Interview with Ahmad MK Nasser

0
30
SAMSUNG CSC

Ahmad MK Nasser is the author of Automotive Cybersecurity Engineering Handbook, we got the chance to sit down with him and find out more about his experience of writing with Packt.

Q: What is/are your specialist tech area(s)?

Ahmad: Securing safety critical embedded systems.

Q: How did you become an author for Packt?

Ahmad: I started my career as an embedded software developer working on both low level serial communication drivers for the CAN bus and flash bootloaders. In the early 2000s connected vehicles were still in their infancy and cybersecurity was not really a topic that was widely discussed in the automotive industry. Although, the products I worked on were highly security relevant, as a young engineer, I did not fully grasp that concept until one time when I had to design a software patch that allowed me to reprogram the flash bootloader in the field. For context, flash bootloaders were designed to be programmed once because they have the job of ensuring the ECU software is updated once the vehicle is in production. The program I wrote was essentially fooling the bootloader into thinking that it was loading a flash driver into RAM to prepare for flash reprogramming, when instead it was downloading what was essentially a trojan that would take over control and reflash the bootloader itself with an updated version before rebooting and giving control back to the updated software. At the time, this useful solution made me feel a bit uneasy, but no one seemed to give it too much thought so we proceeded with meeting the customer request for patching their ECUs! Over time, cybersecurity would naturally pop back into view several times in my career as OEMs started becoming aware of the need to improve the security of the in-vehicle network protocols, the diagnostic protocols, the flash programming flow, etc. Luckily, I was among the first to receive these requirements and I was fascinated by the idea that building secure products would be having a true impact on the overall vehicle security. However, as I got into the field of cybersecurity, I was overwhelmed by the amount of information that I had to consume before becoming even superficially useful. It was also the time that I was starting my PhD and searching for a research topic. I took a class on network security and I knew right away that this was the field for me. Everything I have done before that point was preparing me for this lifelong career and I had to cease the moment. Fast forward 11 years later, I had changed jobs three times with each one immersing me even more in the field of cybersecurity. During my work at Nvidia, I found myself doing a lot of writing as I had to collaborate with many teams on implementing the ISO 21434 standard efficiently. When approached by Packt to write the book, it was like someone had just read my mind for what I wanted to do next, so without hesitation I said yes. By writing the book, I wanted to transfer the knowledge that I had accumulated over the last 21 years both in automotive electronics and cybersecurity into a single book. My main motivation is to help engineers who are taking a similar career path find this exciting and highly rewarding field just like I did, and to make the job of those who have already chosen this path just a little bit easier.

Q: What kind of research did you do, and how long did you spend researching before beginning the book?

Ahmad: Due to the fact that I had done a PhD in the topic over a period of six years, at least half of the research was already done. The remaining half I had to do prior to writing each chapter of the book. Although, I did come into the project thinking this was going to be an easy brain dump, it was only when I started writing that I realized that there were many areas that I had to sharpen my skills on and so the research resumed. Overall, the research portion took at least half of the time that I had to spend on the book project.

Q: Did you face any challenges during the writing process?

Ahmad: While working on the book, I was also leading the software security team at my job and facing tremendous challenges in meeting the project deadlines. My biggest challenge in writing the book was in pushing myself to sit down and write even though I was already working 10-12 hours each day. I had to sacrifice every weekend and almost every holiday to make progress. I remember telling myself repeatedly that “this book will not write itself” as a motivation to get up and write. Even if I wrote a few lines, I wanted to make progress. I did not care about the quality at first, as I just wanted my ideas to flow so I would convince myself that I was making progress. Then I would feel motivated to go back and revise my work until it reached the level that I found worthy of sharing with readers. Of course, having a supporting wife and children played a big role as you have to be absent from many family functions to pull this off.

Q. Why should readers choose this book over others already on the market? How would you differentiate your book from its competition?

Ahmad: I wrote this book from a pure practitioner’s view. I have tried and tested every concept discussed in this book and I have seen it being effective in real life. And this is not written from only a single perspective as I have incorporated perspectives from the OEM, Tier 1 ECU suppliers, Tier 2 chip suppliers, and Tier 2 software vendors. The book also pays attention to all product life cycles because cybersecurity is an end to end problem that must be addressed in a holistic fashion.

Q. What are the key takeaways you want readers to come away from the book with?

Ahmad: The key takeaways are that in the long run, a systematic approach to cybersecurity engineering is superior to any other ad hoc approach that relies on even the most talented security experts. That automotive cybersecurity faces unique challenges that require a specialized skillset and a tailored approach. That security is a lifelong journey that you must embrace with an attitude of humility and eagerness for personal growth.

Q. What advice would you give to readers learning tech? Do you have any top tips?

Ahmad: Readers should treat this book as an enabler to advance in the field. There were too many topics discussed in the book that should be explored further by the readers as they choose their areas of specialization. Make reading and learning a part of your daily routine in cybersecurity. Subscribe to podcasts, YouTube channels and twitter feeds of cybersecurity professionals to stay on top of the latest news. This is a field that is highly dynamic so don’t let yourself become obsolete.

Q. Can you share any blogs, websites, and forums to help readers gain a holistic view of the tech they are learning?

Ahmad: I have added tons of references in the book that the readers should explore.

Q. How would you describe your author journey with Packt?

Ahmad: The staff at Packt were very courteous and supportive. I appreciated the continuous encouragement and push to make progress. Overall, I think this was a great experience and I recommend Packt to other authors.

Q. Do you belong to any tech community groups?

Ahmad: Not at the moment but I recommend SAE and the IEEE technical groups.

Q. What are your favorite tech journals? How do you keep yourself up to date on tech?

Ahmad: I receive security news digests weekly from several channels. I subscribe to several security conferences on youtube that I try to watch whenever I can. I also listen to the Security Now podcast by Steve Gibson while biking.

Q. How did you organize, plan, and prioritize your work and write the book?

Ahmad: Creating the outline was a very valuable way to get organized. I knew what topics I wanted to write about so by organizing them into an outline and sticking to the outline I was able to get the topics covered one after the other. I wanted the chapters to flow in a way that tells a story starting with prerequisites and ending with security solutions to problems stated earlier in the book. I wanted the reader to appreciate the need for the systematic approach so I did not jump from problem to solution in a single step.

Q. What is the one writing tip that you found most crucial and would like to share with aspiring authors?

Ahmad: Organize your thoughts into a skeleton before starting to write. Divide and conquer is my strategy. I break up each chapter into sections that I tackle one by one. If you feel blocked, move on to the next section. When you realize you are making progress, your mind is tricked into wanting to write more. Take breaks and allow yourself to think spontaneously for example while taking a walk. Have a way to write notes at any point of the day that you want to elaborate on in the book. For example, I used my phone to transcribe some ideas that I thought were worth mentioning while taking a walk or right after I woke up once. Sometimes, simple conversations with others can spark an idea that you want to explore in your writing. Treat every such moment as a source of inspiration.

Q. Would you like to share your social handles? If so, please share.

Ahmad: Here is my LinkedIn.

You can find Ahmad’s book on Amazon by following this link: Please click here

Automotive Cybersecurity Engineering Handbook – Available on Amazon.com