[Meet our Faculty] EURECOM welcomes Simone Aonzo as an Assistant Professor in the Digital Security department
Q. Could you describe briefly your academic trajectory and working experience so far?
SA. I studied computer science at the University of Genoa and graduated in 2015, specialising in the Android operating system with a focus on assistance security. After my studies, I worked at Talosec, an Italian startup security company, on penetration testing banking apps for Android. In addition to my main work at Talosec, I was entrusted with training on malware analysis for other companies, a valuable part of my working experience. In fact, as someone working in IT always dealing with machines, teaching and mentoring is the human part of my job since interacting with people gives something that machines cannot offer. Also, during my experience in the industry, I enjoyed the practical mindset targeting applied research contributions.
After two years in the industrial sector, I started my Ph.D. in Computer Science and Systems Engineering in 2017 at the University of Genoa. The title of my thesis was “Novel attacks and defenses in the Userland of Android.” In 2020, I got hired by EURECOM as a Postdoctoral Researcher under the supervision of Professor Davide Balzarotti. In April 2022, I was promoted to Assistant Professor in the Digital Security Department.
Q. What made you choose to work at EURECOM and then want to stay as a Professor?
SA. During my Ph.D., I visited EURECOM for three months while working with Prof. Yanick Fratantonio on a paper, when I also met Professor Davide Balzarotti and other researchers from the Digital Security department. I found the EURECOM campus very fascinating, being close to nature, and working with people that created a challenging research environment but friendly at the same time.
In September 2022, there was a celebration for the 30 years of EURECOM, and it was remarkable that all students said that EURECOM was like family to them; I really think it’s true! The environment here is warm, and I hope that I have found my “happy island,” as we say in Italian. Of course, this does not mean that everything here is easy, but it is challenging in a positive way. This is why I chose EURECOM, and I am very happy being here.
Q. What is the expertise you bring to the Digital Security Department?
SA. What I am bringing to the table are the two main lines of my research: humans in security and malware analysis. Regarding humans in security, I have been involved in the DARPA CHESS (Computers and Humans Exploring System Security) project, which aims to develop the capabilities to discover and address vulnerabilities in a scalable manner due to the lack of expert hackers. Nowadays, a lot of security tasks are still managed by humans, which is not a scalable solution. At the same time, we are witnessing the appearance of top conference papers in which human beings are studied in cybersecurity processes. In my opinion, this is a critical area because, from a theoretical standpoint, the landscape of computer security has completely changed in the last few years. We solved a lot of problems, and nowadays, it is almost just a matter of implementing what we already know. The problem is that humans have to implement this, and this is something I really want to investigate more.
The other line of my research is malware analysis on Android and Windows. They are, respectfully, the most used operating systems on mobile and desktop platforms. Recently Microsoft has decided to support Android apps on Windows with a dedicated emulator, so it looks like the two research topics are colliding.
Finally, the intersection between the two main lines of my research, humans in security and malware analysis, is not empty. I recently had an accepted paper about how humans approach a task of malware analysis. So, these two lines of research can be combined.
Q. Do you see any possible collaborations with your department and with other departments?
SA. In our department, except for Davide Balzarotti, we have Aurelien Francillon and Daniele Antonioli, and we often discuss working together. I have spoken recently with Paolo Papotti from Data Science Department, and we are starting to collaborate. I think there is still room to improve interdepartmental collaborations. We need to find a way to spend more time together, with informal talks, like having coffee together. While talking with other professors, we discovered that there are many opportunities for collaboration across our different expertise, which would be great. So, yes, absolutely! Partnership within the department and interdepartmental collaborations are crucial. Also, they give you this feeling of belonging in a team.
Q. What are your future goals and your message as a new Assistant Professor at EURECOM?
SA. The short-term goal is to survive, meaning to understand this position’s new aspects. It is all about research during the Ph.D. and the PostDoc; being a professor is totally different. After that, my two main goals are teaching and research. I will teach two courses given my background, the first is Introduction to Cybersecurity, and I have a couple of ideas to propose for the second one. Similar courses may already exist, but I want to take them to another level by introducing some gamification in the process of learning. Regarding research, the long-term goal is to publish high-quality research papers working with other professors with different backgrounds in order to offer new perspectives on cybersecurity.
I think cybersecurity has completely changed in the last few years. It has departed from science fiction and is now on the table of the most critical countries in the world. From cybersecurity to cyber war, the distance is just a few inches, so as researchers and professors, we should keep in mind that what we are dealing with impacts the real world. In our field, we need to train ethical hackers, people who can think and deal with this complex world in which cybersecurity is no longer a toy. There is no more this artistic side of the one-man band, developing complex tools also for the pleasure of intellectual challenge. We are dealing with big cyber criminal groups, with nation-states sponsoring hackers. So, my message is that we need to train people to defend the world.