Shaun Webb, who completed his MSc in Information Security at Surrey in 2019, is a Senior Cybersecurity Architect at global software company Citrix, and has won numerous awards for his work, which has included creating an automated source code analyser which ensures that sensitive data is kept out of source code.
What inspired you to study your MSc course at Surrey?
I’d been working in industry for about two years as a Software Engineer and I wanted to further extend my skillset to specialise in information security from an academic point of view. I chose Surrey for a variety of reason: the course content, the campus location and the fact that the course is GCHQ-certified all played a part in my decision.
What aspects of the course did you most enjoy and why?
Personally I enjoy technical subjects the most and my interests aligned well with modules like Secure Systems and Applications. However I learned the most from the two cryptography modules: Symmetric Cryptography and Asymmetric Cryptography.
What were the academic staff and facilities like?
The academic staff stood out as high-class experts in their field and the facilities are top quality. I liked that we had a dedicated Linux security lab and got hands-on experience of TPM (Trusted Platform Module), taught by Professor Liqun Chen, one of the inventors of Direct Anonymous Attestation – a cryptographic primitive.
What were the best things about life in general at Surrey?
I thoroughly enjoyed my time at Surrey. The campus is breath-taking and the library and Surrey Sports Park – where I spent most of my time – together provided me with the perfect combination of study and relaxation time. I joined the Japanese Society and even obtained the Global Graduate Award in Japanese, which came in handy when I lived in Tokyo for a while.
"Obtaining my MSc helped me gain both the skills and confidence to succeed in a senior role within information security."
What is your role now, and what does your day-to-day work involve?
I’m a Senior Cybersecurity Architect within the Security Research team at Citrix. My day-to-day activities can vary quite a bit. I have flexibility to create new tools or research new security methods to improve all aspects of our security landscape. I enjoy and specialise in code security, so naturally a lot of my work revolves around code and how systems interoperate together in a secure manner.
Could you tell us about the code analyser you’ve created, which arose out of your masters dissertation at Surrey?
Yes, my MSc project looked at advanced static analysis techniques including methods to validate the correctness of the findings. I created a working Proof of Concept, the main use for which was to ensure that sensitive data stays out of source code. Building directly on this knowledge, since starting at Citrix I’ve created an automated source code analyser which looks specifically for secrets in code (passwords, API tokens etc). This helps to bolster our security, covering our intellectual property, employees and a range of information assets. The new system aids Citrix’s Security Operations Center team and engineers, alerting them when potential security issues have been detected.
What have been some of your highlights since working at Citrix?
Well, I’m delighted that my work has been recognised with a number of awards including the SES (Shared Engineering Service) Excellence Award, and the Citrix Black Belt in Cybersecurity for the highest level achieved in an internal training programme. I was also nominated for a Citrix Rockstar Award after only four months with the company and have been recognised as a ‘Security Advocate’ multiple times.
Are the knowledge and experience you gained on your MSc course helping you in your current role?
Obtaining my MSc helped me gain both the skills and confidence to succeed in a senior role within information security, and I’m now lucky enough to work alongside very talented people from esteemed academic backgrounds.
What would you like to achieve in the future?
I hope to continue to improve my expertise within cybersecurity, and one day present at a Black Hat conference, contributing to making the world a better, more secure place to live and work.