“Life at ForAllSecure” is a Q&A series dedicated to our growing company. For this month’s profile, we talked with Ivan Gotovchits, Analysis Engineer at ForAllSecure, who joined ForAllSecure in September and is based out of Pittsburgh, PA.
I am working on the symbolic executor, one of the secret sauces that makes Mayhem work. Not everyone knows what symbolic execution is, so let me try to explain it without going into too much detail.
Putting it in simple terms, symbolic execution is like adding a bit of science to the fuzzing process, so that instead of picking random inputs to test the programs, we pick inputs based on our understanding of the program that we analyze.
Or, if we embrace the lockpicking analogy, then symbolic execution leverages the knowledge of the inner mechanics of the lock itself to select the right set of lockpicks, instead of using brute force.
Before joining ForAllSecure, I spent eight years at Carnegie Mellon University as a Research Scientist, doing binary analysis. I worked on the Binary Analysis Platform (BAP), a software platform for analyzing programs. Actually, this is the software platform that is behind Mayhem and has been used by Mayhem for many, many years.
Before that, I spent 15 years or so developing mission-critical software for military radars and avionics. So if you fly, you are probably using software written by me.
I wake up, and I open my laptop, and I type code—all the things that I like to do. And I walk my dogs in between.
Well, you probably guessed it: The Mayhem Symbolic Executor. I like challenges, and it's about using intelligence to try to break or analyze programs. It’s such a hard and open problem that I’m pretty sure we will never solve it. And, probably, it's theoretically impossible to solve it. So, that makes me happy because I can enjoy it forever.
As I said, I like challenges. Sometimes, if the work becomes blunt and boring, I make up a challenge for myself. I’m like, what if I make this a little bit harder than it should be? Fortunately, we usually have enough challenges to keep me motivated.
ForAllSecure is employing so many cool, modern technologies, and I am really happy that I have the opportunity to play with them. I've been exposed to so many new technologies—cloudless structures and stuff I’ve never heard about or was never actually exposed to or got hands-on experience with before. And every time I'm with Thanassis and he shows me how I can debug things in Mayhem, I'm like, “Wow, it's so cool”.
It’s great! I wish we had more off-sites, which are especially important for the new hires. This is my first remote job, and I feel like there is a big difference between knowing someone in real life and through the chat window. It’s like you have a very different perspective of a person, and it was a shocking experience for me when I joined and I met everyone at our first offsite.
This is also my first time working at a startup. We’re at this stage of the company where everyone really cares. I don't feel that sense like I’m a separate entity from the company. I really see that people understand that if the company doesn’t succeed, they won’t succeed.
At my previous jobs, what I did would never affect the whole company. Probably my boss would be happy, but nothing like this. This is very different. It's like you have a very thin layer between yourself and the outer business world, and whatever you do might affect not only you but the existence of the company. So it's a little bit of a scary experience, but at the same time, it keeps you motivated.
I connect with both parts of the mission, as far as I understand it. The mission is to enable security and make security affordable—not in the sense of money—but in the sense of ease-of-use. I think that software security is extremely underestimated in the modern world, and we somehow ended up in a situation where we put security in the background, thinking it's a secondary issue. Now we're getting in trouble every day with all the hacking and scams, and this is all because we underestimate security’s importance.
Security is a difficult topic, because it's hard to explicitly say what it means for something to be secure. So, these are the questions that we're trying to answer. We're trying to make security for everyone, and make it usable, and make it a priority. I think our mission is encoded in the name of the company—security for all.
My advice is to be passionate! Everything else you can acquire, you can learn, you can become better. If you don’t have the skills, you can acquire them. But the only thing you can't learn is to be passionate, to want to work, to want to make things, to want to move the company forward. So passion is the only important thing that you need. Also, be kind, of course. If you're passionate but you're a jerk, you're probably no better off.
My husband and I have two dogs. We like traveling and hiking. Every weekend, we travel as far as possible. We also have an aquarium full of fish, which means we can’t travel for more than a week away from home. It's all about enjoying our dogs and entertaining them.
That baking powder and baking soda are different things. I learned that the hard way. So, if you're seeing baking powder, don't assume that baking soda is the same. Baking soda makes it inedible.
Thank you for subscribing!