Pages

Aug 3, 2011

LICENSE TO HACK

Published on July 27, 2011
 Information theft has reached terrifying proportions - computer-savvy criminals maliciously attack network security systems and steal confidential information, intercept data transfer, hack email accounts, spread viruses and even commit identity theft. All that hackers need is an infinitesimal loophole to breach the most secure corporate, bank or even government website to wreak mischief, damage or even sabotage.
Now shrewd companies are playing these devious experts at their own game by employing ‘ethical hackers' to actually attack their own computer networks! Yes, these ‘white hats' are actually paid to attempt to penetrate or crash the security system in a bid to detect potential vulnerabilities and suggest changes to increase the safety. This pre-emptive measure tests the effectiveness and quality of the network systems and prevents intrusions before they occur.
The term hacker does carry negative connotations, but it proffers a legitimate occupation for computer experts to keep the bad guys out. They use the same techniques and tactics to breach security protocols as their shadier counterparts, but from an ethical standpoint.
This niche job extends unique and interesting functions like quantitatively assessing and evaluating current weaknesses, threats and flaws that can compromise the network security and designing impenetrable systems to keep the information as secure as possible.
Career wise: Ethical hacking (or penetration testing, intrusion testing, red teaming) is a bright and lucrative career option as large companies are beginning to maintain their own teams of ethical hackers.
A survey by the International Data Corp states that the worldwide demand for information security professionals is 60,000 and companies such as Wipro, Infosys, IBM, Airtel and Reliance are always looking for good ethical hackers.
Scope: You can work as an information security specialist/consultant with security firms or a full-time company employee; freelancers are not as preferred by established companies in India. Ethical hacking opens the doors to a multitude of IT based entry-level job positions like Network Security Administrator, Network Defence Analyst, Network Defence Infrastructure Support, Web Security Administrator, Server Administrator, Application Security Tester, Ethical Hacker/Penetration Tester, Security Auditor. Else, you can opt for secured programming, cryptography or forensics.
The job role can extend from authorised hacking to network security surveillance, security tools installation and maintenance, application testing, wireless LAN assessment. There is immense scope for career growth and progression up the ladder – a Network Security Administrator of today can move on to NS Manager, then NS Officer and even become the Chief Information Security Officer in the future.
Similarly, the career graph of an Application Security Tester rises through AS Developer, AS Manager before Chief Application Security Officer. Security Certified Programmers can also progress to Security Project Managers.
Remuneration: In India, pay packages start from Rs.3-6 lakhs per annum and can even go up to Rs.30 lakhs depending on background, experience and job function. Top employers are Wipro, Accenture, IBM, Dell, Google, Cap Gemini, etc. with employment opportunities primarily in Bangalore, Hyderabad, Mumbai, Pune and Chennai.
Ankit Fadia, a renowned computer security expert observes, “Currently there is a huge gap between the demand and supply. Because of this shortage, pay packages and growth opportunities are superlative and ever-growing.” According to K.K. Mookhney, founder and principal consultant of NIIC consulting, “Salaries for information security professionals are at least 20-30% higher than for most other positions at the same level in other fields of IT.”
Skills: The field is open to bright computer science graduates, skilled computer experts or even malicious hackers looking to reform! It is important to have talent, affinity and passion for computers. Excellent programming and networking skills, college-level background in IT is helpful.
A creative streak will enable you to think out-of-the-box and visualise/create different ways to encroach the most secure of systems.
Honesty, integrity and trustworthiness are a must as you will be privy to important (maybe even highly sensitive information). Safeguarding the privacy and confidentiality of the client/user information is highly imperative.
Rigid background checks and security clearance is essential for government work. According to Mookhney, “A good information security professional should have a thirst for knowledge, be able to grasp new concepts quickly, work hard on their own, and have a great love for technology”.
Qualifications: You can opt for formal training or learn it on your own through experience. However both government and corporate sectors are more likely to hire ethical hackers with verifiable credentials. You also have to regularly update your knowledge through workshops, seminars, trade magazines and industry conventions to be aware of the latest tools, techniques and technologies.
Some of the most prevalent professional training certifications in India are:

  • Certified Ethical Hacker (EC-Council)
  • Certified Hacking Forensic Investigator (EC-Council)
  • GIAC Certified Penetration Tester (GPEN) offered by SAN
GIAC Certified Intrusion Analyst (GCIA) The time period varies from a fast-tracked 5 days to 3 months and course fee is Rs. 10,000 upwards. Both online and offline courses provide intimate knowledge of network security protocols, multiple computer codes and extensive hands-on training for spotting vulnerabilities.
Yet, the risk of prosecution often keeps bright IT enthusiasts from building a career in information security.
Remember that this is authorised access and organisations cover the risk of defrauds by defining the parameters of probing, penetrating and testing in a legally binding contract.
This works as your security blanket too and will protect you from the law provided you strictly abide by the ethical codes. Also, be aware of the laws and penalties of unauthorised hacking and never begin any hacking activities until you have a signed legal document giving you express permission.So get set to join the online cops' brigade with a license to hack!
Payal Chanania
Institutes
  • Appin Knowledge Solutions
http://www.appinonline.com/acse.php
Location: All over India
  • Adept Technology Pvt
http://www.adeptechno.com/ec-council-ceh.asp
Location: Bangalore, Chennai, Hyderabad
  • The Institute of Information Security
http://www.iisecurity.in
Location: Hyderabad, Mumbai
  • Jodo Institute
http://www.jodoinstitute.com/boot-camp-CEH-v6.php
Location: Chennai, Hyderabad, Delhi, Mumbai
  • E2 Labs
http://www.e2-labs.com/
Location: Hyderabad
  • InnoBuzz Knowledge Solutions
http://www.innobuzz.in/ethicalhacking.html
Location: Bangalore, Hyderabad, Chennai, Delhi, Mumbai, Pune, Kolkata
  • K-Secure IT Security Services
http://www.ksecure.net/ethical-hacking-training.htm
Location: Mumbai
  • Ankit Fadia Certified Ethical Hacker course
http://www.ankitfadia.in/afceh.html
Location: All Reliance World outlets across India are official training centres for the AFCEH course. Presently, AFCEH is available at 242 outlets of Reliance World across 105 cities in India

STAYING UP-TO-DATE


Published on July 27, 2011
Working women do have their work cut out for themselves. Anything they can do, the men can ALWAYS ‘do it better'!
Fight it all you want to but let's face it, the working world often does get stereotypical and gender-biased. Women have to work all the more harder and about the only way to survive and make it to the top is to keep yourself current and up-to-date. Know what is happening around you – in the world, in your profession, in your industry, even in your work place…
Alas, many women weighed down by never-ending responsibilities sadly overlook this job demand and get stuck in the rut of middle management unable to move up. As a supply chain consultant for a supermarket chain says, “When compared to men most career-women are challenged and restricted by situations that are natural in life (like being a mother and raising a family). This is where most of us face a conflict and often agree to a compromise at work.
However, updating yourself will put the shine back in your work as well as demonstrate your commitment, motivation and drive. Being in the loop of what's happening is crucial not only for advancing your career trajectory, but also for simply holding on to the job you do have. Keeping a finger on the latest developments, strategies and trends in the industry will enable you to confidently discuss topics, defend your views and quite simply hold your own amidst colleagues/managers, earning you the respect/recognition you both deserve and crave. Shilpa Nainani, Creative consultant, Orange Media observes, “As a woman myself, it's imperative that if I have to make a difference in my field of operations I have to keep myself abreast with the latest happenings, current affairs, developments around the world and make sure that I am high on my area of expertise.”
But time is definitely at a premium for a working mother as she juggles one role too many.
Already struggling to keep pace, the need to stay informed adds to the brimming pressures. Where is the time, let alone focus and motivation, to find out what is happening in the world?
Ahead of the curve
It's all about proactive time management, planning and knowing where or more importantly how to look. As Subha C., ex-faculty at NIIT, elaborates, “A lot of times women give the excuse of their family, kids, etc. But I wish for once we all could take into account how effectively we can get things done if only we planned ahead to a certain extent and managed time better!”
Some working woman-friendly avenues for continued professional growth:
Power of the web: There may not be time to randomly surf the web, but you can periodically visit certain relevant websites and read about important events, recent challenges and other market news. Email lists, newsletters, social networking sites, discussion boards and forums are easy and effective ways to find information.
One doesn't have to skinch on family time; these activities can very well be incorporated in the workday itself. As Subha Vishwanathan, Senior Quality Analyst at BostonLogix, Hyderabad reflects, “To keep myself updated, I read a lot of e-magazines and am actively involved in some forums for software testers. When I come across a new term or tool I am not familiar with, I note it and research on it when I get the time.”
Print format: Identify a few selected but varied industry publications, journals or magazines that reflect prevailing trends on a range of topics. For instance, earmark an hour a week to carefully read and reflect on some interesting articles. It will be time well spent!
Or, as Pradeepa Kesiraju, Test Lead, Microsoft India opines, “Take time from work to read even if for 10 minutes. It could be technology, politics or anything but those 10 minutes would add a lot of knowledge and value!”
Network, Network: Cultivate a strong network of contacts across gender lines and strive to maintain the relationships. For instance, make it a point to speak to at least one inspiring or empowering person every week, be it at a business lunch, professional gathering, a workshop or even a social event. Dimple Melwani, Project Manager at Gokals Healthcare Services Ltd. advices, “Women tend to get too involved with their routine lives and forget to keep in touch. Don't burn bridges with your old colleagues/classmates. There's a lot you can learn from them!”
Expand skills: Don't forget that knowledge and skills should be regularly updated. Take advantage of company-sponsored training or sign up for short courses to stay on top of latest technological advances.
You can go in for external programmes with specifically tailored curriculums, choosing from options like regular classes, do-it-yourself books or online courses that you can do at your own time.
To sum up, the world is continually transforming with blink-and-miss opportunities… Make sure you stay in sync or you may be left behind.
If you are still not stirred, consider what Vaishali Parikh, Consultant - Engineering Process & Infrastructure (EPI) at ABC Consultants Pvt. Ltd highlights, “Think that you are the primary bread winner for your family (NOT A SUPPORT TO YOUR SPOUSE).
It will automatically engender all the focus/motivation that you need to stay in the loop!”
Payal Chanania