Learn how to initiate and conduct a security research project in this comprehensive conference talk. Explore the fundamentals of applied vs. basic research, understand the pros and cons of research, and discover various types of questions to guide your investigation. Delve into the epicycle of data analysis, asset acquisition, and core research ideas. Gain insights on building a research team, establishing a device research workflow, and selecting appropriate lab equipment and software. Understand the importance of knowing when to conclude your research and how to measure success or failure. Master the art of presenting your findings through print and code, defending your research, and adhering to responsible disclosure practices. This talk provides valuable guidance for both novice and experienced security researchers looking to bootstrap their projects effectively.
Overview
Syllabus
Introduction
Pasteur's Quadrant: Applied vs. Basic Research
Do You Look Like a Researcher?
Research Pros and Cons
Types of Questions
Epicycle of Data Analysis
A Word on Asset/Device Acquisition
Core Research Ideas Circuitry
The Research Team
Sample lot Device Research Workflow
Suggested Lab Equipment and Software
Knowing When To Stop
What Does Success Look Like?
What Does Failure Look Like?
Presenting Your Research: Print
Presenting Your Research: Code
Defending Your Research
A Word About Responsible Disclosure
