Why do smart engineers write bad code?
To commemorate F-Secure’s 30th year of innovation, we’re profiling 30 of our fellows from our more than 25 offices around the globe.
“Security starts from the source code,” Kenny Gan, F-Secure’s Director of Web and Backend, Consumer Security R&D, explains.
“Meaning developers having a good grasp of cyber security, is vital before the code transforms into IT backdoors, data breaches and other threats that could impair an organization’s brand.”
The Million Dollar Question
But do most developers have a grasp of cyber security?
“I’m afraid not, otherwise we wouldn’t occasionally hear the statement, ‘Why do smart engineers write bad code?’”
Kenny says it’s a given that every coder would prefer to write good code with zero security flaws.
“The million dollar question is, what’s so hard about writing secure code?”
He says the difficulty comes down to three main factors: The underlying technical complexity of the task; The general weakness in knowledge and discipline of secure coding practices and principles. Finally, the pressure of delivery of work against a tight schedule that can at times work against security quality.
Conquering complication with simplicity and devotion
And that’s where Kenny’s job leading F-Secure’s Malaysian coding efforts out of the Kuala Lumpur office comes in.
“One of my working philosophies is that if we are able to fix complicated issues in the easiest way, then we’re experts; if we are able to fix duplicate issues with devotion, then we’re winners,” he says.
F-Secure is the third multi-national company Kenny has worked out in his young career and he finds that any differences in culture are usually overcome by a shared vision.
That vision?
“F-Secure KL is to be universally recognized as a reliable and trusted strategic partner that exceeds the expectations of our stakeholders.”
‘Endless’ opportunities for good coders in cyber security
Kenny began his career at the right place at the right time. Kuala Lumpur continues to be a regional hub of software development center in since the last two decades—and it’s an excellent place to start your career, especially if you’re a computer science graduate student.
“If someone is interested in getting into the cyber security industry in Malaysia, my advice would be to master secure coding principles and practices,” he says. “In software development, you would explore what are secure coding concepts and design patterns. All of which are the important knowledge that are needed in order to become a cyber security expert.”
Before Kenny’s own career began, he recognized he had the kind of patience necessary to write good code.
“When I was young, I liked programming very much and most of my time at home was spent just looking at the screen to figure out what would be the best and efficient way to produce the simplest, scalable and robust code.”
Looking ahead he sees “endless” opportunities in cyber security, but also risks—as criminals get better at monetizing online attacks, hactivists and terrorists will find new ways to exploit a world where almost everything is connected to the internet.
If we’re going to have any hope of stopping them, we’re going to need some really good and secure code.
Check out our open positions if you want to join Kenny and the hundreds of other great fellows fighting to keep internet users safe from online threats.
Categories