“Comprehensive, competent support”
Every day, Mirko Lange heads out into the field on behalf of automotive security. He is a Field Application Engineer (FAE) for CycurHSM. He advises and supports customers to successfully integrate ESCRYPT’s firmware for hardware security modules. In this interview, he explains what that involves.
Mr. Lange, what does a Field Application Engineer at ESCRYPT actually do?
My main task is to accompany and support customers during the commissioning of CycurHSM. We usually offer customers an initial on-site integration workshop, where I explain the use cases and the steps necessary for integration – activating HSMs, conducting and testing initial crypto operations. But even if the customer is familiar with the basics after that, they often need further integration support, for example when they have to implement a special use case with a supplier. I support them, help them with sample code, or make it easier for them to dive deeper into the subject by providing them with the white papers I’m writing. In short: I am there for customers whenever and wherever they need special security knowledge and specific product support.
How long do you support customers for in a project like this?
It depends. Some customers are well prepared and have already had experience with security and HSM, while others are just getting started. This means people’s knowledge level and learning curves vary a great deal. Aside from that, very few customers book “just a few days of support.” Instead, they want comprehensive, competent support right through to the market-ready product. I tend to support my customers for between six months and one year – and I try to be as flexible as possible.
What professional and personal skills do you need as an FAE?
You have to be very communicative, enjoy communicating and direct dialog with customers, and be open to their problems. Of course, as an FAE, I have to have a certain level of expertise, too – especially in the field of hardware, regarding ECUs and how they interact across the vehicle network or with the backend – but I also need sound knowledge of the latest security algorithms and their interplay with the hardware. You always have to be ready to learn new things. For example, all sorts of manufacturers are always launching new microcontrollers. I always have to be up to date when it comes to CycurHSM. Last but not least, you should be very willing to travel – I spend a lot of my time on the road traveling to customers for ESCRYPT.
In your opinion, what are the biggest challenges at the moment in implementing automotive security?
It’s clear that security requirements have grown non-stop over the last few years. Security is also becoming increasingly important for OEMs. Many of them and their suppliers have specific requirements and want to use their very own custom security solutions. Our challenge is to offer a product that meets the requirements of all our customers as a platform solution, and at the same time is flexible enough to be able to map the individual requirements of each manufacturer.
Does this mean that the support of an FAE is becoming more and more important for the customer?
It really depends. Many OEMs are starting to set up their own vehicle protection departments. They’ve often already got experience from previous projects and need our support only in specific instances during the commissioning of our solution. Others are still very much in the early stages when it comes to security, so they want more comprehensive and longer-term support from us. Tier 1 suppliers, in particular, are increasingly faced with security requirements from OEMs that they can hardly cope with on their own. That’s where we help them close their “security gaps.”