Published on July 27, 2011
Information theft has reached terrifying proportions - computer-savvy criminals maliciously attack network security systems and steal confidential information, intercept data transfer, hack email accounts, spread viruses and even commit identity theft. All that hackers need is an infinitesimal loophole to breach the most secure corporate, bank or even government website to wreak mischief, damage or even sabotage.Now shrewd companies are playing these devious experts at their own game by employing ‘ethical hackers' to actually attack their own computer networks! Yes, these ‘white hats' are actually paid to attempt to penetrate or crash the security system in a bid to detect potential vulnerabilities and suggest changes to increase the safety. This pre-emptive measure tests the effectiveness and quality of the network systems and prevents intrusions before they occur.
The term hacker does carry negative connotations, but it proffers a legitimate occupation for computer experts to keep the bad guys out. They use the same techniques and tactics to breach security protocols as their shadier counterparts, but from an ethical standpoint.
This niche job extends unique and interesting functions like quantitatively assessing and evaluating current weaknesses, threats and flaws that can compromise the network security and designing impenetrable systems to keep the information as secure as possible.
Career wise: Ethical hacking (or penetration testing, intrusion testing, red teaming) is a bright and lucrative career option as large companies are beginning to maintain their own teams of ethical hackers.
A survey by the International Data Corp states that the worldwide demand for information security professionals is 60,000 and companies such as Wipro, Infosys, IBM, Airtel and Reliance are always looking for good ethical hackers.
Scope: You can work as an information security specialist/consultant with security firms or a full-time company employee; freelancers are not as preferred by established companies in India. Ethical hacking opens the doors to a multitude of IT based entry-level job positions like Network Security Administrator, Network Defence Analyst, Network Defence Infrastructure Support, Web Security Administrator, Server Administrator, Application Security Tester, Ethical Hacker/Penetration Tester, Security Auditor. Else, you can opt for secured programming, cryptography or forensics.
The job role can extend from authorised hacking to network security surveillance, security tools installation and maintenance, application testing, wireless LAN assessment. There is immense scope for career growth and progression up the ladder – a Network Security Administrator of today can move on to NS Manager, then NS Officer and even become the Chief Information Security Officer in the future.
Similarly, the career graph of an Application Security Tester rises through AS Developer, AS Manager before Chief Application Security Officer. Security Certified Programmers can also progress to Security Project Managers.
Remuneration: In India, pay packages start from Rs.3-6 lakhs per annum and can even go up to Rs.30 lakhs depending on background, experience and job function. Top employers are Wipro, Accenture, IBM, Dell, Google, Cap Gemini, etc. with employment opportunities primarily in Bangalore, Hyderabad, Mumbai, Pune and Chennai.
Ankit Fadia, a renowned computer security expert observes, “Currently there is a huge gap between the demand and supply. Because of this shortage, pay packages and growth opportunities are superlative and ever-growing.” According to K.K. Mookhney, founder and principal consultant of NIIC consulting, “Salaries for information security professionals are at least 20-30% higher than for most other positions at the same level in other fields of IT.”
Skills: The field is open to bright computer science graduates, skilled computer experts or even malicious hackers looking to reform! It is important to have talent, affinity and passion for computers. Excellent programming and networking skills, college-level background in IT is helpful.
A creative streak will enable you to think out-of-the-box and visualise/create different ways to encroach the most secure of systems.
Honesty, integrity and trustworthiness are a must as you will be privy to important (maybe even highly sensitive information). Safeguarding the privacy and confidentiality of the client/user information is highly imperative.
Rigid background checks and security clearance is essential for government work. According to Mookhney, “A good information security professional should have a thirst for knowledge, be able to grasp new concepts quickly, work hard on their own, and have a great love for technology”.
Qualifications: You can opt for formal training or learn it on your own through experience. However both government and corporate sectors are more likely to hire ethical hackers with verifiable credentials. You also have to regularly update your knowledge through workshops, seminars, trade magazines and industry conventions to be aware of the latest tools, techniques and technologies.
Some of the most prevalent professional training certifications in India are:
- Certified Ethical Hacker (EC-Council)
- Certified Hacking Forensic Investigator (EC-Council)
- GIAC Certified Penetration Tester (GPEN) offered by SAN
GIAC Certified Intrusion Analyst (GCIA) The time period varies from a fast-tracked 5 days to 3 months and course fee is Rs. 10,000 upwards. Both online and offline courses provide intimate knowledge of network security protocols, multiple computer codes and extensive hands-on training for spotting vulnerabilities.
Yet, the risk of prosecution often keeps bright IT enthusiasts from building a career in information security.
Remember that this is authorised access and organisations cover the risk of defrauds by defining the parameters of probing, penetrating and testing in a legally binding contract.
This works as your security blanket too and will protect you from the law provided you strictly abide by the ethical codes. Also, be aware of the laws and penalties of unauthorised hacking and never begin any hacking activities until you have a signed legal document giving you express permission.So get set to join the online cops' brigade with a license to hack!
Payal Chanania
Institutes
- Appin Knowledge Solutions
Location: All over India
- Adept Technology Pvt
Location: Bangalore, Chennai, Hyderabad
- The Institute of Information Security
Location: Hyderabad, Mumbai
- Jodo Institute
Location: Chennai, Hyderabad, Delhi, Mumbai
- E2 Labs
Location: Hyderabad
- InnoBuzz Knowledge Solutions
Location: Bangalore, Hyderabad, Chennai, Delhi, Mumbai, Pune, Kolkata
- K-Secure IT Security Services
Location: Mumbai
- Ankit Fadia Certified Ethical Hacker course
Location: All Reliance World outlets across India are official training centres for the AFCEH course. Presently, AFCEH is available at 242 outlets of Reliance World across 105 cities in India