Employee Spotlight: One Minute with Ron Chittaro

A hands-on driver of innovation, Ron is helping Interset bring next-gen technology to the endpoint and beyond.

Interset is constantly pushing the envelope to develop next-generation technology that can help organizations better protect their critical data. At the forefront of this charge is Ron Chittaro, Endpoint Development and Threat Research Lead, who takes a hands-on approach to driving innovation at Interset, whether it involves architecture, design, implementation or development of new features or products. Ron also happens to be a critical steward in Interset’s endpoint analytics offering, which enables organizations to see important security clues that often hide inside of rich endpoint data.

Ron brings extensive cybersecurity product development experience to his role at Interset, previously serving as a development manager and software engineer for Trend Micro working on the development agentless IDS/IPS, firewall, and antivirus technologies. As a principal engineer at Packeteer/Blue Coat, he gained a deep understanding of networking and protocol vulnerabilities. Early in his career, he established a solid foundation in data security and identity management working on PKI technology at Entrust Technologies.

Ron received a B.Sc. in Computer Science from the University of Windsor.

Q: How did you come into this field of work?

While I was working on my degree, computer security was not a topic that was taught or even discussed. You had a user ID and a password—that was it. I completed an internship as a Unix System Administrator, where I learned how systems worked, talked to each other, and stored information. It was through this experience that I came to understand just how vulnerable data and communications were to theft, eavesdropping, or accidental exposure. Seriously—it didn’t take a great deal of technical know-how to generate an email to look like it came from someone else or learn how to parse the contents of someone’s inbox sitting on disk.

By the time I finished my degree, security was becoming more and more of a concern and companies were starting to form around this very purpose. I was working at Nortel, which Entrust had just spun out of. My interest and paranoia were in full swing at this time, so I applied for a position. A school project I had done using PKCS #12 (archive file format for storing cryptographic objects) was knowledge that earned me a foot in the door. Since then, I have always been in the industry.

Q: As a steward behind Interset’s endpoint analytics, what do you see as the biggest challenges associated with detecting threats at the endpoint? How can traditional endpoint security solutions on the market be supported to see more threats?  

The biggest challenge is the acceleration of the volume of threats and their sophistication. It is critical to alleviate alert fatigue in the security operations center (SOC) and address the limits of signature-based detection. Threats are increasing at a pace that has become too much for us to manage in real-time. This is true of practitioners in a SOC, who are looking for threats within a bigger and bigger sea of events from security information systems, as well as those doing research on known attacks in order to develop threat signatures and defense techniques. Keep in mind, this is in addition to threats from insiders and attacks that have never been seen before.

Machine learning is a valuable technology that can illuminate the threats a practitioner might otherwise miss and allow for quicker discernment of the threat by magnifying behaviors and events that should be investigated further. The latter point is important—nothing has 100% efficacy, so visibility across the entire threat vector (initial breach to exfiltration/action), limiting dwell time of a breach, and detecting malicious insider behavior isn’t something traditional solutions could cover.

Q: How do you expect endpoint security will change over the next decade?

The quantity and types of endpoints that we give network access to are increasing. We have desktops, laptops, phones, tablets, and IoT devices that control and monitor our physical environment, etc. The sophistication of adversaries has increased and will continue to do so. Gone are the days of “script kiddies”. The new reality is attackers are professionals and have access to advanced technology and sometimes state sponsorship. The increasingly complex attack landscape—coupled with motivated, purposeful, well-armed adversaries—produces an endpoint security environment that will need to be very nimble and quick to detect as the human analyst scalability challenge continues to get worse. Unsupervised machine learning will become a standard part of a complete endpoint protection and detection solution.

Q: What advice do you have for aspiring cybersecurity software engineers?

This is true of anything technology-related: be prepared for a lifelong education and to accept the fact that you will never know everything. Be humble and willing to learn from anyone at any level.

On the technology topic, first and foremost, get a good understanding of the basics. How clients and servers work, operating system architecture, network protocols, and the function of network components (routers, switches, firewalls, IDS/IPS etc.), security policies, etc.

Look for internships. One of my first internships was as a Unix System Administrator. This helped tremendously on many of the basics. An internship in a SOC will be incredibly valuable.

Understanding exploits is important. Follow groups, people, and sites that are focused on reverse-engineering known exploits and dig into the details.

This industry can be stressful. Staying on top of threats, reading, and researching to keep up is something that you should be passionate about. You need to love the stress of keeping up with the industry.

Rapid-fire Round

Q: Coffee or tea?
A: Tea. Caffeine and I broke up some time ago.

Q: Classical or hip-hop?
A: Classic. Huge respect for the talent of classical musicians. However, Rock and Blues from all eras dominant my playlists.

Q: Tropical beach or urban cityscape?
A: Tropical beach

Q: Electric toothbrush or regular toothbrush?
A: Electric

Q: Ice hockey or curling?
A: Ice hockey

Follow Ron on LinkedIn!