TrustPoint Blog

This summer I have been lucky enough to work for TrustPoint as a co-op student. Since I am a math and computer science student at the University of Waterloo, with an interest in cryptography and information security, I couldn’t have asked for a better opportunity.

The IoT Project

Throughout this term, I’ve had the opportunity to work closely not only with the regular TrustPoint development team but also with another co-op student, Zijin Li, a graduate student in computer science, also from the Univerity of Waterloo. On our first day at TrustPoint, we were given our biggest project for the co-op term: to build an Internet of Things device.

TrustPoint’s development team consults with other companies who produce IoT devices to help ensure that those devices are properly secured. However, the team doesn’t witness the process of creating the device and doesn’t necessarily have access to the internal documentation created throughout development. By having Zijin and I create a product, TrustPoint’s developers could gain a window into the process, as led by two people without much security experience. This way, they would be able to see how other developers think about projects, and how they handle security.

With this goal in mind, Zijin and I were given free reign in what we wanted our device to do. That flexibility is just one of the advantages of working at a start-up company like TrustPoint. Still, neither Zijin nor I had ever worked on a project like this one before. Zijin had experience with web development and I had previously worked with Python, the main language of the Raspberry Pi single-board computer. Any other knowledge we needed we had to learn on the fly. It was a challenge, but a hugely rewarding one.

After just over a month, we had completed our product: a modular system for connecting different types of sensors to the Raspberry Pi, with a smart doormat based on a Wii Balance Board as a demonstration. Our system allowed the device to send sensor information to a server, which in turn could notify the user of sensor status. We also created a way for a user to dynamically change the settings of different sensors, and a system for updating the program running on the device.

Now that our device was up and running, it was time for the development team at large to do a full security review. We explained how the device worked and what we had done to secure it. Over the course of several hours the team asked further questions. They had dozens of suggestions for improving the device’s security. At the end of the review, I had made pages of notes on new concepts to research and potentially implement in the project. TrustPoint’s developers and security consultants really are the experts.

Now, based on what they observed in our project and our documentation, the TrustPoint team is working on creating a complete model for threats to IoT devices that will make their consultation process even better.

A Learning Opportunity

After finishing the IoT project, I spent time working on TrustPoint’s CA and V2V SDK. Between small partner projects and contributions to these larger projects, I have gained more software development knowledge and experience than I could have expected at the beginning of this term. There are so many aspects of the field that cannot be taught in a lecture hall. It is fantastic that TrustPoint and other local technology companies are so supportive of UW‘s co-op program.

In addition to experience, I’ve had the chance to work with a great group of people. I’ve learned plenty from the diverse members of the team, and we’ve had a lot of fun, too, going bowling, enjoying monthly barbecues, and volunteering in the community.

TrustPoint is a fantastic company and a great place to work. Contact TrustPoint today if you think you might be the right fit for our elite development team.