Securing networks

Marion Marschalek, 28, malware analyst, at her desk in Germany. (File photo, 10.08.2016  in Bochum.)

 

Bochum / DPA

Heavily tattoed and pierced, wearing harem trousers and a fitted top at work: to look at Marion Marschalek, you might guess she’s a drifter doing the South-East Asian youth hostels, not a star mind at one of Germany’s oldest cyber security firms.
The 28-year-old Austrian is in fact much in demand as a malware expert.
Ever since she and her colleagues discovered Babar, malware thought to have been designed by France’s spy agency, and was included on Forbes “30 Under 30” list of technology experts in Europe, she has been giving lectures on cyber security all over the world.
Uncovering the Babar spy malware wasn’t a huge challenge, says Marschalek.
She and her colleagues had clues from other cyber attacks. Some actual documents were leaked by Edward Snowden.
“There are cautious attackers und careless attackers,” says Marschalek, whose working day has something in common with the popular US drama about hackers, “Mr Robot.”
“The infrastructure is what’s decisive. They can be traced via host providers and domain names.”
Marschalek’s career was everything other than planned. For a long time she didn’t know what she would do after taking her high school diploma, and it was only out of contrariness that she had even attended a technology-oriented high school anyway. “My brother had said, because I was a girl I wouldn’t make it,” she says. So she enrolled.
Good employment prospects were what eventually attracted her to do a degree course in cyber security.
Afterwards she was taken on by a small Austrian company. “The first few years of my career were unspectacular,” she says.
She now works for a subsidiary of the huge cyber security firm G-Data, a pioneer in the field of anti-virus software. From its base in the western German city of Bochum, Marion Marschalek investigates malware that’s used for attacks and spying for their customers. It helps to detect and close vulnerabilities in security.
What opened doors for her was a “reverse engineering” competition for women.
Reverse engineering is the process of unravelling the code of a software (or unravelling any product) to see how it’s made up.
“Imagine you bought a car and took it to pieces to understand how it works,” explains Florian Kerber of the cyber security cluster at RWTH University of Aachen.
Marschalek uses a debugger, a secure programme that tests other programmes. It can take up malware, allow it to run and observe its behaviour close up, allowing investigators to see how exactly it wreaks damage.
“It’s like a weird kind of puzzle,” says Marschalek.
On the basis of her results, Marschalek can also warn police about malware. “You can recognize it’s ‘handwriting’,” she says.
But, she adds, it can be frustrating: “You may give the information to the police, but they can’t do anything because those responsible are in Thailand or somewhere.”
Though cyber espionage, sabotage and data theft are increasingly costing companies money, there’s a lack of people, especially women, who are able to do anything to combat these attacks. In Germany, of 35,000 people who start studying IT every year, only around 8,000 are women.
If the proportion of women could be increased, it would eliminate the shortage of skilled workers, says Juliana Petrich, a consultant at Germany digital association Bitcom.
And it would mean that Marschalek wouldn’t have to take part in any more conferences in which she and three other women are the only female participants.
“You do feel like an outsider,” she says. But rather than complain, Marschalek is doing something about it and offers her own IT workshops for women.

Marion Marschalek, 28, malware analyst, had herself tattoed with code relating to her first major project. (File photo, 10.08.2016  in Bochum.)

Leave a Reply

Send this to a friend