Meet the Talent: Kristi Shehu, software security engineer

Position: Software Security Engineer

Age: 24

Place of residence: Tirana, Albania

Please describe a day in your life

My day starts as your typical corporate worker’s day. Since I am a fan of hybrid working, on the days I want to go to the office and catch up with my coworkers, I get up early to get ready, grab my life saver go-to coffee, and head to the main offices. Then I start catching up with people while enjoying my fast breakfast and get ready to start the day at full capacity. I work at one of the largest and most well-known software engineering companies in Albania, ikubINFO, which has many employees. Therefore, I firmly believe it is essential to catch up with your teammates to improve teamwork and effectiveness at work.

Then the rest of the day consists in working on a different project where I am allocated, starting with the daily sprint meeting of the project, proceeding after with security testing (or penetration testing), conducting analysis, and reporting the findings to the team. It is a very complex and exciting job in which you can never get bored since there are a lot of interesting findings and new things to learn every day.

And then, after the work day is done, I always love to go and hang out with my friends to grab a drink and enjoy a nice dinner out to distance a little bit of my focus from work and focus on my personal life instead. I have come to understand that you should always make time for yourself to be more focused on the things that matter in this life.

How many projects are you currently working on? Please describe Them

As I said, my work is very complex. Right now, I am engaged in different governmental projects, some of which provide services for Albania’s citizens and others internal systems for the government. I can mention systems involved in public procurement, taxation system, economic aid systems, human resources management, road transportation management system, and many others.

Software Security Engineer

At the company where I work, we know how to craft solutions through technology. ikubINFO is expanded on different working fields in Albania and abroad to enable our public and private sector customers, providing services such as software engineering and maintenance, system integration, data migration, optimization, cloud computing, project management, and many other things. Offering these services and using diverse technologies makes the work of a security engineer very interesting.

In your opinion, who is the most influential person/company in the world of technology these days?

If I had to pick just one person, I would choose Parisa Tabriz, the Security princess of Google, which has an outstanding career in the cybersecurity world. She bypassed all the stigma about women in STEM, got ahead of everyone, and became a competent security engineer.

If you could pick one app/product/project existing now that you wish you were involved in, what would it be

It isn’t easy to choose a specific project or product in which I would like to be involved since every software and technology has an exciting side on its own. But I would enjoy going a little bit outside the specter of my current projects and being more engaged in a product or service specialized for conducting security testing to bring innovation to cybersecurity and make an impact.

How do you see technology evolving in the next ten years? What would you like the industry to look like in ten years?

It is a fact when we say that technology is evolving rapidly, and the direction of it is going towards web 3.0, which I think will be a game changer. Blockchain, metaverse, NFTs, the evolution of ML and AI, and other innovative approaches are changing our operations. Therefore the security strategies that need to be implemented or followed have and will continue to change drastically. With new technologies like these, it is expected that we will operate in safer environments since their infrastructure is designed to ensure user safety and bring security to a whole new specter. Personally, and according to many other professionals worldly, this is where the future is going, and I think it will be a wonderful journey to witness in 10 years.

I just hope that in 10 years, we will be able to adopt new ways of operating more efficiently, and I am sure that the level of security these new technologies will bring to the end user will be very high.

What are the three characteristics you have that make you successful in tech?

I think my best three traits would be: the desire to learn more and the consistency of learning continuously throughout the years. This has helped me a lot while trying to learn new security penetration testing methods and exploring my ethical hacking techniques.

The proactivity not only during security testing but in general actions as well, where I always strive to get ahead of things and think of proactive approaches to reach better results.

Overthinking. I know it’s funny, but this is one of the best scenarios where your weaknesses can arise at work. With my overthinking ability, I can think of different attack and risk scenarios, replicate them, and manage to get a solution that benefits the case.

What is the most difficult thing you had to deal with during your career?

Software Security Engineer: Probably at first, I would say my young age, since I started working at 19 years old. It was very difficult at first to be taken seriously because of the young age, but once you prove you have the skills, that’s all it takes to change the approach one has in you. It’s all about confidence and speaking out for things you believe are right.

What is your greatest achievement up until today?

I wouldn’t choose a specific moment, but a period of time, and right now, I am happy with what I have done till now. Working from an early age in a very large and innovative industry, getting to work with different cultures, and having the benefit of growing professionally have made me a grown person. I am lucky to say that I had the opportunity to grow my knowledge and my network, witness new emerging technologies, and travel the world.

What do you wish yourself with respect to your career? Where do you see yourself in five years?

I hope that one day I will be able to add to the cybersecurity community and not just take. I want to continue gathering knowledge and spreading it with other cyber enthusiasts.

I see myself in five years as a more grown professional in the cybersecurity world, perhaps in a Cybersecurity consultant position or a security architect, and trying to make an impact by sharing my knowledge with others through training, published papers and research, etc.

What is your next goal?

My immediate future goal is to get involved in new exciting projects in different areas with emerging technologies and maybe focus a little bit more on DevSecOps direction. I want to get the hang of that aspect of cybersecurity that integrates security measures and initiatives throughout different stages of the software development lifecycle.

What tips do you have for people who want to start out in the tech world?

My advice would be to start early on. Even if you don’t know which direction you will choose, further along, it is always a good idea to learn as many new things as possible, work on different little projects, and experiment on your own. Because this way, not only can you grow your knowledge, but it will make it easier to understand which direction is right for you. So start, don’t procrastinate until a later time.

If you could say something to your younger self what would it be?

I would say to myself to take it more manageable, without much pressure. Everything that happens throughout your journey, good or bad, will shape you into who you are today, and everything will fall into the right place. It just takes time, focus, and desire to walk ahead.

What do you think non-tech people around you (family, friends) think you do?

This is exactly like the infamous meme where your parents and friends see you as a hacker with the terminal’s background and a bunch of random code lines. And in just 20 seconds of typing the keyboard, I magically managed to get into the system. Even though I would love to penetrate a plan in 20 seconds, unfortunately, this isn’t even close to reality.

What can’t you do without? (app/product…)

There are so many. I would say every app and tool that helps in the penetration testing process. Since there are too many technologies, the need for different tools to penetrate the system is higher. But if I had to choose from the OS system, I would always go for Kali Linux and security testing tools, OWASP ZAP, Burpsuite, Metasploit, Nmap, SQLMAP, Hydra, etc.

Which famous person would you like to have dinner with and why?

I would choose a famous artist for this one, and my top pic would be Picasso. He was a brilliant painter who saw the world distorted at some point in life yet managed to create something colorful. But I wouldn’t pass up the chance of a dinner with the writer George Orwell. He was way ahead of his time, and his ideas are still very relevant today.

Where would you like to travel next?

When choosing a place to travel to, I like not to think about it much since every country has its beauty. I pick a random place and decide to go there, experience its culture, and generally enjoy everything that that place has to offer.

If you were asked to stay on a deserted island for 6 months, what 3 things would you take with you?

I would choose a water purifier machine that works on solar panels to have an unlimited water supply. The second would be an excellent knife to hunt, provide food, and protect yourself. And lastly, I would choose a long rope that could help me to create a shelter, help me reach places that are difficult to reach normally, move things around, customize weapons, build racks, etc. And for providing fire, I can choose primitive methods, such as rubbing two stones together (I’ve seen it work on videos). But let’s hope I’m never put into a situation like this because I just realized I might need a few survival pieces of training.

Do you have a person who influences or motivates you?

I have created an idea of who I want to be in a few years, and when I wake up every day, that dream makes me go forward. So, I would say the vision of myself in the future motivates me to move forward in my journey.

Last thing regarding which you told yourself, “How come no one has ever thought of it”?

Albania still has a lot of work ahead when discussing security strategies. I can say everything about automating different security tools into SDLC. I think automating different security tests and tools throughout different SDLC phases can help raise effectiveness and, overall, the level of security in the process.

What is the greatest miss? (You thought it will never work, but it turned out to be a great success)

Besides some exciting approaches we have decided to go for at work that has taken us by surprise, I would choose something before graduating. My thesis, which was based on Fingerprint systems and their implementation in financial institutions, surprised me with how well I managed to grasp the knowledge and create something extraordinary out of it. With DL, I managed to recreate, in a small simulation, how one can identify someone’s identity with the pattern of the fingerprint and how it can be implemented into everyday use, such as ATMs. This idea actually exists and is being implemented in different countries (unfortunately, I wasn’t the first to think of it). Still, my thesis performed very well, and it even got published.

What did you dream of creating/inventing/doing as a child?

I always thought I would become e doctor, saving people’s lives. But later on, I chose a different direction. Now I try to break through systems and manage to “save” them by giving recommendations based on tests and analyses performed. I just happen to use it instead of a scalpel, Kali. (joking)

How did covid-19 change the way people view technological development?

I think that Covid-19 brought just one good thing: reshaping how we see technology and bringing digital transformation. During these years, more innovations have come to life, and digital tools and methodologies have been adopted to benefit the employees and our current situation. Overall, more secure environments have been created and customized to one’s needs. So, I can say that the pandemic created a landscape that will continue to encourage innovation and technological adoption.

Andriani has been working in Publishing Industry since 2010. She has worked in major Publishing Houses in UK and Greece, such as Cambridge University Press and ProQuest. She gained experience in different departments in Publishing, including editing, sales, marketing, research and book launch (event planning). She started as Social Media Manager in 4i magazine, but very quickly became the Editor in Chief. At the moment, she lives in Greece, where she is mentoring women with job and education matters; and she is the mother of 3 boys.