Making cloud-native apps more secure as a researcher at Dynatrace
For this edition of Dynatrace Stories, I spoke to Mario Kahlhofer, Ph.D. student and researcher at the Dynatrace Lab in Linz
What’s your name, and what do you do at Dynatrace?
I’m Mario, and I am a researcher in the research team. I’ve been working at Dynatrace since February 2020.
The research team is a small team, where half of the team members are doing full-time research and the other half is comprised of part-time workers, bachelor, and master students, of which I also supervise some.
My specialization is cloud-native app security, on which I am also currently pursuing a Ph.D. We focus on security in modern cloud environments, (e.g., heavily interconnected apps, think containers, and Kubernetes). We don’t focus on enterprise security (we are not finding phishing emails in your outlook 😉). I work very closely with the application security team, which is driving the application security solution in the Dynatrace platform. My role is to research present and future topics in the application security industry. I build prototypes of what’s being theorized in the academic world and see what can be applied in the “real world.”
What I’m specifically looking at is multi-step attack detection. I try to detect hackers when they infiltrate your cloud apps and tamper with your system. The big challenge is being able to correlate all the individual and noisy sources that we have. Such hacks usually happen over long time periods, and it’s easy to overlook several seemingly unrelated things if you don’t correlate them. Let me emphasize that, even correlation isn’t enough, having interpretable models is what we are aiming for.
What got you interested in Dynatrace and your role?
I like app security; I like data science; I like to combine those two.
We are working very data-driven, but security datasets are still tough to work with. Dynatrace offered me the opportunity to be creative, combine my two passions, and tackle big problems.
I also knew about Dynatrace before I became an employee. After finishing my bachelor’s and master’s degrees in computer science at Johannes Kepler University, I worked as a research assistant at the Christian-Doppler Laboratory. There I did some research in time-series analytics for Dynatrace already.
How do you structure the work in your team?
We have started working in a similar way to the dev teams by following the Agile method, and we’ve adapted it to our specific needs.
For example, we don’t have 2-week cycles because we do not release prototypes or features so often. We have a Product Owner, who prepares our stories, and we refine them together as a team. We use a Kanban board to prioritize our work. It’s the first research position I’ve ever had where we truly follow agile methods, but I think it helps because it structures the work and helps not losing focus around so many interesting things to research. I like that we work in an Agile way, even as a research team.
What technologies do you work with?
We prototype a lot in Python unless a student knows another language very well. We also do a lot with containers, which means that we work with Docker and Kubernetes.
How does your work affect business at Dynatrace?
It depends on who you ask. 😉
On one side, we are very active outside of Dynatrace by publishing research papers and showing our prototypes and results at academic and tech conferences. We are also very active in the open-source space. This pays into the company’s visibility and marketing strategy because we have a foot in these spaces. At the same time, we learn a lot about how others are doing things.
On the other side, we explore and research things, build prototypes, and derive learnings for new technologies that might one day end up on the product roadmap. Our work eases the burden on the development team because they don’t need to put in the research — we’ve already done it for them.
What do you enjoy the most about working at Dynatrace?
As I already mentioned, I love that I can combine security and data science.
But I also particularly like that I can be autonomous here. I like that Dynatrace is investing in this research field, even though it’s a risky investment. In the worst case, we invest time into developing a prototype that doesn’t make it into the product. But in the best case, my research has contributed to the further development of Dynatrace.
How would you describe what Dynatrace does?
It’s a platform that helps you monitor your entire software stack or environment. It enables you to solve problems and innovate faster.
What do you do in your free time?
I like to do programming in my free time as well. I’m the co-founder of SIGFLAG, a CTF (Capture The Flag) team in Linz. This is basically cybersecurity training done in a playful way. Two teams go against each other: One needs to attack an environment. The other one needs to protect it. It’s a lot of fun!
When I’m not in front of the computer, I also like doing sports, like running, mountain biking, and snowboarding in winter.
Does catching hackers make your heart beat faster? Then join us! We have many open positions in security and research on our careers portal.
Making cloud-native apps more secure as a researcher at Dynatrace was originally published in Dynatrace Engineering on Medium, where people are continuing the conversation by highlighting and responding to this story.