Our Stories
Our Stories
Giovanni Vigna
Charismatic lecturer at the University of California at Santa Barbara (UCSB), great surf enthusiast and founder of Lastline, a company specialized in malware analysis that has recently joined VMware, Giovanni Vigna graduated in 1994 in Electronic Engineering at the Politecnico di Milano, where he then obtained a PhD in Information Technology.
After moving to the United States as a post-doc in the late 90s, he quickly started a brilliant academic career which also led to a successful entrepreneurial venture.
Today Giovanni is a recognized authority in the world of computer security, where he is particularly known as the organizer and promoter of the iCTF hacking contest, a competition that every year involves dozens of academic institutions around the world.
Giovanni, tell us a little about yourself: how did you became passionate about cybersecurity and how did it lead you to your current position?
My first encounter with cyber security date back to my teenage years: it was then that I began to get interested in programming and computer viruses. This interest, combined with my fascination with robotics, prompted me to enroll at the Politecnico di Milano, where, during my first programming classes, I realized that all I wanted to do was writing code! Among the many classes I took, the most enlightening was undoubtedly the Software Engineering course held by Prof. Carlo Ghezzi, who in the following years became a real mentor for me.
In 1994, immediately after graduating with a thesis in Electronic Engineering developed as part of a collaboration with Cefriel, I decided to attempt the path of the PhD, despite the fact that it was very difficult to access the program. With great enthusiasm, I passed the selections and I was admitted under the supervision of Prof. Ghezzi. The environment was great and stimulating, as evidenced by the fact that today almost every one of my former colleagues occupy prestigious positions in the academia. It was a group of truly exceptional people, who taught me the love of research understood as a collegial experience and as a continuous osmosis of ideas.
After the PhD, I wanted to have an experience abroad and, thanks to my supervisor, I was able to get in touch with Prof. Dick Kemmerer of UCSB, who invited me to California for a six-month post-doc. I arrived there on October 1st, 1997 – I still remember it! – and the place struck me immediately, also because it was very close to the beach. In that time I developed an excellent relationship with Prof. Kemmerer, who became my second “academic father” after Prof. Ghezzi. Since I had a great time in California and the research projects I was working on had begun to receive significant funding, I decided to further extend my stay in the United States until, after two years as a post-doc researcher, UCSB offered me the job of Assistant Professor.
So in 2000 my career as a professor began, favored by the great trust that American universities place in young teachers. The idea is to give the “new generation” a lot of freedom of initiative, precisely because of their young age, their enthusiasm and their energy. It is an attitude from which, in my opinion, Italian university should draw inspiration. Young researchers are “thoroughbred horses” who have everything they need to make changes and for this they’re given the opportunity to teach what they want and how they want, exactly as it happened to me.
Another reason why I decided to stay in the United States is that over the course of my career I have had the opportunity to work with truly exceptional students and PhD candidates, to the point that my colleague Chris Kruegel and I decided to involve some of them in an entrepreneurial project because we were sure it would have greatly benefited from their enthusiasm and talent. That was the birth of Lastline, a company specialized in malware analysis that monitors the computer networks of companies to identify possible threats and diagnose any signs of compromise.
Lastline is an adventure that has lasted for more than ten years and that just last year, with its acquisition by VMware, entered in a new phase in its history. This has given my colleagues and I the opportunity to take a step back from corporate management and focus more on threat intelligence research.
What are you working on right now and what are your plans for the future?
At the moment, I took a leave of absence from UCSB to complete the acquisition process and facilitate the integration of Lastline into the new company. Later, I will have to decide whether to stay in the company or return to teaching but it will be a very difficult choice because both perspectives offer great advantages. The industry allows you to have a direct and immediate impact on the market and on products, while the world of academic research guarantees and enormous freedom of thought and offers you the possibility to switch fields according to your interests and intellectual curiosity.
What do you like most about your job?
As for research, one of the most exciting aspects – in addition to the aforementioned freedom – is being surrounded by young people with an overwhelming passion for what they do. It is like having roots stuck in the humus of scientific existence: being a professor gives you the opportunity to have a more articulated but inevitably more superficial overall view, while students tend to dig very deep, bringing back real, authentic gems. Being in contact with these talented and enthusiastic people is a real spirit booster!
What did studying at the Dipartimento di Elettronica, Informazione e Bioingegneria mean for you? How important was this experience for your career and what is the most valuable thing you have learned during the years you spent at the Politecnico?
That of the Politecnico was an extremely positive experience for me. One of the most important things I have learned – first as a student and then as a PhD candidate – is the planning ability you need to be successful. Even the meritocratic culture of the Politecnico, based on the idea that it is up to you to decide whether to exploit or waste the great opportunity that has been given to you, has taught me a lot. In American colleges this aspect is not equally felt: having the possibility of accessing a university like the Politecnico at such a low financial cost is an enormous privilege that few people in the United States are able to understand. I have seen many people in the United States who, despite being extremely gifted, are unable to receive a high-level education solely for financial reasons. The Politecnico, in the face of a negligible expense, provided me with an excellent education and made me took responsibility for myself from the beginning, showing me that the educational process requires, in addition to capable, competent and up-to-date teachers, also motivated students willing to give their best to learn.
Is there a funny anecdote or a good memory of your "polytechnic years" that you would like to share?
I remember that when I was a student there was a passage of the Politecnico that was jokingly called “treadmill” because of the great amount of people that crossed it every day. Coincidentally, it was close to the university bookstore and the bar, so my friends and I spent most of our coffee breaks watching those people, trying to catch their idiosyncrasies or to make up stories about them.
On the other hand, a funny memory of my PhD involves the Department's alarm system. At the time, we did not have the internet at home, so we stayed in our office as much as possible to do our research. At 8 o’clock pm, however, the security officer closed the building and set the alarm. This generated several Mission Impossible-style situations in which my colleagues and I were trying to quickly finish the work we were doing before the alarm went off. Obviously on more than one occasion we didn't make it and we had to beg the janitor to let us out!
What advice would you give to students who would like to work in the cybersecurity sector, perhaps as a researcher?
First of all, I would tell them to devote themselves body and soul to programming because the field of security is all about creating systems and therefore knowing how to write code is absolutely fundamental.
Secondly, I would tell them to participate as much as possible in Capture the Flag competitions, which are a great way to get in touch with all the various aspects of cyber security in a pleasant and convivial environment. There’s nothing better if you want to find your own way in cyber security and understand what topics interest you the most! They are very motivating and fun competitions, a non-traditional way to learn which however requires a solid theoretical basis, a good understanding of cryptography, operating systems and networks, good programming and compilation skills. They come in different levels of difficulty: from DEF CON, the hacking world championship that takes place every year in Las Vegas after a very strict selection process to small competitions designed for high school students. There are also many in Italy, including those organized by Prof. Stefano Zanero’s (Professor of Computer Security at DEIB, Ed.) Tower of Hanoi group.
Newsletter
Do you want to stay updated on all the research activities, events and other initiatives taking place at the Dipartimento di Elettronica, Informazione e Bioingegneria of the Politecnico di Milano? Subscribe to the DEIB Community newsletter!
Newsletter
Do you want to stay updated on all the research activities, events and other initiatives taking place at the Dipartimento di Elettronica, Informazione e Bioingegneria of the Politecnico di Milano? Subscribe to the DEIB Community newsletter!
