#LifeAtWebroot

Simplified Two-factor Authentication for Webroot

Webroot has evolved its secure login offering from a secondary security code to a full two-factor authentication (2FA) solution for both business and home users. Webroot’s 2FA has expanded in two areas. We have: Implemented a time-based, one-time password (TOTP)...

Shoring Up Your Network and Security Policies: Least Privilege Models

Why do so many businesses allow unfettered access to their networks? You’d be shocked by how often it happens. The truth is: your employees don’t need unrestricted access to all parts of our business. This is why the Principle of Least Privilege (POLP) is one of the...

Online Gaming Risks and Kids: What to Know and How to Protect Them

Online games aren’t new. Consumers have been playing them since as early as 1960. However, the market is evolving—games that used to require the computing power of dedicated desktops can now be powered by smartphones, and online gaming participation has skyrocketed....

Thoughtful Design in the Age of Cybersecurity AI

AI and machine learning offer tremendous promise for humanity in terms of helping us make sense of Big Data. But, while the processing power of these tools is integral for understanding trends and predicting threats, it’s not sufficient on its own. Thoughtful design...

A Cybersecurity Guide for Digital Nomads

Technology has unlocked a new type of worker, unlike any we have seen before—the digital nomad. Digital nomads are people who use technologies like WiFi, smart devices, and cloud-based applications to work from wherever they please. For some digital nomads, this means...

Q&A with Reverse Malware Engineer Eric Klonowski

Reading Time: ~ 4 min.

These days, it seems like you can’t turn on the TV or open a news site without reading some terrifying headline related to cybersecurity. And the numbers keep escalating. Yahoo’s breaches impacted 1 billion user accounts. Chipotle’s security incident affected more than 2,500 stores in 48 states. We know what cybercriminals are doing; they’re stealing credentials and laughing all the way to the bitcoin bank. So what are we, the good guys, doing to get ahead of criminals?

That’s where today’s interviewee, Eric Klonowski, comes into play. Eric is a senior advanced threat research analyst, meaning he reverse-engineers malware, at Webroot. He has to think like a hacker to figure out how the bad guys manipulate benign software by literally taking apart, or “unpacking” malware.


Webroot: Let’s start with the basics, Eric. Tell me a bit about yourself?

Eric Klonowski: Growing up, I was a nerd. I liked to take things apart and figure out how they work. At six or seven, I would take apart landline phones just to see what was inside.

This was my start as a reverse engineer. Even now, I like to disassemble random software to see what makes it tick.

On any given day, 90 percent of what I think about is related to security, malware, computer science, and engineering. It’s my passion. Perhaps I need to get outside more, but generally, security is what I think about.

I’m not surprised by your “focus” on the industry. I think your field requires that level of passion and commitment. Besides, nerds are cool nowadays, thanks to the Mark Zuckerbergs of the world. How did you make the leap from deconstructing phones to reverse engineering?

Probably not a shocker to anyone who has read this far, but I was a mischievous child. I remember going on a family trip when as a kid, and I spent the entire time on my laptop following Russian tutorials on how to crack software. I loved that complex software protections could be reduced to a simple byte.

I kept teaching myself from there, and that naturally evolved to looking at more in-depth, sophisticated software. Malware is particularly interesting to me because it is level 10 difficult as far as puzzles go. A malware author’s entire goal is to fool reverse engineers like me.

The problems I face are not traditional computer science problems that are covered in textbooks. They tend to be non-traditional, and without getting too far into the weeds, they are unique problems you won’t find at other organizations.

So how did you hear about Webroot?

I was perusing an online job search site and got an ad. Being a malware-oriented techie, I was aware of Webroot.

At the time, I was working as a government contractor, and I was interested in getting into the commercial world—something that doesn’t require clearance.

I don’t know, that sounds pretty cool!

It was an awesome opportunity. I started as an intern, which is key for getting your foot in the door anywhere, and it soon turned into a full-time job. But I wanted to be able to discuss my work and be more involved in the threat community.

That makes sense. What does a day in the life look like for you?

The majority of the time, I’m really excited to come into work. I know there are interesting problems waiting for me to dissect. The problems I face are not traditional computer science problems that are covered in textbooks. They tend to be non-traditional, and without getting too far into the weeds, they are unique problems you won’t find at other organizations. They aren’t algorithm or mathematically driven, but related to questions like, “how can I manipulate the nature of the software already running on the system?”

I also interface with almost every engineering team and multiple departments. It gets me out of my shell.

What lessons have you learned from working for a few years?

Absolutely everyone has something to offer. In school, we tend to segregate into specific engineering groups and form bias. Even working with people like you (public relations career shout out!), there tends to be a distancing at first because you don’t understand each other’s roles.

But we all have something to offer, and we are all good at what we do. I have something to learn from everyone at this organization.

That’s a great life lesson, Eric. Switching the focus to students, any advice for hopefuls in your field?

This is the kind of job where you need to be passionate about figuring out how things work. You may want to do something good for the world, and this is one way to do that. But if you’re the kind of person who walks by the puzzle store at the mall and thinks, “those look cool, I wonder how they work,” this is the kind of job you would find interesting.

Full disclosure: this is not just a 9-to-5 job. I find myself thinking about these problems all the time.

What about professionals looking to get into reverse engineering? There have been a lot of conversations around re-training traditional IT staff to fill the many cyber roles available.

I think people who have a solid network or security background could make the transition, if they are passionate enough about the field to teach themselves. This isn’t something you will pick up by shadowing a co-worker for a few days or reading a single book. You need to roll up your sleeves and dig into online forums, webinars, courses, and you need the drive to keep learning.

That’s the truth! It reminds me of my favorite quote from Mahatma Gandhi, “Live as if you were to die tomorrow. Learn as if you were to live forever.” Thanks for taking the time to chat, Eric.

If you’re interested in a job at Webroot, check out our careers page, www.webroot.com/careers.

Intern Q&A with Software Engineer Clarence Tan

Reading Time: ~ 3 min.

A computer is only as good as the information that feeds it. This belief nourishes the computer programming and engineering field, encouraging scores of youth to dive into the relatively nascent field–software programming and engineering have only been a widespread occupation since the 1980s.  It’s no wonder there is an explosion of jobs in the field as new technology such as cloud, Big Data, and mobile are embraced. According to SC Magazine, the Bureau of Labor Statistics reported that in February 2017 there was a net increase of 13,000 information technology jobs.

So what is the next generation doing to prepare for this exciting field? They’re seeking out internships.

This semester, Webroot was lucky enough to have 8 interns. I sat down with Clarence Tan, a senior at the University of California, San Diego studying computer science, to get a snapshot into the mind of the next generation of computer greats.


Webroot: Tell me a bit about yourself?

Clarence Tan: I’m a 4th year studying Computer Science at UCSD. For me, I really enjoy software development, because I appreciate problem-solving and building things in general. Outside of coding, some of my interests include watching sports, playing board/video games, and traveling.

Those hobbies sound like a checklist for a lot of the technical folks around here! Besides the obvious overlap of interests, how did you learn about the Webroot internship?

I learned about the Webroot internship through UCSD’s job page (PortTriton). My university has great connections with area businesses like Webroot.

What was enticing about an internship at Webroot?

For me, I wanted to gain more industry experience and further my knowledge in software development to become a better engineer. While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.

Wise words, Clarence. There is nothing like “real-world” experience. Take us through a day in the life for you in our San Diego office?

As a software intern, the majority of my time is spent coding, doing research, and having technical discussions regarding the features I am working on. Outside of that, I have scrum meetings every other day, bi-weekly engineering meetings, and one-on-one meetings with Tom Caldwell, my manager. Otherwise, I have a few larger group meetings addressing more general Webroot or office business.

It sounds like you get to be in the weeds on projects. Knowing what you do now, what is your biggest takeaway or lesson learned from this semester?

I think one of the biggest takeaways for me is time management. Since I am still in college, I have to balance my coursework with my internship and other school activities. It was definitely a challenge for me initially, but I feel I’ve learned a lot through this experience and worked through how to balance it all.

While I do learn a lot of interesting things at school, I feel I have grown the most through my experiences as an intern.

If it’s any consolation, I also struggle with time management and balance. There is always one more thing to do! What advice can you share with students in your field?

I’d recommend doing side projects or pursuing an internship. As I mentioned earlier, I feel I’ve grown the most as a developer by applying the knowledge and theory I learned in school to real-world situations. It has allowed me to understand technology better through the application of it. Also, I’d recommend students pursue a part of software development that interests them in particular, which can range from full-stack to DevOps to mobile. These are all very different, but equally important, aspects of development and I believe it is important to do what you enjoy.

Solid advice, Clarence! Now on the flipside, any advice for Webroot?

Continue to rock on with those great snacks.

Thanks, Clarence. I appreciate you taking the time to chat.


If you’re interested in an internship at Webroot, check out our careers page, www.webroot.com/careers.

A glimpse into Webroot’s International Women’s Day

Reading Time: ~ 2 min.

In honor of International Women’s Day, we hosted our quarterly Women of Webroot meeting this afternoon at our World Headquarters in Broomfield. Women of Webroot brings together women from all parts of our business to celebrate wins and provide support for issues women in tech may face.

Although there are more women in technology-related positions now than in previous years, the tech industry is still largely male dominated. This divide underscores the importance of a sense of workplace community and support, as well as a place where your voice will always be heard.

Empowering others to speak up.

Attendees shared different stories of inappropriate or uncomfortable situations they’ve faced in the workplace and their strategies for addressing them. The truth is that speaking up about inappropriate comments or behavior can be just as uncomfortable as experiencing them in the first place.

Here are some of the approaches we heard today.

  • The straightforward approach: “It’s not okay for you to speak to me that way.”
  • Taking a moment to step away from the situation before responding
  • Scheduling time with someone individually to address the comment
  • Giving someone perspective on what they’ve said by saying it back to them
  • Focusing on the facts
  • Encouraging and empowering others to speak up as well
  • Asking direct questions to get to the heart of the matter, and give yourself time to collect your thoughts
Own your voice.

All in all, some great suggestions came out of our time together. Hearing how my teammates have been successful in addressing challenging situations was inspiring. The important thing is to find your voice and find the approach that is most comfortable for you. Although these can be awkward conversations to have, it is only by raising our voices, drawing attention, and being heard that we can build awareness within our teams, our networks, and ourselves. To achieve and maintain an open culture, we each have to take an active role. We are fortunate to have such a strong internal network that we can turn to for strength, and look forward to its continued growth.