In this age of information, security often becomes the first casualty. Sanchayan Bhattacharjee looks at the profession of ethical hackers who are tasked with safeguarding this information
As per data from Internet Live Stats, more than 24 crore Indians access the internet and the number is growing rapidly by 14 per cent every year. Thus, a significant amount of information, some of it private and sensitive, finds its way online. Often internet users fall prey to viruses, malware or even theft of private information because their software system was not robust enough to protect them. In order to prevent this, ethical hacking, a process through which professionals expose chinks in the software systems at the behest of the company itself, is gaining prevalence. The idea is to find the fallacies in the system and correct them internally before a third party finds it and causes harm.
Since most organisations in India have an online presence, there is always a need for ethical hackers to foolproof the system. According to data from the National Association of Software and Services Companies (NASSCOM), India will need around 500,000 security professionals in the next five years. Right now it just has 40,000. “India is the fifth most cyber crime affected country. As office communications continue to be carried out on Gmail and cloud services are used to archive confidential information, digital espionage will increase rapidly with time,” says Sandeep Sengupta, director, Indian School of Ethical Hacking.
Since an ethical hacker must always be a step ahead from the rest when it comes to diagnosing problem areas in information systems, he/she needs to have a diverse set of skills. Predictably, a through grounding in different computer programming languages is a must. Since not too many institutes in the country offer undergraduate courses in cyber security, students who have completed their BTech or BSc in the relevant fields are eligible to become ethical hackers. However, they must supplement their graduate study with a postgraduate diploma or certificate course which focuses solely on security of systems.
“An understanding of different operating systems like Windows, the various Linux versions as well as TCP/IP protocols like SMTP, ICMP and HTTP is also important for an ethical hacker,” says Raju Vanapala, CEO, LearnSocial, a platform which provides ethical hacking courses. In addition to sound technical knowledge, certain soft skills are also valued in this profession. “This is a job where a criminal hacker may outwit you at every stage. Thus qualities like an eye for detail, creativity, analytical and logical thinking are important,” adds Vanapala.
Most organisations prefer the Certified Ethical Hacker (CEH) certification provided by the International Council of Electronic Commerce Consultants (EC Council). There are several course and test centres across the country to train students and also different levels of certification. “Most Universities that offer courses have failed to keep up with the rapid change in technology, risks and techniques in the field. Global certifications like CEH, CISA and CISSP are most valued in the industry,” adds Sengupta.
So apart from knowing a software system inside out in order to find flaws, what more do ethical hackers learn? “We also learn Vulnerability Assessment and Penetration Testing. This involves trying to get access to a system in extremely convoluted ways, and this depends on a hacker’s creativity. It is these two aspects which drew me to this field,” says Kirit Gupta, 22, a final year engineering student (IT) who is already a certified ethical hacker. Gupta who would like to pursue legal hacking as a profession is well aware of the profession’s importance. “If a security professional is not one of the people responsible for building the IT infrastructure of the nation, information will be almost surely falling into the wrong hands,” he adds.
Samrat Das, a Master’s student at BITS – Pilani who was inspired to learn hacking after watching ‘The Matrix’ while in school, second this view. “Despite the rapid growth of the internet in India, we do not have enough cyber security experts to ensure that the medium is not misused,” he says. Das learnt the basic concepts online before taking up formal hacking during his first year of computer science engineering. He is fascinated with the concept of reverse engineering wherein a software code is completely stripped down before being analysed for problems and modified accordingly.
As far as the job market is concerned, experts agree that lucrative opportunities in this field will increase exponentially. “Since the market demand is more than 10 times the current supple, we do not expect any recession in this field in the coming years,” says Sengupta. Vanapala agrees and adds, “There is a huge demand for such professionals in companies like Wipro, IBM, Infosys, Reliance, and Airtel. Today ethical hackers are not just restricted to working for the organisation they have been employed into but also gradually endeavouring to launch their own consulting businesses. The annual salary for freshers in this field can vary from Rs 3.5 lakh to 30 lakh depending on the company.
Every company needs security professionals. They safeguard the company data and infrastructure. Software companies needs developers with the knowledge of secure coding techniques. Manufacturing companies, where the price of a machine can cost crores of rupees, will need ethical hackers to protect their intellectual properties and designs,” signs off Sengupta.