Security Analyst Shivam Kapoor shares his internship journey at Riscure. Since he joined in 2021 as a Security Analyst Intern, Shivam has now become a full-time Security Analyst at Riscure. Read on to find out why he chose Riscure for his master’s internship assignment, things he worked on, and what the working culture at Riscure is like.
Which study did you follow?
I pursued a joint master’s degree in computer science at both Universiteit Van Amsterdam and Vrije Universiteit Amsterdam, specialising in System’s Security. My studies covered various aspects of systems security, including software hardening, exploitation, binary analysis, micro-architectural attacks, software testing, side channels, and reverse engineering.
What is/was the topic of your research?
My master’s research focused on comparing different levels of simulated fault injection techniques. This involved comparing instruction-level bit faulting, RTL faulting, and Netlist faulting on a RISC-V core with a highly exhaustive testbench that spawned over all possible instructions that the core can handle. This research aimed at determining which technique would be preferable and in which contexts.
This research was particularly important for Riscure’s growing involvement in pre-silicon research. It enabled us to make well-informed decisions tailored to the specific context at hand, resulting in savings on time and power while enhancing fault accuracy (depending on the specific faults required). Furthermore, it offered valuable insights into overlapping faults among all three techniques, while also identifying instances where they didn’t overlap. In such cases, we explored why certain faults were exclusive to one technique, what the faults specifically targeted in the core, and how fault injection could generate such behaviour in one level and not in another.
How did Riscure support you in carrying out the research?
I became acquainted with Riscure through one of the PhD students from VUSec Security Group who used to be part of the Riscure team. Riscure is renowned as a leading security lab specializing in Fault Injection, Side-Channel Attacks, Hardware evaluation, and various other domains. Given their great reputation, I had no hesitation in selecting Riscure for guidance on my chosen research topic, and I can confidently say that my expectations were met and exceeded. The atmosphere at Riscure was highly conducive to research, with a pleasant and collaborative environment. The people were not only welcoming but also highly knowledgeable and supportive. Riscure made every effort to ensure that I felt comfortable and encouraged in my research endeavors.
What is your impression of the Riscure team and culture?
Riscure has a flat organizational structure, which makes it incredibly easy to connect and learn from everyone, from junior employees to principals. It’s a vibrant environment where research is held in high regard alongside project work. And when it’s time to take a break, our office offers a plethora of outlets for relaxation, including XBOX, Table Tennis, Football, an Arcade Machine, and more. It’s especially exciting for interns like I was, who get to enjoy these amenities without the heavy workload of major evaluation projects. It’s simply awesome!
What is the most memorable thing about working at Riscure?
The most memorable thing about Riscure was undoubtedly the weekly student meetings. These meetings provided a fantastic opportunity to share my progress with fellow interns and, at the same time, learn about their research topic as well. It was a great experience to have principal security analysts breaking down complex topics into simple, understandable details.
Another remarkable part of my experience was the hospitality provided by the Innovation Hub which was responsible for managing internships. They went above and beyond to take care of us, even recognizing our good performance with monthly rewards.
Who should consider doing an internship at Riscure?
At Riscure, we specialize primarily in hardware attacks including Fault Injection (FI) and Side-Channel Analysis (SCA). It’s an ideal choice for interns who are eager to dive deep into complex security topics, such as Pre-silicon and Post-Quantum Cryptography. This opportunity is particularly exciting for master’s students, especially those enrolled in security-related degree programmes.
Riscure also offers other projects in various domains, including embedded systems, software development, reverse engineering, mobile security. Whether you are a bachelor’s or a master’s student, regardless of the specific topic you choose the internship experience at Riscure is rich with learning opportunities and a chance to be a part of a supportive research community.
What inspires you in your work?
As a VUSec alumni with a strong research background, I’m naturally drawn to the diverse domains available at Riscure, allowing me to switch topics between research areas whenever inspiration strikes.
Currently, I’m deeply engaged in testing various protocols and interfaces in the automotive domain. But beyond the specifics of my current research, what truly ignites my passion as a security analyst is the ever-evolving world of security challenges. It’s an exhilarating journey of unravelling new puzzles, defending against digital threats, and contributing to the ongoing mission of making the digital world safer for all. Whether it’s uncovering vulnerabilities, developing innovative solutions, or staying one step ahead of cybercriminals, the sense of purpose in my work is what inspires me to give my best every day.
Looking for an internship in the device security domain? At Riscure, we’re always on the lookout for new interns! Read more and apply here.