Scorecarder Spotlight - Doina Cosovan, Senior Staff Threat Researcher

Scorecarder Spotlight

In honor of Cybersecurity Awareness Month, we’re launching “Scorecarder Spotlight,” to showcase our talented employees and the incredible work they do.?

Name: Doina Cosovan?

Job: Senior Staff Threat Researcher

Qualifications: Degree in Computer Science?

Tell us about yourself I was born in Moldova, and then moved to Romania for high school. I live in Romania now with my fiancé, Marius. We got engaged four years ago, but have been together for 14 years. Marius works in cloud security, so he’s not a professional photographer, but he loves taking photos and I’m one of his favorite (and frequent) subjects. In 2019, I went to Japan for a conference where I presented on behalf of SecurityScorecard. A couple of months before my trip, I started learning Japanese in order to honor the culture. It’s very different from the other languages I know, and it presents very interesting challenges for me, so I couldn't stop learning it even now.

Right now I’m learning how to play the piano, because I’m the least musically inclined person I know; but I want to improve on something I know I’m not great at. Learning a language and an instrument is challenging, but very entertaining. I also love to exercise in the mornings and read in the evenings. I just finished reading "Prisoners of Geography" by Tim Marshall and now I’m reading "Guns, Germs, and Steel" by Jared Diamond. I've embarked on a lifelong learning experience, which makes life challenging, interesting, and fun.?

How did you get into computer science?

I had taken a class in computer science and programming in high school, which I enjoyed, but wasn’t sure if it would be my career path. I enjoyed many of my classes, so it wasn’t until the last year of high school that I decided to pursue a career in computer science.?

What sparked your initial interest in cybersecurity?

I took some cybersecurity courses in college, which was my first exposure to the field. Some professors at my university worked at a malware protection company, and they saw my potential. So I was recruited to join that company and eventually got hired. It involved a lot of training, during which I got a great deal of hands-on experience analyzing malware. I also managed a sinkhole project while I was there. Around that time, SecurityScorecard was looking for someone with sinkhole experience, so that’s when I came on board here.?

?Life at SecurityScorecard?

I’ve worked at SecurityScorecard for 8.5 years now, and I love it. Most of the work I do consists of investigations and reverse-engineering malware. To that end, I present a lot of my findings at security conferences. I do a lot of sinkhole work, which involves redirecting malicious Internet traffic so that it can be captured and analyzed. I also collaborate with law enforcement agencies to help with their investigations.? My work is fun and interesting, and I’m constantly learning and discovering new things.?

Any advice for someone interested in cybersecurity?

I would say that cybersecurity is a vast domain and there are many varied subdomains that require different degrees of technical skills. For the more technical side, good knowledge of the inner workings of the operating systems, cryptography, networking, exploitation and reverse engineering is needed. For effective reverse engineering, understanding of both high-level and low-level programming languages is required as well as scripting languages for various automations. On the less technical side, of special importance are Indicators of Compromise, adversary tactics, techniques, and procedures (e.g Mitre Attack), and threat group dynamics.

Learn more about SecurityScorecard?