Whether you’re an old-hand sysadmin or a young, starry-eyed junior dev, a good piece of advice can be worth more than gold. That’s why we asked a handful of the many tech wizards at Nord Security to share their best advice for getting started and getting ahead in their fields.
Jun 25, 2021 · 6 min read
Note: This post originally appeared on the Nord Security blog.
Nord Security oversees multiple cybersecurity products and services catering to millions of users world-wide. That means we’re home to a broad range of both generalized and highly specific tech experts. We hope that sharing some of their experience will help someone out there take their tech career to the next level.
These six Nord Security tech professionals from different fields all answered the same question:
“What technical advice do you have for someone getting started in your field? What did you wish you knew back then?”
WHAT: Kristupas is a software engineer at NordVPN. As a low-level programmer, he works primarily on technical solutions to networking problems. This means he often faces problems that cannot be Googled and may require novel solutions.
Kristupas’ answer: “The goal of a programmer isn't to write code, but to solve problems. Code is just a solution to the problem. Focus on the problem, and let the code reflect that problem. Code should be the simplest, leanest and most concise solution to the problem. When reading the code, it should be apparent what problem the code is attempting to solve. Whenever you write some code, ask yourself these questions:
A lot of the time you realize that there is a different, better approach to solving the problem, or maybe the problem is entirely different than what you thought it was in the beginning.
Speaking of problem-solving tools – If you don't know where to start programming, learn a low-level language first, such as C. Maybe even Assembly. You will quickly run up against the limitations of these low-level programming languages. You will realise that some solutions are very hard to build in-low level programming languages.
Once you encounter these limitations, higher-level programming languages will start making much more sense. When you switch to a higher-level programming language, you will have more context as to why those languages work the way they do. You will then also realize that some problems are harder to solve using high-level programming languages. For example, writing a production operating system is probably impossible using GC'ed languages such as Java or C#. Languages are just tools. There are good and there are bad tools for a specific job.”
WHAT: Marijus is the CTO at NordVPN. His job is to ensure that all of NordVPN’s technical projects and infrastructure run smoothly and that our products stay up to date with the latest technology. More than just a leader, Marijus is also a technical jack of all trades who joined NordVPN as a Linux Sysadmin before working his way up.
WHAT: “Maggie” works with online cybersecurity at NordVPN. As someone of critical importance to the cybersecurity of NordVPN’s online presence, we’ve decided to obscure her identity – Maggie is not her real name. From penetration testing and threat detection to vulnerability analysis, she is one of the key players in making sure Nord Security can deliver on its core promise of security.
Maggie’s answer: “It will be very different from programming, so prepare to change your mindset and learn even more technical stuff. You will no longer be creating systems, but rather trying to break them, which can be even harder. For development, you need to know specific technologies and programming languages, but for cybersecurity, that won't be enough. Participate in bug bounty programs. Find your knowledge gaps and fill them.
If you don't have a technical background, invest some time to learn technical skills. Everyone wants to start hacking, but it's not enough to know what vulnerabilities are out there. You need to understand how systems work. You will need to understand databases, web technologies, operating systems, networks, even programming. And the learning will be constant, so don't forget to keep up to date with cyber security news – follow security blogs, read bug bounty writeups, be a part of the security community. Most importantly, you need to have a passion for cybersecurity. All of the skills will eventually come with practice.
It's not always fun and it's harder than it might look like. It won’t look like the “Hackers” movie and it’s very different from CTF (capture the flag) challenges. You not only need to hunt for security holes in various systems, but also consult developers, review code for vulnerabilities, conduct training, and think of ways to improve security within the organization. Sometimes you don't find any vulnerabilities in weeks and that might feel frustrating. But you try, you fail and you try again harder.”
WHAT: Domas is a Linux app developer. He works on building and maintaining NordVPN’s Linux app and works primarily with Go, though, as you'll see, that's far from his only tool of choice.
Domas' answer: “If you think that a given language/technology is overengineered and/or terrible, it probably means one of two things:
Here's an example from my life. More than a year ago, I thought that Rust was an over-engineered language that was hyped up by people who wanted to use it for web dev, since a lot of the core team came from NPM and RoR ecosystems. I double-checked with my colleagues whose technical skills I looked up to and most (but not all) agreed. A few months later, we got new requirements from the infosec team and had to harden the binaries (PIE, RELRO, immediate binding). This is difficult to do in Go, cannot be fully implemented, and forces devs to interact with the C linker. We even have tests to make sure that new compilers don't break this, as we'd had issues in the past. But it turns out that this was a default behavior with Rust, so we never would have had this problem if we used it.
Another frustrating problem is data races. There were cases where debugging concurrency issues in Go took me almost a week and the fix ended up being a one-liner. Rust would have prevented this from happening by refusing to compile the code and telling me to fix my error.
In the end, the problem was not in Rust – I simply hadn't experienced enough pain with Go to understand and appreciate Rust's benefits. Also, you can be human again and not a compiler/linter/formatter :)”
WHAT: Algirdas leads the payment system developers at Nord Security. Their job is to integrate countless different national and international payment methods, as well as relatively novel anonymous payment systems like cryptocurrencies.
Algirdas’ answer: “For younger developers, I single out two essential parts. Don’t be afraid of challenging tasks because that makes you stronger every time. Test all your code by unit and integration test to prevent issues before they happen.
Try to become more than just a one-framework developer. Firstly, understand how everything works from scratch. Understand the essential parts and how everything is connected, learn all the best practices, and ask your mentors questions.”
WHAT: Šarūnas is an engineering manager at Nord Security. He manages a set of teams that work with critical business projects involving the checkout and user control panel processes. He’s responsible for ensuring engineering efficiency at all levels.
Šarūnas’ answer: Communicate clearly, listen without interrupting, ask the right questions and most importantly – keep an open mind.
Make sure that you not only have a strong technical foundation, but your soft skills, such as communication, teamwork, leadership, time planning, and problem solving are top-notch as well. It's also important you enjoy talking with a lot of people, as the role involves plenty of communication.
There is a misconception that an engineering manager’s position is part of the career ladder for developers. Although the role is technical in origin, it involves a lot of non-technical responsibilities that some developers might not enjoy doing. This is a career shift, not a promotion, so make sure you know where you're getting into.