Meet two software engineering managers in Gdansk ensuring safe, secure products and solutions that achieve the highest standards of excellence.
How do we make sure our technologies and solutions are as secure as possible? With some of the best cybersecurity experts in the world.
Meet Jaroslaw Dobrzanski (Jarek) and Marcin Kolasinski, software engineering managers in the Platform Security Division (PSD) for Intel Architecture, Graphics and Software (IAGS) at Intel Poland.
We recently spoke with Jarek and Marcin about how their developers and security researchers, in collaboration with engineering teams across Poland, China, the United States, and Israel, help make Intel’s products and solutions safer through proactive design, rigorous testing, and even hacking.
What does your group do and what are some of the projects you are working on now?
Jarek: We create services and software that allow us to build more secure Intel® architecture-based solutions for our customers. We also have a dedicated security team that keeps an eye on things like crypto review, solution security review, threat modeling, etc. Additionally, our DevOps team ensures that the services we deliver are running with high availability (typically 99.9%) and provide troubleshooting support whenever there are issues or the system cannot heal itself.
Marcin: Two of the most famous products that we develop here in Poland are the services for the Intel® Software Guard Extensions (Intel® SGX) and the Intel® Secure Device Onboard (Intel® SDO). Intel SGX is geared toward client and server platforms. It enables our customer to execute code programs in isolation, inside a secure location called an enclave. What is stored or executed in an enclave cannot be modified or even seen by anyone. It is a great solution for securing applications. This technology platform is based on the latest Intel® processor family.
When we say onboard, we are referring to the first installation of a device in the field. Onboarding Internet of Things (IoT) devices is very complicated and it can be a challenging to ensure the process is secure. This is where Intel SDO comes in. It resolves that problem. It also includes tools for IoT device manufacturers that allow them to inject secrets on the manufacturing line. With these secrets, we can process secure onboarding in a few seconds. Then we can connect the device to a device management service in a simple and secure way.
Jarek: Intel SGX also makes application security independent from the software stack it is being run on. Even if you have a secure application, if you run it in an insecure operating system or inside an insecure virtual machine, a hacker can break into the operating system, read memory, make use of it, and steal sensitive intellectual property (IP). So, typically the security of these application depends on all this software, including operating systems. With Intel SGX, that is not the case. Even if a hacker gets into the machine, they cannot read memory because it is encrypted, and it is secured. The cornerstone of Intel SGX is a feature called remote attestation. This capability allows the owner of an enclave to verify its state and ensure it is operating on a secure, legitimate, patched system.
What is an interesting aspect of your group that might surprise people?
Marcin: We have a dedicated team of security researchers who are focused on making sure that our products are secure. Though they are very good developers—the best of the best in my opinion—they are not responsible for developing the product. They clarify what is being developed by our team and grow our team’s security expertise. They mentor our developers, train them, and teach them cryptography. They know how to break things, and that’s how we know how to defend from such attacks. They are hackers, but on the right side.
Jarek: And in the case of products, they act proactively to ensure that the architectural design is secure enough and everything is in place. They also try to break the system, reverse engineer, and make sure the end user cannot do anything that is not allowed with the products we release.
What excites you most about working in PSD IAGS?
Jarek: The security domain is very interesting, and it is growing in all areas. It is becoming more and more important. Working in this area is very exciting—especially encountering new attacks and seeing how engineers around the world are trying to defend from different angles.
Marcin: What motivates me is when I see big announcements in the press like Yahoo! or Bloomberg that large cloud service providers are starting to use our new security related features, which they believe will bring them more customers. What is most important is that these customers will feel secure using their environment. It is exciting that we enable security in big places—without all that we do, it would not be possible. So, we change the way software security is being implemented, from the relatively old-school hardware only solutions, to hardware- and software-related solutions. It is a big transformation.
What makes for the ideal job candidate for your group?
Jarek: We strive to build high performing teams where we can have open discussions about what works and any possible troubles that we encounter, or optimizations that we could make. We are looking for people open to challenging assignments. Those who work well within a team and who like to collaborate with other team members to build specific features. We are looking for software engineers who view the programing languages as a tool to solve a specific problem, and who demonstrate flexibility and adaptability. They should be willing to work with different technologies, rather than being focused on a specific programing language or one aspect of software engineering.
At times a candidate lacks particular skills but is open to learning and shows good potential. For instance, a premium developer with the relevant technological skills, but lacking experience in software security. That is fine, provided they are willing to develop these skills.
Interested in opportunities at Intel Poland? Check out available openings here: https://www.intel.com/content/www/us/en/jobs/locations/poland.html