Good day!

Our interviewee, Adil Elchin oglu Aliyev, has been working as a programmer since 2006. For nearly 10 years, he has served as a software engineer at renowned companies worldwide. Currently, he is working on mobile security software solutions at Samsung Electronics in Vancouver, Canada. Previously, he worked as a software engineer at Amazon's Vancouver office and Samsung Electronics' headquarters in South Korea. Until 2015, he was employed at IDRAK Technology Transfer, NEATS, and Azercell in Azerbaijan. In addition to his industry experience, he has taught at Baku State University, ADA University, and Azerbaijan Technical University over the years. In 2022, he was a member of the working group that developed the undergraduate program for the Information Security major.

1. Could you please provide information about your career path in the field you specialize in and work in so far, as well as the moments and reasons that have inspired you to continue this career path?

Since my parents were involved in programming, I developed an interest in this field from a young age. I used to copy and run code written in BASIC from various books I found on the bookshelf at home, even though I didn't understand it at first. These were usually simple programs, such as those drawing various geometric shapes, performing basic calculations, displaying primitive animations, etc. Later, I would try to understand what happened by changing the parameters and the sequence of commands. This way, I began to grasp the logic of the code.

Later, I started learning more comprehensively from a book in Azerbaijani. Although these books were about old technologies and simple problems, they allowed me to learn some fundamental elements of algorithm design.

When my parents noticed my enthusiasm, they introduced me to their former teacher, Ramin Mahmudzade, when I was in the seventh grade. At that time, Ramin was organizing a programming club for schoolchildren. From then on, thanks to Ramin, I began learning programming more seriously and professionally. In 2002, Ramin took us to an international computer project competition in Tbilisi. At this Olympiad, which involved 11 European countries, I was awarded a silver medal. Such competitions, Olympiads, and Ramin's dedication inspired me further and increased my ambitions in programming.

I pursued my higher education at Baku State University. The primary reason for choosing this institution was to study at the university where Ramin worked and to collaborate with him on new projects. Although he only taught in the Russian section and I was in the Azerbaijani section, I still attended his seminars, and he supervised my coursework and involved me in several projects. One of these projects was organizing the national programming Olympiad for university students. It was the first time we held a competition using an online grading system, with results being transparently announced in real-time. Later, the number of such projects increased. For instance, in 2019, Ramin involved me and my friends in the preparation process for hosting the International Olympiad in Informatics in Azerbaijan.
Even after graduating from university and moving abroad, I always kept in touch with Ramin and sought his blessing whenever I embarked on new endeavors. Unfortunately, Ramin passed away on August 9, 2022.

In 2006, alongside my higher education, I had the opportunity to work at IDRAK Technology Transfer to gain more practical skills. The company's director, Hikmat Abdullayev, is a unique individual. He constantly gave us interesting tasks related to new technologies. I remember in 2007, we were researching tablet computers and assembled several prototypes. Although I was still a student, Hikmat entrusted this project to me first. Later, as the project grew, other colleagues joined in. At that time, terms like "tablet" or "planshet" were not used, and we called it a mobile computer among ourselves. There were no iPads, Galaxy Tabs, etc., back then. During that period, Hikmet introduced us to a technology called e-Ink and tasked us with creating an electronic book using it. We developed the first prototype in a short time. Today, devices like Amazon Kindle and Kyobo work with this technology, but we had encountered it back in 2007-2008.

After returning from military service, my friend and I started a company. We decided to try our hand in the software business. Although we completed several successful projects, the results were not entirely satisfactory, so we decided to cease the company's operations in 2014. That same year, I began working as a programmer at Azercell.

In 2015, I received a job offer from the headquarters of Samsung Electronics. After nearly seven months of interviews, I was accepted and moved to South Korea that same year. Samsung Electronics is a massive company where I gained experience in developing large-scale software projects, serving millions of customers, utilizing different programming methodologies, and working on various confidential projects. The experience I gained in Korea significantly broadened my perspective and contributed positively to my professional development as a software engineer.

In 2019, I received job offers from both Amazon’s offices in Vancouver, Canada, and Seattle, USA. I chose the offer in Canada and have been living there since that year. At Amazon, I worked in several different teams. It was a valuable experience to be involved with systems responsible for millions of transactions daily, addressing issues quickly, and working with large-scale data processing systems.

While working at Amazon was quite interesting, the workload was extremely high. Here, programmers are responsible for all aspects of software and all steps of software production. Programmers collect business requirements, write specifications, manage projects, design architecture, write code, test, deploy, and continuously monitor the software. On one hand, it was a very engaging experience, but on the other hand, I found I had little time to work on projects related to Azerbaijan.

Thus, in 2022, I left Amazon and returned to Samsung Electronics. Samsung has an office in Vancouver, where we are responsible for Knox mobile security solutions.

Actually, my career is primarily focused on software engineering rather than just cybersecurity. Back in the early 2000s, programmers themselves were often responsible for addressing various security issues. As a result, I have always sought to deeply understand security. As my experience and responsibilities grew, the need to ensure the security of the software systems I developed at every stage became essential. When building large systems, it’s crucial to pay serious attention to security. Thus, I work closely with the "Software Security" aspect of cybersecurity. Viewed from a different angle, this field is an integral part of software engineering.

As mentioned earlier, the opportunity to work in various areas of programming, having people like Ramin as a mentor, and the continuous innovations in the field have inspired me to stay engaged in software engineering. The IT sector is such that we are always students, constantly learning. This ongoing desire to learn and explore continually motivates me to be involved in this field.

2. What have been the biggest cybersecurity challenges you’ve encountered in your experience, and what steps do you believe are necessary to address them?

From my observation, many engineers, managers, and executives either do not adhere to the fundamental principles of information security or misunderstand them. Many approach the issue from a narrow perspective.

For example, some believe that once the software is completed, simply assigning a penetration test to a company or an expert and following their recommendations will resolve all security issues. In reality, the situation is not that simple. Security considerations must be integrated into every step of the Software Development Life Cycle (SDLC), starting from the moment business requirements are written.

A few years ago, I provided consulting services to an organisation that did not consider potential system loads during system development, nor did it measure load limits afterward. For instance, if the organisation’s marketing team invested heavily in a successful campaign and customers began flocking in, what would happen? The system would become overloaded and gradually crash, failing to provide the necessary service. This initially violates the principle of availability. Moreover, since the promised service to customers is not functioning, the company's reputation will suffer. Once the reputation is damaged, it’s much harder to regain customer trust, and the marketing budget will have been wasted. As this simple example illustrates, a lack of attention or awareness in even a minor issue can lead to significant business consequences. Such risks must be assessed in advance.

Such examples are numerous. This issue is not confined to Azerbaijan or small organisations; similar problems exist in many countries and even in some of the most renowned and advanced companies worldwide. I believe that addressing this requires cybersecurity awareness to be practical, clearly outlining each role’s responsibilities and explaining the associated risks. However, this is not an easy task.

3. How do you assess the development of the global cybersecurity ecosystem over the past few years, and what trends do you predict will emerge in the future?
As you know, in recent years, more powerful computers have emerged, and with the advent of Web 2.0, the volume of data in the internet realm has increased significantly, making data creation and acquisition much easier. This has led to machine learning and neural network algorithms based on statistical computations achieving substantial practical results. Today, when we talk about artificial intelligence, it almost exclusively refers to machine learning, deep learning, and the technologies built upon them.

Artificial intelligence systems can detect anomalies that humans cannot see and solve problems that classical algorithms struggle with. Recently developed Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Security Information and Event Management (SIEM) solutions, and other security measures are showing more effective results thanks to AI. Some solutions can even identify security vulnerabilities in source code and alert programmers in advance. On the other hand, AI systems also introduce new threats. Currently, there are AI systems that create viruses, hack systems, make phishing attacks more convincing, and generate and spread fake news. The drawbacks of AI are not insignificant. Therefore, it is crucial to thoroughly understand AI and to master how and when to use it effectively in each country.

4. What advice would you give to those who want to build a successful career in cybersecurity and become professionals in the field?

From my experience teaching at various universities, participating in candidate interviews at leading companies, and discussing with students and recent graduates at various events, I’ve observed that many young people often neglect fundamental principles in favor of focusing on trending technologies. My advice is for young professionals to pay equal attention to fundamental issues.

To be a good security engineer, it is essential to master fundamental knowledge such as algorithms, data structures, relational algebra, how operating systems function, how computers work, memory organization in RAM, principles of addressing, processor operations, and network functioning. These fundamental skills are crucial for anyone looking to build a successful career in IT.

Focusing solely on a single technology and building your entire career around it can be very risky in today’s fast-evolving tech landscape. For instance, when interviewing candidates for front-end development roles at companies like ÖzünÖyrən, I often see that individuals only know one technology, particularly React, and have concentrated solely on that. However, they lack knowledge of fundamental concepts like how browsers work, the HTTP protocol, how browsers render pages, and the intricacies of JavaScript. React, like many other technologies, can gain popularity rapidly and just as quickly become obsolete. Such changes are common in the programming world. Thus, it's crucial to have a broad understanding of underlying technologies and principles beyond any specific tool or framework.

In such cases, engineers may find themselves struggling to find job opportunities. To avoid this, it is crucial to acquire fundamental knowledge relevant to their field. With a strong foundation, learning new technologies becomes easier, as a solid base allows for substantial building upon it. Without fundamental knowledge, those who focus only on learning specific technologies are increasingly being replaced by GenAI systems. In Canada, new graduates seeking jobs in programming are facing significant challenges. This issue is likely to emerge in our country as well in the near future.

In my meetings with various cybersecurity professionals, I’ve observed that while many have mastered a range of penetration testing tools, they often lack a deep understanding of what these tools actually do. As a result, they struggle to assess how useful the reports generated by these tools are. The issue extends beyond just using the tool. It’s essential to understand the potential impact of the risks identified in the reports on the organisation. Should the organisation invest resources to mitigate these risks? What are the potential gains from such investments, and what are the losses if they are not made?

These questions may sound business-oriented, but they are crucial. Therefore, my next piece of advice is for both cybersecurity professionals and software engineers to also acquire business knowledge. Understanding how companies are managed and financed is essential for them to grasp the benefits and drawbacks of the systems they test or develop for the organisation. This aspect is often overlooked by engineers but is extremely important.

5. Do you have any recommendations for further strengthening the cybersecurity ecosystem in the Republic of Azerbaijan?

Recently, I’ve observed that both government agencies and the private sector in Azerbaijan are giving significant attention to cybersecurity. In response, higher education institutions and training centers are also placing a strong emphasis on this field to meet the labor market demands. I believe this is a very positive development.

However, there is a missing component here. In fact, I mentioned this in a conference paper back in 2013. It would be beneficial to establish a Science-Education-Industry triangle. Let me explain with specific examples. For instance, the industry has its own demands for skilled personnel, which are not vastly different from those abroad. However, the serious verification of these demands, the determination and continuous updating of competencies, and the shaping of these requirements can be handled by researchers. As a result, the educational system can plan and improve its training processes more effectively. This way, the field of science benefits education, education benefits industry, and industry, in turn, benefits science. I have provided my suggestions on this issue and hope to work on it with master's students at AzTU in the upcoming semester.

Let me provide a real example from South Korea. At Samsung Electronics, where I worked, the company commissions researchers from Korean academic institutions to solve various problems it faces. This is not done merely as a formality; these researchers are genuinely capable of meeting Samsung's needs. The researchers also involve their master's and doctoral students in these projects. These students get the opportunity to conduct research on practical issues and start collaborating with companies. As a result, Samsung's scientific research is conducted, young researchers engage in applied research, and numerous scientific papers and patents are published. For instance, a friend of ours from Azerbaijan was involved in a similar process at Korea University. His research on "Cloud Security" was actually commissioned by a well-known Korean telecommunications company to his academic advisor. His master's thesis was on this topic. The research led to several scientific papers and patents, some of which were registered in the United States. Currently, several global companies benefit from this scientific research.

In your opinion, how many universities or research institutes, companies in our country would approach to solve their problems? Would they trust that they will obtain practical results? I believe that as a nation, we need to focus on this issue. We have significant potential in this area, and it is essential to turn that potential into tangible results.

6. What recommendations would you make for strengthening the cyber diaspora?

I think it’s great that ACOA is prioritizing the topic of cyber diaspora and dedicated a separate panel to it at the recent cyber forum. I also appreciate the opportunity to serve as the moderator for that panel.

As mentioned in the panel, I believe that for the cyber diaspora to be strengthened, its sustainability is essential. To achieve this sustainability, it should have specific functional roles. In my view, ACOA’s cyber diaspora functions as a consortium of consultants in this field. Utilizing the knowledge and skills of its members for national projects would be both engaging and a source of pride for each member.

Let me give a simple example. When I mentioned my invitation to the cyber forum at work, both management and employees were surprised. Everyone began discussing the value placed on Azerbaijani specialists abroad. In our office, we have experts from many parts of the world, including the USA, Canada, the UK, Belgium, Korea, China, Japan, Egypt, Iran, Russia, Ukraine, Germany, Mexico, Brazil, and several other countries. This situation was quite intriguing for all of them. Naturally, it is also a source of pride for me. Imagine that not only are there invitations to conferences, but there are also frequent invitations for our compatriots to be involved in specific projects. This would be a source of pride for them. Furthermore, they will apply the experience they have gathered abroad to our homeland. I believe that establishing such a mechanism would make the cyber diaspora more sustainable and robust.

Thank you for providing the opportunity for this interview.