Reflecting on My Time as a Security Research Intern at HP Labs, Bristol

HP is a global leader in providing enterprise and personal computing products, ranging from laptops with built-in security protections, to management services for managing and monitoring the security for a fleet of enterprise solutions. HP Labs role within the organisation is to focus on anticipating medium to long-term problems that will impact HP customers, identify opportunities for innovation through early-stage proof-of-concept prototyping, and communicate these to the core business units (Anticipate->Innovate->Communicate). Each lab focuses on a specific area of interest for HP, these include 3D printing & Microfluidics, Digital Manufacturing and more importantly for my work, Security. I was based in HP Security Labs in Bristol, which has three broad areas of focus for research; Device Security (end-point-devices), Infrastructure Security (including cryptography, and supply chains), and Security Management (malware analysis and various topics in data-science). While each one of these areas deserves an article in their own right, I will stick to my experiences working with the device team alongside the incredible systems researcher Chris Dalton.

From April 2021 to November 2021 I was a Security Lab Intern at HP Labs, Bristol. As a member of the Device Security team I was focused on anticipating how we might better use hardware to support security solutions implemented in software, so that we can make more clear assumptions about what the software can and cannot be trusted to do. My day-to-day activities were not so different to what I would expect from my PhD research. I spent a lot of time reading about novel methods published in security conferences, and implementing a PoC solution as a communication tool. The difference and potential for growth as a researcher really came down to how I evaluated the potential utility or impact of the academic research presented at a conference for our industry use-cases. Industry research was (in my opinion) much more grounded in the reality, ensuring there is a balanced focus between advancing the ‘state-of-the-art’ and considering how the research could potentially improve the experience of HP partners and customers. While a subtle shift in mindset, I found this to be immensely valuable in developing my constructive criticism skills when evaluating research.  I also got the opportunity to attend meetings held by HP leadership, which gave me a valuable insight to how research is viewed by top executives in the tech industry.

Of course due to the COVID pandemic I was based remotely for the duration of my internship. However this did not detract from my experience working at HP Labs at all, which I credit to the incredible culture cultivated by Simon, Kayte, Boris, and Jonathan. Everyone at the lab was very friendly and welcoming, going out of their way to setup one-on-one zoom calls to get to chat with me about what I was doing throughout my six month tenure. Kayte encouraged and facilitated coffee chats between all of us interns, many of which were based over seas and shared stories about their work and life experiences. The lab was its own research community, with teams sharing what research they had been up to, and weekly tech-talks by individual researchers about a topic they have been researching. Jonathan’s weekly poet of the week was also a personal highlight of mine, and really set the atmosphere for the labs collectivist culture.

My personal view is that I benefited greatly from my six month internship at HP Labs, and would encourage anyone thinking of doing an industry research internship to take the opportunity. On a technical level I gained experience with many tools that are common within systems research both in industry and academia. As a researcher I gained more confidence in my ability to evaluate and communicate research ideas. It also allowed me to ‘round out’ my professional knowledge, giving me insight into how tech companies are managed, operated, and potential career tracks available outside of academic research. Overall I found it to be a fulfilling experience, and glad that this is something that is encouraged as part of my PhD.

Nathan Rutherford
Nathan Rutherford
Vulnerability Researcher | PhD Researcher

Android vulnerability researcher, and Computer Scientist interested in hardware-software co-design for security extensions