Behind the Scenes with Bogdan Ionita | by Renae Kang

The Cloud Security Architecture team at Adobe designs and delivers scalable cloud security architecture that helps define our secure-by-default infrastructure. Working together with the cloud security engineering team, our cloud security architects guide advanced development of security tooling and help enable overall infrastructure interoperability across a wide range of security components.

In this blog, we’ll take you Behind the Scenes to meet Bogdan Ionita, our principal cloud security architect to learn more about his career journey and what he enjoys most about working at Adobe.

I was born in Romania and wrote my very first line of code back in 1993, when I was 9 years old. Let me elaborate a little bit…

Throughout the 80s, the computer industry in communist Romania was prototyping and releasing several ZX Spectrum clones, essentially home computers that were unofficially based on the Sinclair ZX Spectrum designed in the UK. They were used in industry, research, and education, but they also served as high-tech toys — one of the few avenues of entertainment. They even had a thriving black market around them where you could find anything from spare parts to entire building kits, as well as video games that could be loaded from audio cassette players (no joke!).

In 1989, the communist regime in Romania fell, but it did not instantly become a free-market capitalist democracy. Throughout the 90s, a lot of the previously state-owned institutes, companies, and factories continued to operate as before to provide most of the same output, including those wonky computers. During most of my childhood, my father worked as a technician for what was back then the only computer repair institute in the country. When your job is to take apart, diagnose, and repair these machines, you get access to a lot of spare or discarded parts. So what’s a dad to do when those spare parts start to add up to a complete computer? Build one, of course! Then give it to your kid — maybe he’ll appreciate it as a toy. And boy, did I appreciate it! It also helped that the model was called CoBra, which stood for Computer Brasov, the Romanian town where it was initially prototyped.

When the computer started, it immediately booted into a BASIC interpreter and waited for commands. Most of the time you would just type “LOAD” and then feed it a video game from your audio cassette player, making sure you weren’t actually feeding it a Michael Jackson song or anything like that. However, 8-bit games have a way of becoming boring after a while, and I became curious about all those other commands that were listed on the keyboard. Some of them even had fun names, like “CIRCLE” and “BEEP.” It wasn’t long before I started bugging my dad about what all of those did, so to shut me up, he handed me a BASIC programming book. I was immediately hooked — there was something magical about being able to bend that machine to my will, where previously it only ran the video games that someone else had created. I even wrote a simple Space Invaders-like demo and stored it on what was probably a bootlegged Vanilla Ice audio cassette, much to the dismay of my older sister.

Over the years, schools in Romania started adding computer classes on x86 architectures. I learned Pascal at first, then C, and then dove deeper into computer algorithms and data structures in high school. This was around the year 2000 when Romania was still a young democracy, so some of the people in my high school had no qualms about hacking their way through high-profile websites and then openly bragging about it. I became curious about their methods and started to wonder why they were successful. Were site admins not paying attention? Were they not up to date with the latest methods? Was there something inherently broken about computers, security, and the Internet? So I bought some books to learn more.

When I graduated college, I didn’t immediately get to work in security. These kinds of jobs were hard to find in Romania, even more so for a new college grad with no working experience. My first roles were in software engineering for companies like Freescale (now NXP) and IXIA (now Keysight). I was still playing around with penetration testing tools though, and then I got to work on IPSec testing software at IXIA.

My first real security job came around when Adobe hired me to work as a security engineer on Business Catalyst, a hosted SaaS solution for building business and e-commerce websites. The four years I spent with the team were both exciting and educational. I got to work on many aspects of security, from infrastructure and databases to implementing application security features and helping with PCI-DSS audits. My first (and so far, only) software patent is also from those times — for managing and negotiating TLS certificates on a load balancer — done in collaboration with some of my brilliant teammates back then.

My next big break came when the central Operational Security Team (now called the Cloud Security Team) wanted me to come and work for them out of their San Francisco office. To cut a long story short, I moved from Bucharest in Romania to San Francisco in November 2018 and have been working as a cloud security architect ever since.

Cloud security architecture is all about helping Adobe hide away the complexities of running cloud infrastructure, enabling the product and service teams to do their magic without worrying about runtimes, OS patching, database maintenance, or properly configured access. My team, together with other architects at Adobe, are right now designing the next generation infrastructure platform, and I get to work with some of the smartest people I’ve ever met.

I’ve been using Adobe products ever since I was a freshman in high school, publishing our high school paper in what was back then called Adobe PageMaker. I’ve also had photography as a hobby (as my father did, and my grandfather before him), so I’ve been using Adobe Photoshop for as long as I can remember. When Adobe asked me to interview for the security engineer position, all I could think was, “Wow, I might get to work for a company whose products I actually love!”

As it turns out, 9 years later, I’m still with that company, and Adobe MAX is probably one of the best things about working here. The creative community surrounding Adobe and the output that comes out of its software products are unmatched. Some of your Hollywood favorites are most likely done with Adobe Premiere and After Effects.

Break things! Find all the ways that software and systems can go wrong or be abused. Then start thinking about what you would do to prevent all of that. Did you enjoy the process? Then, you might like working in security. Knowledge of computer science, systems architecture, applied cryptography, and software engineering are also very helpful in easing a transition into security.

If I had to recommend a single online course or certification, it would be the Offensive Security Certified Professional (OSCP) and any of the courses that follow that. It’s a penetration testing course that takes you through many attack techniques and procedures. Be warned though, it’s a doozy! The best thing about it is that it’s really hands-on and offers a complete virtual lab of about 60 machines, where you can go nuts and hack everything as you venture deep into the network until you reach the Domain Controllers.

I used to be licensed to fly ultralight trikes and actually co-owned one with a friend back in Romania. It’s the most amazing feeling of being able to fly high or low, without being encased in a full cockpit. I would always say it’s like the “motorcycle of the skies.”