“I’m happy when I can help others feel safe in the digital world,” says Vojtěch Dvořák, a successful student at FIT BUT

Vojtěch Dvořák is a student at the Faculty of Information Technology BUT. At the same time, he has been working for more than three years as a software engineer at Gen, formerly Avast, specifically in the Threat Labs team. This is a specialised cybersecurity research team responsible for identifying, analysing, and monitoring new digital threats and scams around the world. Vojtěch focuses specifically on extracting malware features and subsequently classifying them. As a software engineer, he helps develop and maintain internal systems used mainly by threat analysts.

Vojtěch Dvořák began working for this major technology company while still pursuing his Bachelor’s studies at FIT BUT, when he became interested in formal languages and compilers. His Bachelor’s thesis, which was also developed thanks to his work at Gen, focused on the incremental static analysis of the YARA language, which analysts use to detect and classify malware. For this thesis, he received an award from Gen for its exceptionally high quality. Today, he is completing his Master’s studies with a specialisation in machine learning and, together with Gen, is working on his Master’s thesis on improving the detection of cyber scams based on visual data, specifically images of PDF documents and websites. Vojtěch’s career so far is another example of a perfectly managed symbiosis between university study and research in the environment of one of the Faculty’s industry partners. That is why we invited him for a short interview and asked him about his career path so far.

---

Do you remember when your interest in computer science and information technology first began?

I have always been more technically oriented, most likely also because of my father’s technical profession, as he is an electrical engineer. At the multi-year grammar school I attended, we worked on technical secondary-school projects related to robotics. That was also where I first came into contact with programming. I decided on FIT specifically because of an experience at an open day.

I understand that you got into cybersecurity quite early during your studies. What attracted you to this field?

IT is a dynamic world in itself, but what attracted me to cybersecurity in particular was how quickly it develops. With threats changing so rapidly, you never get bored. And, of course, I see great purpose in it. I am happy when I can help others feel safe in the digital space. As long as people move around in that space, they will want to avoid risks just as they do in the real world, which, at least in my eyes, makes this a promising field.

How did you actually end up at Gen?

First, I completed the Formal Languages and Compilers course at FIT, and later, in another course, I attended a guest lecture by a doctoral student who was also working at Gen. The possibility of writing a Bachelor’s thesis in cooperation with the company was presented there. At the time, I was looking for a way to gain some practical experience alongside my studies, so it all fit together nicely.

I have to ask: formal languages and compilers are not an easy topic. And combining studies with an internship at a technology company is certainly not a simple path either. What led you to “complicate” your life in this way?

To be honest, the prospect that the internship would also involve work on my Bachelor’s thesis made the whole picture considerably simpler. It was a challenge, I do not deny that. But at Gen specifically, a major advantage is that the management is very accommodating towards studies — during the exam period, for example, the demands of a student’s schedule are clearly taken into account. Even so, you do have to sacrifice some time beyond your studies, although I did not have to push myself to the very limit. If you choose to study IT, it is not a hobby but a choice of professional path. And if you can try out real practice while still studying, it helps you choose your Master’s specialisation, elective courses, and so on. In a way, it is a form of self-discovery.

Your Bachelor’s thesis focused on the incremental static analysis of the YARA language. What interested you about this topic?

I had a sense that the topic was directly related to the material covered in the Formal Languages and Compilers course. I wanted to learn what the current development in this area looked like in practice and how the theory could actually be applied. In addition, during the internship I learned many other things related to software development and more advanced concepts in languages such as C, C++, and Python. On the other hand, I was pleased that I could already make use of many things I had learned at school during the internship — not only theory, but also soft skills such as teamwork and the ability to learn systematically. At the Faculty, you face challenges repeatedly, and that makes you better prepared for challenges at work.

You have been working in the Threat Labs team since the beginning of your internship. How would you introduce it to readers?

The team analyses new threats that appear in cyberspace. I specifically focus on extracting malware features that can be used to classify it. I have to say that I have a relatively high degree of freedom in how I can solve problems, although this also requires thorough research.

… and within Threat Labs you also worked on the topic of your Bachelor’s thesis, which, incidentally, received an internal Gen award for its high quality. What was the aim of your research?

The situation where we have an enormous number of threats creates a need to describe and classify them clearly. This is what the YARA tool and the language of the same name are used for. In this language, we write rules that define the characteristic features of malware, or rather rules that make it possible to identify and search for malware. Just as programmers try to be as efficient as possible when writing code in programming languages, cybersecurity threat analysts want the same when writing rules in the YARA language. For this reason, they use various tools to make working with YARA source code easier. My thesis specifically dealt with how to make the automatic checking of rules in this language more efficient from both the semantic and syntactic perspectives. The aim was faster detection of errors in the code, which ultimately speeds up the work of malware analysts.

For your Master’s thesis, however, you chose a different topic: detecting cyber scams based on visual data. Why this topic in particular?

After my Bachelor’s studies, I was choosing a specialisation for my follow-up Master’s degree, and, also with regard to trends in IT, I opted for machine learning. After about a year, I began focusing directly on malware detection using visual features at the company. I saw this topic as a great opportunity to combine my study specialisation with the field of cybersecurity. But my “shift” towards machine learning actually reflects broader changes in the field of cybersecurity threats and scams in general. Almost everyone has probably received a fraudulent email, attachment, or something similar at some point. When detecting fraud, we try to understand the content of a document in greater depth. On the other hand, fraudsters try to make detection more difficult through obfuscation, or the “masking” of documents, which complicates the work of analysts attempting to detect fraud using specialised tools.

By masking documents against specialised tools, you mean, for example…

… for example, when the text in a PDF document is replaced with an image. The text is then not visible to the detection tool. Put simply, my Master’s thesis deals with the idea that instead of trying to detect fraud directly in the document in its original format, we work from its visual representation, from the rendered document, thereby bypassing these methods of masking. We use machine learning algorithms that enable us to automatically describe and annotate documents in image form. We then try to cluster documents based on their semantic and visual similarity. Thanks to this, we know what to focus on when deploying specialised detection tools. In my thesis, I mostly deal with PDF documents, although they are not the most common attack vector. Fraudsters use virtually all communication channels when carrying out scams.

Is there any result of your work that you are particularly proud of?

I recently had a really good feeling when I learned that my Master’s thesis solution had helped uncover the first real fraudulent campaign.

Cybersecurity is a field that is developing and changing very dynamically. Do you think the type of threats you deal with in your work will still be relevant in a few years’ time?

It is becoming increasingly easy to generate fraudulent documents, partly thanks to tools that use so-called artificial intelligence. Attackers can create high-quality personalised fraudulent documents relatively cheaply and, at the same time, target them at a large number of users. That is why I think the number of attacks of this type will continue to grow for some time.

And where do you see yourself in a few years? Where will your steps lead after completing your Master’s studies at FIT? Are you perhaps considering a doctorate?

I am considering it; I like trying new things and taking on new challenges. But I think that for some time I will be happy to focus only on my work at Gen. I do not have one specific major career goal. I see purpose in what I do, and that is not a small thing.