Every week, Casey Cammilleri interviews an expert leading the charge on empowering security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity.

We recently spoke with Vladimir Tokarev, Senior Security Researcher at Microsoft. Here are the top takeaways from the interview.

#1: Let Curiosity Drive Discovery

“It's all based on your curiosity. What are you curious about, why [do] you want to learn, what [do] you want to understand how it works. And so for me, it was always about, ‘I got to get the next part of the puzzle. I got to understand how this works, how that works.’

“Plus I do really like the cyber security field. And so any blog I read, any news, any publication, [is] pretty interesting for me. And I'm always the dude that sends this stuff on the chat groups and says, ‘Hey, look at this. So cool, so cool they did that.’ And so it's all about curiosity and just [going] and understand[ing] what you don't understand. [...] It's about doing the work.

“You need to find the right questions for you, think about how [to] answer them and try to answer them and do it one after one and, do it, do it, do it, do it. [It’s a] lot of hard work and curiosity, I think it's the best recipe.”

Actionable Takeaway: Success in vulnerability research comes from following your curiosity and systematically working to understand complex systems. Stay updated with security research and actively explore areas that spark your interest.

#2: Balance Deep Work with Creative Breaks

“It's important to do creative stuff like maybe drawing a little bit, maybe reading books, or whatever works for you best.

“There are a lot of folks that I know that play a lot on the computer. I myself don't do much of that, but I do occasionally draw something or maybe read a lot of CFI books because, again, it's making my head not actually think about the problem, but somewhere in the back of my head, maybe some process [is] still running and processing the thing.”

Actionable Takeaway: Maintain research momentum by alternating between focused technical work and creative activities. This balance helps prevent burnout and can lead to new insights when returning to challenging problems.

#3: Learn from Public Vulnerabilities

“Stay updated. There [is] a lot of crazy research, and they’re being published day after day, hour after hour. And a cool thing that you can do, for instance, is pick up a new CVE that's been released without the POC, go over the series description, try to maybe understand like where should the CD be? Present in your head, if you would find it, where [it] would be located.

“[Then], maybe a few days later, a week later, when the POC will be released, try to understand [whether] it was close to what you thought. And always, always go to the POCs and see how they [are] doing that, what new stuff they bring to the table. I [learned a lot] from list exploits. And so if you can find a lot of exploits, you have tons of interesting things to learn from.”


Actionable Takeaway: Practice vulnerability analysis by studying new CVEs before POCs are released. This approach helps develop intuition about where vulnerabilities might exist and provides immediate feedback when comparing against released exploits.


Listen to full episodes out now

For more information about Ahead of the Breach, please visit www.sprocketsecurity.com/aob-podcast. Episodes are available on all major podcast platforms.

Apple

Spotify

YouTube

We look forward to bringing you more conversations with actionable insights that help in your pursuit to protect your most valuable assets — and help clients do the same!