management. I worked on bringing US WEST Wireless to market a long time ago, which was my entry into tech. While at US WEST, I managed their website and eventually moved into a product manager position for their first wireless internet solution, BrowseNow. It was a very exciting time, but nothing like things are now. Everything was text-based, black and white, and not even a little pretty.

What does a day in your life at Webroot look like for you?

As the product owner for Webroot.com, I’m constantly checking emails, attending meetings, and collaborating with various internal teams. Beyond that, I oversee the web developers’ work and stay in constant communication with them. I work with developers, business analysts, and stakeholders daily to ensure deadlines are met and projects are completed as quickly as possible. We work in an agile environment, so we try to deliver solutions quickly and enhance as we need to.  It’s pretty exciting to see the changes over the years when you have time to look back.

Why do you like working at Webroot?

The thing I like best about Webroot is the people. Working with driven and intelligent people make what we do great and make me value the relationships I’ve formed. The other thing would be watching the continued success of the teams as we grow. The amount of work that flows through our team each day is amazing. The most rewarding thing is seeing how far we’ve come since we started! It’s inspiring to witness whole organization working together to bring new products to market.

Do you interface with external customers?

My day-to-day is filled with internal customers and teams at Webroot—mostly marketing teams who work with us to enhance the website and online user experience, and also provide more flexibility to sell our products.

Any advice for other women in tech?

Theonly advice I have applies to everyone, regardless of field or gender: do what you love, value the people, and success will come naturally. We all have control of our own outcomes, so be open, honest, and flexible. And for other Webrooters reading this, attend the Women of Webroot meetings, get to know your fellow colleagues, and enjoy every minute of it!

What’s the biggest lesson you’ve learned from working in the field?

My biggest lesson from the field was something someone told me years ago for when you’re trying to solve problems or work with developers. Ask yourself, “What are 3 possible solutions to anything you are doing?” Having options ready helps you think things through, so you can evaluate multiple possible solutions to determine which one is the most viable for your situation and resources. Options are key.

If you’re interested in a job at Webroot, check out our careers page, www.webroot.com/careers.

The STEM Pipeline: What Can You Do?

Reading Time: ~2 min.

Take Our Daughters And Sons To Work Day is today, and while your initial reaction may be to make a note to call in sick that day (heck, that was my gut instinct), resist the urge.

It’s one day that is a great reminder for the entire year. We all need to do more to fill the pipeline for STEM careers. That’s Science, Technology, Engineering, and Mathematics.

You may be asking, what do you mean by “do more”? You may not work in tech yourself or perhaps your kids aren’t interested in science, or maybe you don’t even have kids.

That’s no excuse.

According to the Pew Research Center, employment in STEM occupations has grown 79 percent since 1990, from 9.7 million to 17.3 million, outpacing overall U.S. job growth. And companies are feeling the pinch. ESG Research conducted a study that found 51 percent of respondents were dealing with a skills shortage. They simply can’t find the talent to fill the roles.

That’s where it gets concerning for everyone, whether they are a parent, a business owner, or a techie. We need bodies to fill the technical roles of today, let alone the future.

Now that I have your attention, here is some advice for what you can do to help create the STEM leaders of tomorrow.

  1. Realize not everyone is going to want to be an engineer. And that’s okay. You need marketing people, communicators, project managers that like working in the field and can bridge the gap with their soft skills between the true data heads and the rest of the world.
  2. I’m not pushing for a PhD. There are many paths to a technical career that don’t start with a four-year college degree. But they all do start with curiosity. I know many cybersecurity professionals who came to the field with a networking certification or other technical program background and even more that were self-taught. They watched a lot of YouTube videos, read a lot of blogs, and took apart their computers. There also is a lot of opportunity for those in the military who were trained to handle various programming tasks. Encourage people from all walks of life and backgrounds to tap into STEM fields.
  3. Take your kids (or the neighbor’s kids) to work with you. Really. Even if you don’t work in tech, try to show the kids what you do every day, then ask if someone in your IT department can chat with them too.
  4. You didn’t think I’d get through this without mentioning LEGOS, did you? LEGOS are the ultimate toy for sparking interest in STEM fields. Once kids graduate from basic blocks, there are many options like the BOOST line. They have a robot you can build and control via a mobile app. Enough said.
  5. Snap Circuits. Another awesome toy that makes building electronics fun.
  6. Programming can be for all ages. Prime younger kids to program with fun tools, like Scratch, Blockly, and Alice. You might even learn something!

This is a small list of ideas. I know there are many more out there. But I challenge everyone to think about what they can do to help create the next generation of STEM professionals. I know Webroot is participating in Take Your Sons and Daughters to Work Day this year and I look forward to chatting with the participants about what I do each day to make the internet a little bit safer.

Webroot Culture: Q&A with Systems Administrator Ann Roberts

Reading Time: ~3 min.

Before chatting with Ann Roberts, systems administrator at Webroot, I had a pretty narrow view of what her role in the IT department required on a day-to-day basis. As it turns out, a systems administrator must wear many hats and support multiple areas of the business. Read on to learn more about this tech career path.

Webroot: Ann, tell me a bit about yourself.

Ann Roberts: I grew up in Boulder, went to the University of Colorado at Denver, and graduated with a degree in music business. I moved to New York and ended up working in the IT department at Carnegie Hall. I missed Colorado, so I moved back to Boulder after having my first child. I freelanced for a while, worked at a now defunct startup for a while, and then began my role at Webroot. I currently live in Lafayette, Colorado, with my husband, our two kids, and our dog, Max.

Carnegie Hall, that sounds amazing. Was this your entry into tech?

Yes, but by accident! I started as the assistant in the IT department at Carnegie, but there was only one technician, and I enjoyed filling in the gaps when he wasn’t around. We were a two-person team, which meant that I ended up learning a lot more than I expected, and discovered that I had an aptitude for understanding tech and systems. The rest is history!

What do you do at Webroot?

I am a systems administrator. I am responsible for the care and feeding of the systems that make up Webroot’s corporate infrastructure.

Take us through a ‘day in the life’ of a systems administrator.

It is different from day to day, but it all starts with a big cup of coffee. First thing in the morning, I check email to see if anything has gone haywire overnight. Next, I take care of any urgent requests that need attention. After that, I work on projects as time allows. One project I’ve done quite a bit of work with is with our vRealize Automation environment (Partly Cloudy, as we call it). This system allows people to create their own virtual machines on demand. It has proven especially useful for the quality assurance engineers, because it gives them a disposable platform on which to do their product testing. It has also been interesting to have a window into their role in the company.

Have you seen anything surprising or an unexpected in your field?

My previous company was the sort of environment where every time there was a technical problem, everyone flew into a grouchy panic. After the problem was resolved, inevitably there would be a rush to place blame on someone or something. The result was an environment that made you afraid of messing up. It was a great surprise after starting work at Webroot to find that when problems happen, as they do everywhere, everyone takes it in stride and works together to find solutions.

What has been your biggest challenge working in tech?

Because I found my profession by accident, I have not done any “formal” training. For much of my career, I’ve relied on what I’ve gleaned from coworkers, Google, and trial and error.

What is your biggest takeaway or lesson learned from working in the field?

Don’t panic! Keep a level head and you’ll figure it out.

Love that advice. What about students in your field, any guidance to share?

Get as much real-life experience as you can. There is only so much that can be learned by reading about a subject. The whole point of this job is to expect the unexpected, and the unexpected is what you encounter on the job.

What about professionals looking to get into tech?

If you find a subject you’re interested in, then just find a way to be around it. Take a class on it, do research on it, or set up the environment and play around with it.

What’s it like to work for Webroot?

Webroot is a fun company to work for. There is a strong emphasis on work/life balance, which is important to me.

Thanks, Ann. I think your great attitude on tackling challenges must be a great asset in your line of work.

If you’re interested in a career like Ann’s, check out our careers page at www.webroot.com/careers. You may be particularly interested in our openings for a QA Engineer.

Q&A with QA Engineer Sopall Ngim

Reading Time: ~4 min.

When I started prepping for this interview, I wasn’t entirely sure what a quality assurance (QA) engineer did on a day-to-day basis. However, in a world where STEM (Science Technology Engineering and Mathematics) has become the buzzword du jour, I knew this important technical role was something more and more companies will need in the future. To get more insight, I sat down with Webroot QA Engineer Sopall Ngim to talk about the importance of a quality assurance engineer in a cybersecurity organization.

Webroot: Hi, Sopall. Let’s start by talking a bit about yourself and your role at Webroot.

Sopall Ngim: I started my career in medical device research and development, and then a former co-worker convinced me to change careers and become a QA engineer. I have been working in the software testing field ever since. What I like about testing is that it gives me the opportunity to work with the whole product/system (end-to-end) instead of specific components within the system. That is, figuring out whether or not it will work in a customers’ environment. Because most of the time, we don’t have all the customers’ specific conditions and environments, test engineers need to take a thinking-outside-the-box approach to figure out what needs to be tested and how. Also, because testing the system in every customer’s environment and condition is not realistic, I like the challenge of designing tests that require the least amount of effects, but get the most test coverage.

Sounds like you are a bit of a puzzle solver at work. Going back further, how did you get interested in tech in the first place?

My interest in science and technology came about when I visited the Boeing 747 assembly plant in Everett Washington at 19, seeing machines move different sections of the airplane together into precise locations so that they could be joined got me curious about how the system was controlled, and how it worked.

I must admit, Sopall, I’m not sure what you do! What is QA?

The Software Quality Assurance/Testing role works as part of the product delivery team to ensure the release software meets end users’ expectations. We ensure that the software will work in the customers’ environments and help them with their daily tasks. As part of the product delivery team, a test engineer is responsible for designing tests that will fully validate the functionalities of the software being tested, then running those tests.

Take us through a day in the life.

As part of a product delivery, QA Engineers work with their internal team members to:

  • Review user stories and requirements to ensure they are well understood by everyone on the team
  • Attend design discussion and review
  • Design and develop tests to verify the functions and features included in the release
  • Perform tests and develop automation test scripts
  • Communicate any defects found during testing to the team, and see that they get resolved in a timely manner
  • Communicate test statuses to the team
Have you ever found any surprising— or unexpected but awesome—outcomes while testing?

No one specific situation that sticks out, but one thing I learned throughout my career is that software should be developed to solve customers’ problems or to help them become more efficient in their daily tasks. End users won’t buy software just because it uses new technology or has a flashy Graphical User Interface (GUI).

What’s the biggest lesson you’ve learned from working in the field?

Merely gaining a solid understanding of the technologies used to develop a product is not enough to become a good test engineer. To become a good software test engineer, one needs to have solid domain expertise in the business of software development, and a solid understanding of how customers will use the software or service.

Any advice to students in your field?

To become an effective test engineer in a client-server application system, you need to have a solid understanding of network communication across the internet, as well as an in-depth knowledge of the relational database. Also, with today’s competitive market, a fast go-to-market timeline is very important. Companies want to release products frequently, which means test automation becomes increasingly important. Instead of trying to learn every existing programming language, pick one and become an expert in it.

Great advice. Seems we all need to be an expert in some aspect of our field these days. Switching gears, tell us about working for Webroot?

Prior to joining Webroot, I worked for several other companies ranging from a startup to a well-established company. When searching for new job opportunity, I always try to look for a company that:

  • Develops products or services that help make people’s daily lives better
  • Values everyone’s input and contribution
  • Provides everyone with opportunities to learn new skill sets
  • Encourages employees to balance their work and life

Webroot has all of the above. Testing is not an afterthought like in most companies. Test engineers are part of the process from start to completion. We’re involved with designing and releasing decisions. Every team contributes to the approach and has a say in how to implement the feature being worked on.

Wonderful advice for anyone looking for a career, not just a job. Thanks, Sopall!

Are you interested in a career like Sopall’s? Check out our careers page at www.webroot.com/careers. You may be particularly interested in our openings for DevOps, Quality Engineer or Sr. Software Engineer, Windows in San Diego, or our open DevOps, Quality Engineer position in Broomfield, CO.

Q&A with Reverse Malware Engineer Eric Klonowski

Reading Time: ~4 min.

These days, it seems like you can’t turn on the TV or open a news site without reading some terrifying headline related to cybersecurity. And the numbers keep escalating. Yahoo’s breaches impacted 1 billion user accounts. Chipotle’s security incident affected more than 2,500 stores in 48 states. We know what cybercriminals are doing; they’re stealing credentials and laughing all the way to the bitcoin bank. So what are we, the good guys, doing to get ahead of criminals?

That’s where today’s interviewee, Eric Klonowski, comes into play. Eric is a senior advanced threat research analyst, meaning he reverse-engineers malware, at Webroot. He has to think like a hacker to figure out how the bad guys manipulate benign software by literally taking apart, or “unpacking” malware.


Webroot: Let’s start with the basics, Eric. Tell me a bit about yourself?

Eric Klonowski: Growing up, I was a nerd. I liked to take things apart and figure out how they work. At six or seven, I would take apart landline phones just to see what was inside.

This was my start as a reverse engineer. Even now, I like to disassemble random software to see what makes it tick.

On any given day, 90 percent of what I think about is related to security, malware, computer science, and engineering. It’s my passion. Perhaps I need to get outside more, but generally, security is what I think about.

I’m not surprised by your “focus” on the industry. I think your field requires that level of passion and commitment. Besides, nerds are cool nowadays, thanks to the Mark Zuckerbergs of the world. How did you make the leap from deconstructing phones to reverse engineering?

Probably not a shocker to anyone who has read this far, but I was a mischievous child. I remember going on a family trip when as a kid, and I spent the entire time on my laptop following Russian tutorials on how to crack software. I loved that complex software protections could be reduced to a simple byte.

I kept teaching myself from there, and that naturally evolved to looking at more in-depth, sophisticated software. Malware is particularly interesting to me because it is level 10 difficult as far as puzzles go. A malware author’s entire goal is to fool reverse engineers like me.

The problems I face are not traditional computer science problems that are covered in textbooks. They tend to be non-traditional, and without getting too far into the weeds, they are unique problems you won’t find at other organizations.

So how did you hear about Webroot?

I was perusing an online job search site and got an ad. Being a malware-oriented techie, I was aware of Webroot.

At the time, I was working as a government contractor, and I was interested in getting into the commercial world—something that doesn’t require clearance.

I don’t know, that sounds pretty cool!

It was an awesome opportunity. I started as an intern, which is key for getting your foot in the door anywhere, and it soon turned into a full-time job. But I wanted to be able to discuss my work and be more involved in the threat community.

That makes sense. What does a day in the life look like for you?

The majority of the time, I’m really excited to come into work. I know there are interesting problems waiting for me to dissect. The problems I face are not traditional computer science problems that are covered in textbooks. They tend to be non-traditional, and without getting too far into the weeds, they are unique problems you won’t find at other organizations. They aren’t algorithm or mathematically driven, but related to questions like, “how can I manipulate the nature of the software already running on the system?”

I also interface with almost every engineering team and multiple departments. It gets me out of my shell.

What lessons have you learned from working for a few years?

Absolutely everyone has something to offer. In school, we tend to segregate into specific engineering groups and form bias. Even working with people like you (public relations career shout out!), there tends to be a distancing at first because you don’t understand each other’s roles.

But we all have something to offer, and we are all good at what we do. I have something to learn from everyone at this organization.

That’s a great life lesson, Eric. Switching the focus to students, any advice for hopefuls in your field?

This is the kind of job where you need to be passionate about figuring out how things work. You may want to do something good for the world, and this is one way to do that. But if you’re the kind of person who walks by the puzzle store at the mall and thinks, “those look cool, I wonder how they work,” this is the kind of job you would find interesting.

Full disclosure: this is not just a 9-to-5 job. I find myself thinking about these problems all the time.

What about professionals looking to get into reverse engineering? There have been a lot of conversations around re-training traditional IT staff to fill the many cyber roles available.

I think people who have a solid network or security background could make the transition, if they are passionate enough about the field to teach themselves. This isn’t something you will pick up by shadowing a co-worker for a few days or reading a single book. You need to roll up your sleeves and dig into online forums, webinars, courses, and you need the drive to keep learning.

That’s the truth! It reminds me of my favorite quote from Mahatma Gandhi, “Live as if you were to die tomorrow. Learn as if you were to live forever.” Thanks for taking the time to chat, Eric.

If you’re interested in a job at Webroot, check out our careers page, www.webroot.com/careers.

Intern Q&A with Software Engineer Clarence Tan

Reading Time: ~3 min.

A computer is only as good as the information that feeds it. This belief nourishes the computer programming and engineering field, encouraging scores of youth to dive into the relatively nascent field–software programming and engineering have only been a widespread occupation since the 1980s.  It’s no wonder there is an explosion of jobs in the field as new technology such as cloud, Big Data, and mobile are embraced. According to SC Magazine, the Bureau of Labor Statistics reported that in February 2017 there was a net increase of 13,000 information technology jobs.

So what is the next generation doing to prepare for this exciting field? They’re seeking out internships.

This semester, Webroot was lucky enough to have 8 interns. I sat down with Clarence Tan, a senior at the University of California, San Diego studying computer science, to get a snapshot into the mind of the next generation of computer greats.


Webroot: Tell me a bit about yourself?

Clarence Tan: I’m a 4th year studying Computer Science at UCSD. For me, I really enjoy software development, because I appreciate problem-solving and building things in general. Outside of coding, some of my interests include watching sports, playing board/video games, and traveling.

Those hobbies sound like a checklist for a lot of the technical folks around here! Besides the obvious overlap of interests, how did you learn about the Webroot internship?

I learned about the Webroot internship through UCSD’s job page (PortTriton). My university has great connections with area businesses like Webroot.

What was enticing about an internship at Webroot?

For me, I wanted to gain more industry experience and further my knowledge in software development to become a better engineer. While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.

Wise words, Clarence. There is nothing like “real-world” experience. Take us through a day in the life for you in our San Diego office?

As a software intern, the majority of my time is spent coding, doing research, and having technical discussions regarding the features I am working on. Outside of that, I have scrum meetings every other day, bi-weekly engineering meetings, and one-on-one meetings with Tom Caldwell, my manager. Otherwise, I have a few larger group meetings addressing more general Webroot or office business.

It sounds like you get to be in the weeds on projects. Knowing what you do now, what is your biggest takeaway or lesson learned from this semester?

I think one of the biggest takeaways for me is time management. Since I am still in college, I have to balance my coursework with my internship and other school activities. It was definitely a challenge for me initially, but I feel I’ve learned a lot through this experience and worked through how to balance it all.

While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.

If it’s any consolation, I also struggle with time management and balance. There is always one more thing to do! What advice can you share with students in your field?

I’d recommend doing side projects or pursuing an internship. As I mentioned earlier, I feel I’ve grown the most as a developer by applying the knowledge and theory I learned in school to real-world situations. It has allowed me to understand technology better through the application of it. Also, I’d recommend students pursue a part of software development that interests them in particular, which can range from full-stack to DevOps to mobile. These are all very different, but equally important, aspects of development and I believe it is important to do what you enjoy.

Solid advice, Clarence! Now on the flipside, any advice for Webroot?

Continue to rock on with those great snacks.

Thanks, Clarence. I appreciate you taking the time to chat.


If you’re interested in an internship at Webroot, check out our careers page, www.webroot.com/careers.

A glimpse into Webroot’s International Women’s Day

Reading Time: ~2 min.

In honor of International Women’s Day, we hosted our quarterly Women of Webroot meeting this afternoon at our World Headquarters in Broomfield. Women of Webroot brings together women from all parts of our business to celebrate wins and provide support for issues women in tech may face.

Although there are more women in technology-related positions now than in previous years, the tech industry is still largely male dominated. This divide underscores the importance of a sense of workplace community and support, as well as a place where your voice will always be heard.

Empowering others to speak up.

Attendees shared different stories of inappropriate or uncomfortable situations they’ve faced in the workplace and their strategies for addressing them. The truth is that speaking up about inappropriate comments or behavior can be just as uncomfortable as experiencing them in the first place.

Here are some of the approaches we heard today.

  • The straightforward approach: “It’s not okay for you to speak to me that way.”
  • Taking a moment to step away from the situation before responding
  • Scheduling time with someone individually to address the comment
  • Giving someone perspective on what they’ve said by saying it back to them
  • Focusing on the facts
  • Encouraging and empowering others to speak up as well
  • Asking direct questions to get to the heart of the matter, and give yourself time to collect your thoughts
Own your voice.

All in all, some great suggestions came out of our time together. Hearing how my teammates have been successful in addressing challenging situations was inspiring. The important thing is to find your voice and find the approach that is most comfortable for you. Although these can be awkward conversations to have, it is only by raising our voices, drawing attention, and being heard that we can build awareness within our teams, our networks, and ourselves. To achieve and maintain an open culture, we each have to take an active role. We are fortunate to have such a strong internal network that we can turn to for strength, and look forward to its continued growth.