Paul Abbazia
I’m a security engineer at SandboxAQ, a startup focused on artificial intelligence (AI) and quantum technologies. I’m part of the Quantum Security Group, which focuses on post quantum cryptography.
I wear many hats. I’m involved in software development, reverse engineering and binary analysis, research, and aspects of IT security. I also support our public sector efforts, as well as corporate security and R&D. Ultimately, we want to improve the state of
cybersecurity and protect against emerging threats from quantum computers, which have the ability to break the public key crypto-graphy schemes that underpin internet and communications security.
Prior to this position, I had roles at a couple of other startups; various government agencies, including DARPA and other parts of the Department of Defense (DOD
I had a knack for physics in high school and found it fascinating. I had awesome teachers and loved learning how the world works. Physics also helped me understand calculus, which seemed too abstract before it was tied to real-world examples.
I declared a computer science major in my sophomore year of college. At the same time, I had great physics professors who made class enjoyable, so I decided to double major in physics. This led to astronomy research and a 2008 SPS Summer Internship at NASA’s Goddard Space Flight Center, which aided my understanding of statistics like physics had done for calculus. I struggled with mathematics at times—something I have in common with Einstein!
Cybersecurity wasn’t really a big topic during my education. But my first job after college was in a DOD professional development program focused on aspects of cybersecurity. Over three years I took more than 800 hours of cybersecurity-related training and worked in interesting problem domains, expanding the breadth and depth of my hardware, software, and network cybersecurity knowledge.
Cybersecurity intersects with basically all aspects of life, given that everything has been computerized and networked, so it’s truly an interdisciplinary field. Security means wildly different things depending on context, so it’s important to learn about use cases in specific domains and sometimes about how computers interact with physical systems or impact the physical world. Every problem set includes opportunities to learn, conduct research, and apply new skills, so it’s almost always interesting and engaging.
Learn how to program. Even if you’re not a developer, programming is automation, and you can likely automate something in your workflow. And if not, you can still interact with a lot of cool things by knowing how to program.
Professionally, a can-do attitude and a willingness to try new challenges will go a long way and open a lot of doors. You may not know how to do something, but you can learn. It’s best if you can find someone to learn from, but don’t let the lack of a mentor stop you from trying. Even failure provides success in the lessons and skills you learn.
Research can often be tedious, so set small, achievable goals, and document what you learn along the way. Better still, codify your knowledge into programs or scripts that both serve as documentation and allow you to repeat and iterate on what you’ve learned. And don’t let “perfect” be the enemy of “good” either. An imperfect solution is better than not finishing the task or getting stuck on one thing. Finally, surround yourself with good people and take up interests outside of your professional life.