Born to hack: Timur Iunusov’s security calling

5 דקה
Close-up of a person in a dark hoodie typing on a laptop in low light.

“All my life, I knew what I was going to do.”

Many of us (ok most of us) spend years trying to work out exactly what we want to do with our lives. Not Timur Iunusov. He was given his first computer at the age of eight and he knew that this machine, and others, would be a part of his life forever. “I was fortunate, as I later went to a school that had computer science lessons, so I started coding aged 13. Then I switched to hacking.”

Before alarm bells start to ring, we must add some clarification here. Today, Timur is our Security Research Lead at Canon EMEA and found his way to us because of his extensive experience as an ethical hacker. But it’s understandable that the ‘H’ word raises red flags, as the invisible threat of criminal or malicious hackers is ever present. However, there is a flip side to this that isn’t quite so well known, and these are the cybersecurity experts who use the same skills to identify vulnerabilities without exploiting them. You could, theoretically, compare them to a burglar and a locksmith. One uses their knowledge of picking locks to break in and steal. The other uses the same knowledge to strengthen a building’s security.

“I got a degree in Computer Science and Information Security. Then most of my time was spent working as a consultant,” explains Timur of his pathway into the world of cybersecurity. This means he was essentially a problem solver for hire, working for just a few weeks at a time on a particular product or project, then onto the next one. “It was a case of ‘out of sight, out of mind’,” he says. “You find something exciting, get the endorphins, get paid, then move on. But, in time, you realise that you’re not really seeing anything change. There’s no long-term game.”

Timur Iunusov Security Research Lead, Canon EMEA

Canon has thousands of different products, so doing this means we’re building security into them by design, which is very important for our customers, and for us in the long term.”

Of course, plenty of people still work in this way and offer a really valuable service to organisations as consultants and contractors, seeking out weaknesses in products and solutions before they are released into the world. And while Timur is now working within one such organisation, he still very much values the work that he used to do, as well as the contributions that non-consulting ethical hackers make. But what’s the difference between the two? Well, money and timing, essentially.

“It’s a way for people to learn ethical hacking, so they can use the knowledge to actually earn money doing it later on,” he explains. “Plenty of companies offer a ‘bug bounty’, where you can get money for finding vulnerabilities in products that are already released. You can have your work acknowledged by a well-known organisation, put in a letter or on a website somewhere, or maybe sent a small gift. This is great for someone in their early career.”

Indeed, Timur made his name through assessing payment systems which, as you might imagine, are among the highest stakes and most challenging to protect. Through this, and his work with Payment Village, building awareness around the security of payment systems, he came to the attention of our Senior Director of Information Security, Product Security and Global Response in EMEA, Quentyn Taylor. “He told me about this initiative, where we try to hack Canon’s devices before anyone else has the chance. The company has thousands of different products, so doing this means we’re building security into them by design, which is very important for our customers, and for us in the long term.”

This was in 2022 and now, working within Canon, Timur feels that sense of the long-term, which was elusive to him as a security consultant. He splits his time between his home in Devon and our EMEA Headquarters in West London, where he is able to access and ‘penetration test’ (another way of saying ‘hack into’) the huge and complex machines in our current and future portfolio. He also oversees the work of a large number of consultants and contractors. This puts him in a space between the ethical hackers and the product teams, translating their collective findings into actionable insights that give Canon its reputation for exceptional information security.

TIMUR_BODY

“I now have a deeper understanding of the roles around these products, so I can make the most effective recommendations,” Timur explains. “And I need to be able to find the best possible way to deliver what I know to the development teams. This is something that doesn’t often come naturally to technical people, but I’m learning every day. And when you teach somebody something, you learn from that too.”

It is crystal clear when you speak to Timur that he is not only an expert in his field, but he takes genuine pleasure in his work. “You need to love it. If you don't love it, don't even try doing it,” he says with seriousness. “You should never choose this, or any career, because someone tells you it’s a good job to do and you’ll earn good money. For me, I can easily sit at my computer on the weekends for free – doing the same things I do in my job – because it drives me.”

This tells you everything you need to know about the mindset of someone who, to use the language of hacking, ‘wears the white hat’. It takes incredible levels of application, patience and curiosity, plus the ability to stay 100% on top of emerging threats and new ideas to keep your skills sharp. Learning, problem-solving and being sensitive to the tiniest details are all critical to the role. In fact, one might go so far as to say that you don’t choose this job – the job chooses you.

Find out more about careers at Canon.

Related