Anastasiia Voitova

Anastasiia Voitova: There is no valid ”It is secure” statement. Only ”It has not been broken yet”

Let`s talk today with Anastasiia Voitova, Security enthusiast & Product Engineer at Cossack Labs!

Anastasiia will have a very interesting talk at DevExperience about cryptography, but until then let`s get to know her a little better from this interview!

DevExperience: What did you want to become when you were a child?

I wanted to be a surgeon and cut people, hehe. Well, recently I took embedded development course and built small moving tentacle that holds scalpel :)
Will add some bluetooth controlled wheels -- and I'm close enough to my childhood plans :)

DevExperience: What is the story of your begining in this field? How did you start working in this industry?

My parents had a PC when I was a child, so I was always curious to get what's inside there :) I started coding in school (Pascal and HTML, heh), then go to the tech university to get six years full of Computer Science.
Add some paranoia -- and voila -- you got a data security specialist :)

DevExperience: What are the main mistakes that companies are making regarding data security?

Under-estimating risks, I think. We need to get things done fast. We live in design-driven world, where short iterations are bound to the functions visible to the user. In the world of constant MVP, security is outside that bare minimum we do to meet deadlines. It accumulates technical debt, which is a synonym for bugs and failures.

Security is hard; it is an engineering discipline, unlike familiar subjects we know. There is no valid ‘it is secure’ statement, instead we have just ‘it has not been broken yet’. Not a very reassuring, right?

DevExperience: How do you think that the IT industry would look like in 10 years?

Integrated brain chipsets, drones, VR everywhere, driver-less cars/trains, hologram-meetings.
I like the quote "The future is already here — it's just not very evenly distributed". I'm sure that some developers will still use PHP, hehe :)

DevExperience: What do you know about Iași and Romania? Dont Google it! :)

Hehe, a tricky question :) I were in Bucharest before, and I have some friends from Romania, but I know almost nothing about Iași. I know that the distance from Kyiv to Iași is smaller than from Kyiv to the Black see (but borders make even a short trip longer :( ).

DevExperience: What is your advice for a junior who wants to grow in this field?

Technologies come and go; it's impossible to know everything. But there are fundamental knowledge and skills (both 'hard' and 'soft'): algorithms and data structures, how Unix works and what are the internet protocol, time management and working in teams. Trying to jump into 'hype' technologies may sound fun, but I would recommend gathering knowledge from different areas (combining them sometimes leads to well-paid side-effects).

DevExperience: What do you do for your both personal and professional development? How does a normal day looks like for you? What about a not so normal day?

Planning, priorities, and discipline. I know that I have a very limited time for all those beautiful things I want to try, so I use OKR, checklists and time-tracking tools :) I want to have some time to read twitter feed, to drink cacao and read exciting crypto-books :)

DevExperience: What is the greatest part of your job? What is the not so great part of it?

Well, currently I maintain open-source cryptosystems library Themis. My job is not the cryptography itself, but making sure that sophisticated security properties and processes provided by encryption are usable and user-friendly. My main goal is to let software developers deploy data security in their apps with minimum solution cost and time. That requires a lot of efforts from different areas: engineering (make sure that every code change is tracked and checked), infrastructure (no-one wants to use a library that requires complicated installation process), communication (it’s important to track users’ problems and struggles to understand what to improve). Sometimes it is quite difficult to combine.

DevExperience: How would you explain to an old lady who knows nothing about technology what is it exactly that you do? :)

'Reducing the entropy of the universe by all means available to me'.

DevExperience: Tell us more about the main ideas of your talk and your workshop at DevExperience! Why should people register and attend the event?

Cryptography is frequently considered to be lesser of two evils (the other one is leaving your data open to intruders).
Being hard, people tend to slap some code together, fire-and-forget, hoping that it works. There is a good quote: cracker only needs to find a small hole to get inside your system; but you should protect your system on every level.
Building protected systems requires a lot of work, using cryptography can help you with this, but when used sanely, with eyes wide open. Having gone the same path, from confusion to the appreciation of power encryption gives, I’d like to lead other people into a clear understanding of how to approach implementing realistic security guarantees with cryptography.

You want to meet Anastasiia in person and ask her a few questions for yourself? Then register here and come join the party!