Though computer science is a popular field not many focus on a career in cyber security or ethical hacking. I connected with an expert in the field of cyber security to understand the opportunities available today.
Tell us a bit about yourself
I am Amit Tambe. After my graduation in Computer sciences, I did my masters in network security in US. I worked for almost nine years in the security industry (at McAfee and FireEye). I primarily worked on email security products of these companies, where I got to not only learn about how email security works, but also opportunities to interact with customers (mostly big corporations) to understand their needs and thereby help build better products.
Currently, I am working as a Research Assistant at Singapore University of Technology and Design, on Internet of Things (IoT). This involves working with IoT devices (such as smart watches, cameras, etc.) to understand how these devices can be compromised by attackers thereby building intelligence to prevent such attacks.
What is hacking? Is all kind of hacking bad?
Hacking, is gaining unauthorized access to a system for malicious gain. Such gain can be financial (such as stealing credit card numbers), state sponsored (to gain military advantage or attack electricity grids to cripple another nation) or personal (fired employee holds a grudge and causes destruction to a company’s resources).
However, not all “hacking” is bad. There are enthusiasts who hack away to glory to understand in depth working of systems. This way faults (or vulnerabilities) in systems can be unearthed and patched to prevent real attackers from taking advantage of them. They are viewed as ethical hackers. For e.g. Google has a bug bounty program, where attackers are encouraged to find flaws in their systems and get paid on finding those. Such information can help Google to learn more about the flaws and fix them before real attackers get wind of these flaws.
Another way I view cyber security is by categorizing it into two – attack and defense. I feel both are important. Simply attacking a system can help you only if you are a bad guy. However, the good guys need to think of defending their systems as well. Apart from installing anti malware and antivirus programs, an expert in the field needs to know much more. These are the people who help design and develop such products.
For e.g. If there’s a new virus/malware going around, an expert needs to be able to look into the code for such malware and be able to decipher what it does. A malware may simply copy all your passwords, or delete files or more intelligent malware may just sit on your machine doing nothing till a specific date or time. A malware analyst (as these experts are called), need to correctly understand this behaviour and spread the knowledge.
What kind of educational qualification is desirable for this profession?
Usually, such roles require a high level of technical knowledge gained from both degrees/certifications and experience. An undergraduate degree in computer science or allied fields would be a good start. This can help in laying the foundations required to become a good hacker. Hacking is more of an art rather than a science. So simply obtaining a degree in CS may not be sufficient. You need to have that inquisitiveness and an urge to explore on your own. Supplementing your undergrad degree with further qualifications can be helpful (though not essential). In my case, a Master’s degree helped provide an organized training on the topics of cyber security. Other people I know have acquired several certifications (such as CompTIA, CISSP, CEH or GSEC) to become professional ethical hackers. There are multiple other certifications as well, however the ones mentioned before are recognized and high value. They require not only theoretical knowledge, but also practical knowledge (of attacking systems to pass exams).
Theoretical knowledge and certifications can, however, only take you so far. The field of computer security is ever changing – it started with viruses, evolved to malware, network attacks, email attacks, web attacks and now has moved on to smart devices and national critical infrastructure. One needs to be abreast of recent happenings or face the danger of becoming outdated quickly.
What are the career options in ethical hacking?
There a lot of options. Security products are required by everyone who is connected to the Internet. Companies have devised products for email security, network security and web security. You can become a software developer for a security company to help them design such security products. Possessing a degree in computer science and a thirst for gaining security knowledge can be sufficient for such jobs.
If you have advanced certifications and/or degrees, you can look at joining the R&D departments of such companies. For e.g. McAfee, Google, Microsoft, etc. all invest heavily in security.
Other specialized careers include forensics analysts. Forensics is required after an attack is discovered and it needs to be traced back to its origin. Such analysts need to look through files on computer systems and other logs to identify when an attack happened and how it happened. Such evidence can then be presented in the court of law. Forensics analysts can work for both private companies as well as the government.
Then there are the security consultants. Companies such as Cigital can supply such consultants. These are people who help other companies to study the design of their infrastructure against attacks and then suggest improvements. Consultants also help companies to design entire infrastructures.
You can become a penetration tester. The main job of such people is to ethically attack company systems and help uncover problems. Such attacks can cover different things. For e.g. A penetration tester can come disguised as someone else and try to lure the security guard to let him in the server room. Even physical security comes under the scanner of such analysts.
Great insight into the field of ethical hacking! It is going to be an increasingly important field, I suspect, given how much of our lives are lived online. And it was interesting to read about the different career options within the field – I thought it would all be purely about hacking; didn’t realise forensics and R&D would be part of it too.
Excellent post on cyber security and ethical hacking. Answers a lot of questions I had before. I can imagine how strong the technical skills need to be to track down a hacker… But I have always wondered if it is as tense as they show in movies :).
Amazing and insightful post. Great career in the field of cyber security. Best to know about that Forensics analysts track both private companies as well as the government. Great thoughts.
Very informative. I didn’t know that google pay people to hack into their system! Thanks for taking the time to put this post together.
This was really an insightful post about hacking. We need to be well informed in order to be safe.
Wow this is incredibly interesting! I had no idea about all the careers in ethical hacking. Great post!!
Hi Neha,
Thank you very much for sharing security roundup that will make me able to get best knowledge about the things that I did not know before.
This is the first time I’m reading about ethical hacking and its quite interesting to know all about it. Thanks for the insights and knowledge.
http://www.mumflix.com
A very informative post neha it will definitely help one & all ty for sharing… And putting light on such a mandatory topic.
Cybersecurity actually has n number of career options but people are not aware of this. Thank you for giving light over this. Many of my myths got resolved.
This is such an informative post! People aren’t much aware of this, thanks for sharing this.