Cooperation with industry makes sense at all levels of study

Author: Klára Petrovičová for fi.muni.cz

Becoming an expert in a field takes a lot of theory and practice. Andrij Stecko, a FI graduate who has been involved in several industry and government-funded projects during his PhD studies, has been given both. Later, from his position as a R&D (Research and Development) manager, he led the product security and engineering teams at Y Soft and now works at Oracle NetSuite. You can read about his journey and experience in this interview for the Faculty of Informatics of MU.

Why did you decide to study computer science?

I made my decision "a long time ago", I went to university in 2000. Basically, I had been interested in mathematics and later I started to be interested in computer science. When I was deciding what faculty to choose, still in Ukraine at that time, I had only one choice at the University of Lviv, the Faculty of Applied Mathematics and Informatics, so I went there.

So you first studied at the University of Lviv and later went to the Faculty of Informatics (FI) of Masaryk University in Brno. Why FI?

I would say it was a big coincidence. At that time, my friend and I decided that we wanted to try studying abroad. At that time, travel abroad from Ukraine was quite limited and not many people were travelling anywhere, let alone studying abroad. So we decided to give it a try, but we didn't want it to be too far away, so we chose the Czech Republic. At first we tried Prague. Eventually a friend came up with the idea of going to Brno, which was the first I had heard of at the time. Then another coincidence came into it, which was that Charles University, where we were applying, had an application process that was complicated and non-transparent for us. In contrast, at MU it was done very well, so it happened that I got in.

Are you glad it worked out that way?

Definitely! I think Brno is a great city and the Faculty of Informatics is excellent and has huge potential. When I observe the faculty from the inside, I think it has been growing over the last 15 years not only in the number of people, but also in the quality of study and expertise. I can see how it is improving its impact on the global scientific community and also on the local ecosystem of companies. I am very happy to be here.

As a foreigner, was it difficult for you to study in the Czech Republic at first?

I would say it's relative... I had a problem with the language in the beginning. It got solved with time, but otherwise everything at FI / MU was set up in such a way that I either didn't have any problems or they were minimal, so thumbs up to FI / MU.

Did you study right away in Czech?

Yes, I studied in Czech. I prepared for it already in Lviv, where I had private lessons. It was interesting when I had my first class - Algorithms for Hard Problems with professor Černá, who spoke Slovak. I left the class a little sad that the Czech lessons didn't help me much (laughs). Only later did I actually realize that it was Slovak and not Czech.

You went on to do a PhD. Why did you decide to go for it?

At that time, I was very much into security and wanted to get better at it. I did my master's thesis under professor Matyas and during that I decided that I would like to continue.

What made you choose security?

I first came into contact with security while writing my bachelor's thesis in Lviv. I chose a topic in the field of applied cryptography. At that time, I was not very familiar with the field of security, because we hardly had any courses in this area. The only close one was about cryptography, which I found interesting, so I decided to do my bachelor's thesis in this area as well. When I came to Brno, I chose all sorts of courses about security and gradually got more and more interested in it until I got to the PhD studies.

What did you do during your doctoral studies?

I was keen to work on industry projects. When I approached my supervisor and asked him if there was such a possibility, he offered me several opportunities to collaborate directly with several companies during my studies. Among them were Trusted Network Solutions, MONET+ and Y Soft.

It was a very interesting experience and an opportunity to change the context. The collaboration allowed me to do something different, to disengage a bit and then come back to my dissertation topic.

What were the projects about?

Security. In collaboration with Trusted Network Solutions, I investigated how providing geolocation information affects the accuracy of spam detection. For MONET+, we were developing a new authentication token. For Y Soft, it was about developing protocols for a payment system.

So, by working with Y Soft, you also became an employee, where you worked as an R&D manager and led the product security and engineering teams. Do you have a favourite project that was created at Y Soft during your time there?

I would say that I have 3 children in Y Soft, whom I love much, I like to remember them and whenever I have the opportunity, I ask how they are doing (laughs).

The first one is the ARUR (Applied Research and University Relations) program, which was about applied research and collaboration with universities. During the time I had been developing and managing the program, almost a hundred students went through internships or writing their bachelor's or master's theses. A lot of them stayed at Y Soft afterwards. It's been great to see students come out of school with knowledge that they're starting to apply in Y Soft.

The second is building product security in Y Soft. I built a product security team, and together with the team we established a number of security practices that aim to ensure that Y Soft products are secure. I'm proud of what we accomplished.

Just before I left, I was given the opportunity to recruit an engineering team, which I led, but very briefly. And I'm very fond of that, too.

So the ARUR project was born out of your experience with collaborations during your studies?

I came to Y Soft as a researcher. But I felt like I was in a vacuum because there were not many people who knew about my research or wanted to collaborate. So, I started looking for engineers and product managers and together we identified topics that would move R&D forward in the long term.

Once we had a topic in mind, I came to the faculty and look for people who could help us solve a particular problem. Often, I led the undergraduate theses and dissertations in the areas of distributed systems and security, but there were also topics where we were looking for help from someone else, so we worked with a number of professors and associate professors on the faculty. Over time, in addition to undergraduate theses and dissertations, we started offering internships and even support a PhD student. And that's how it all took off.

Do you think FI prepared you enough to lead a team, or is it something you have to learn during your internship?

Some things the faculty prepared me for and some things I learned on the fly. During my studies, I supervised students' final papers, and I got better at planning work and mentoring. I learned the rest on the fly and in various training sessions.

Why did you eventually decide to leave Y Soft?

Y Soft was going through a transformation in which R&D with managers was to become R&D without managers. I would say it was an interesting but also a difficult period for me. In the end, I had the opportunity to stay at Y Soft, but I realized that I had been there for almost 8 years and it was hard to leave. I started to realize that if I don't do it now, there's a good chance I never will. At the same time, I wanted to try working at another company. So several things came together and I decided to leave.

You're now working at Oracle NetSuite doing security consulting. Is that right?

Yes, I'm still in security. There are several security teams at Oracle NetSuite and each has a different specialty. I'm on the team where we focus on design security. Of all the phases of development, I enjoy addressing design the most. In addition, I have the opportunity to contribute to the overall security program by being in charge of a couple of very interesting company-wide initiatives.

What does the term "design security" represent?

When developing software, development goes through several phases. It starts with requirements gathering, then goes through design, implementation, deployment and maintenance. Our team focuses on design when the code doesn't exist yet and it's just a specification of what the software, or part of it, should look like. We look for bugs in that specification. Design errors are usually expensive to fix when they are found after the product is already out in the world.