While in college you had successfully hacked your way into your friends Orkut account, edited it and had fun. You were even involved in hacking your college website and added your ideas to your dean’s thoughts. If so then you may be a budding hacker. But let me inform you that hacking is illegal! But what if you get paid for what you are good at and still be considered within the law. Surprising but yes, you can be an Ethical Hacker.When hacking began, it was believed to be used by teenaged computer geeks to show off. What at first began as pranks has now become a major crime that has left many companies and organisations wondering as to how to deal with it. A virus attack, initiated by Cyber criminals or hackers, may strike in such a way that it could erase your entire system; or someone can steal confidential information from your systems or even break into your systems and modify your files without your knowledge. The function of a cyber security professional is to protect the data and systems in the network that are connected to the internet. A hacker tries to find loopholes in a system and break into it. The job of a cyber security professional is the same as of a typical hacker, albeit with a difference, i.e. to fix the loopholes in a system before it is exploited by the hackers.
In today’s hi-tech world, where right from individuals, corporate bodies, government agencies to various other sectors are getting dependent on computers and internet, it has become very crucial to take the right steps to provide security to confidential data and information from the clutched of crackers or black hat hackers. Moreover, as we are getting more and more dependent on all different forms of electronic transactions such as, e-shopping, e-banking, e-commerce, e-ticketing, e-gaming and so on, the ‘Cyber Crime’ has been increasing day-by-day. This in turn has given rise to “Cyber Security” which helps one to avoid becoming a victim of cyber crime.
Plugging Loopholes
Today, there are many IT training professionals hired by companies and organisations of all sizes to ensure security set up of their systems and networks. These professionals help in finding out the loopholes in the set up of the existing systems and networks. After this, they take up measures to mend these loopholes to network security and lots more. These professionals are given all round training related to computer and network infrastructure and they have a sharp mind to think one step ahead of what black hat hackers might think of. The task of ethical hackers is similar to those of black hat hackers with the main difference between the motive and reason behind it. These white-hat hackers or ethical hackers help to protect the computer system from the hands of black hat hackers and prevent them from sneaking into secure networks. They are hired by companies to protect their network systems from predatory attacks, stave off hacking attempts and secure their data.
Although, software engineers do have a preference, the basic requirement to be a cyber crime professional is a graduate in any discipline. Good knowledge of networks and understanding of hackers mind is essential apart from aptitude and keenness to learn. A course in cyber security will help you get acquainted with the hacking world.
The demand for ethical hackers is huge and growing. An ethical hacker is hired by top organisations to inform them about any error in their network security and to sort out the problem. A course in cyber security would help you get acquainted with the hacking world. Although not too many institutes in India provide such courses, one needs to learn multiple languages and multiple systems starting from the simple TCP/IP – the basic language in which servers and PCs connected to the Internet talk to each other, to high end encrypted data packet transfer systems. Certifications like CISA (Certified Information System Auditor), CISM (Certified Information Security Management) and CISSP (Certified Information Systems Security Professionals) would help a person to start a career in Cyber security. Other vendor specific certifications like CCSP (Cisco Certified Security Professional) and MCSE (Microsoft Certified Systems Engineer) also help.
These network security courses, information security, ethical hacking and other IT training courses offer valuable insight into how hackers circumvent and defeat security controls in networked environments, applications and operating systems - even within a seemingly secure environment. These courses also include the technologies in their curriculum that can help individuals who have the passion to work for Cyber Security. After training, individuals can be appointed as ethical hacker, security administrator, penetration tester, security auditor, security onsultant, cyber crime investigator or security professional.
Job Profile
Ideally, a student who goes for a course in cyber security & ethical hacking would have a job profile of an Information security system professional. The nature of work would include:
· Ethical Hacking into a company’s network and evaluate the target systems’ security and report back to the owners with the vulnerabilities they found;
· Creating security policy for an organisation;
· 24 X 7 managing security products like firewall;
· Compiling a report or auditing on a company’s security system to see if it matches standards;
· Clinical investigation of computer crimes/frauds – Cyber forensics;
· Training others about ethical hacking.
An individual can get into an organisation after doing a course in Cyber security & ethical hacking as a IS Executive Manager which is an entry level profile. The nature of work would include correlating broad security guidelines of the organisation with security operations. Then the middle level is a IS Manager who would take care of the security program management, data security, policy creation/maintenance, business continuity/ disaster recovery. There are three kinds of profiles on the top most level. First is the Chief IS Manager who design and develop the information security policies, take care of the regulatory compliance and information security governance. Second are the Security Advisors / Auditors who give advisory services for information security, design policies, carry risk assessment procedures take care of the compliance to global/industry standards. Last is the Chief Information Officer who justifies the cost of ongoing and future investments to mitigate information risks and aligns business objectives with a concise security strategy.
According to NASSCOM there would be a shortfall of 35,000 to 45,000 cyber security professionals in India in the year 2010. It estimates that the demand for Cyber security Professionals, at that time, would be around 90,000 in India. This figure is estimated to touch about 2, 00,000 worldwide. The industry estimates much higher demand in the local as well as overseas market. With more and more attacks on systems worldwide. A person with a years experience can expect Rs.3 Lakh per annum. Those with 5 years can get up to Rs 8-10 Lakh. Those with certifications like CISM, CISSP and CISA can expect annual salaries of USD100,000 or more abroad. This line is very promising provided one’s technical knowledge in regards to computers, hardware etc is very sound. One has to have special skill to excel in this field such as reading the hackers mind before any kind of attack to be one step ahead of him/her and to save the organisations data from getting sabotaged.