Interview with Benjamin, Cybersecurity Engineer
It’s not everyday that you get to chat with a hacker, let alone one that hacks cars. Benjamin describes himself as a “pure geek” — he hails from a dynasty of computer scientists, he codes, he games, he has a cat. An expert in cyber security, Benjamin has one of the most fascinating behind-the-scenes jobs in the automotive industry today.
Benjamin, what on earth do you do at Valeo?
Benjamin – On paper I’m a Technical Cybersecurity Expert. I work for one of the two cybersecurity teams within Valeo Group. While the other team works on software issues, my team works to ensure that connected and autonomous vehicles are able to defend themselves against threats and intrusions. Basically, we spend our time hacking UCUs, the in-vehicle Universal Communication Units, cars’ central computers, to test cyber security to see how far they can be tempered through hacking. We hack them to see how to improve and protect them. It’s like a game, but there is only one objective — ensuring the safety of our products.
So many questions come to mind, but let’s start at the beginning, tell us about your journey to Valeo.
B. – The journey really started when I graduated with an Engineering degree in Cybersecurity in 2007, after which I worked for the cybersecurity industry doing reverse engineering. After doing this for a while, I decided to go for a Masters in Cryptography and Analysis, followed by a PhD in Cybersecurity. I joined Valeo in 2016, right after completing my doctorate. Valeo appealed to me because cybersecurity for the automobile industry was still very much in its infancy. I was the first person to be hired by GEEDS as a cybersecurity expert.
Today, I manage the Valeo Cyber Lab where we research security holes found in our products. The research period is typically three years, during which the researchers only focus on their research. It is from this research we not only gain new knowledge, but also, patents, technology, and building blocks to be used by the company.
Tell us more about your full-time hackers? How do you find them?
B. – Hackers are a rare breed, they are elusive. You also can’t bring them into a corporate environment through traditional means. They are attracted to freedom. A hacking lab is a playground for such people. You cannot hack in an environment of rules. That also made the foundation of the lab a tricky thing. It was created three years ago, but has only been open officially for one.
Why did it take so long to set up your lab?
B. – I spent a great deal of time creating the right legal framework to allow us to do what we do. Hacking, by definition, is forbidden by law for two main reasons. The first is that tampering with intellectual property induces a leak of your intellectual property. This is why countries forbid this by default. The second reason is national security. There are defined exceptions to these rules, such as when all parties concerned agree to hacking sessions. This is the realm in which we operate.
How do you convince people to work for you? What skills do they need?
B. – Because automotive cybersecurity is so new, there are many opportunities here to create your own position. Software companies can’t offer this. Valeo also really recognizes technical expertise, and links it to career progression. To work in cybersecurity, you need a wide knowledge of computing, networks, software, systems and electronics, too! You also need communication skills because we work with all parts of the business.
How are you looped into projects?
B. – In a nutshell, when a product or project identifies the need for hacking reinforcement, they bring us in. We are part of the quality guarantee of the Group’s products. Generally speaking, any product that has embedded software can be hacked. Within the Group, we work with project managers, software system experts and designers from all business units.
Tell us about the challenges you face.
B. – There are many! To put it into context — cars typically stay on the road for 15 to 20 years, so we have to protect todays’ cybersecurity against threats that might only exist in 2040, using technology that will be so much more complex and advanced. When I graduated, cloud computing was a concept, today all tech is web centric. Just imagine what the future will bring — it’s very exciting !