Ethical hacking as a career
George Jason, vice-president, Comguard Networks, in an interview to Diptiman Dewan elaborates on ethical hacking as a rapidly growing career option.
Ethical hacking, also known as penetration testing, intrusion testing or red teaming is used to find loopholes in an IT system and break into it. An ethical hacker is a computer and network expert who attacks a security system on behalf of its owners, seeking vulnerabilities that a malicious hacker could exploit. This work is ethical because it is performed to increase the safety of the computer systems, but only at the request of the company that owns the system and specifically to prevent others from attacking it. With the increasing use of the internet, it has become an essential part of IT security industry today.
Last year ethical hacking was estimated to be a US$ 3.8 billion industry in the US alone. According to Nasscom, India will require at least 77,000 ethical hackers every year whereas we are producing only 15,000 in a year, currently. Ethical hacking is growing at a tremendous pace and offers a plethora of lucrative job opportunities.
First and foremost is the ability to write programmes in many programming languages like C, C++, Perl, Python, and Ruby. For those working with web applications, Microsoft .NET and PHP are vital. Knowledge of assembly language is also essential for those who want to analyse disassembled binaries. Knowledge of a variety of operating systems (Microsoft Windows, various versions of Linux, etc) is critical. Experience with various network devices, including switches, routers and firewalls is also important. An ethical hacker also should have a basic understanding of TCP/IP protocols such as SMTP, ICMP and HTTP. In addition to technical skills, an ethical hacker needs good soft skills. Perhaps the most important skill, however, is adaptability. When testing software and systems, ethical hackers never know what will come up, so the ability to be resourceful is vital.
The information security industry is going at a current worldwide growth rate of 21%. Frost & Sullivan have estimated that there are 2.28 million information security professionals worldwide which is expected to increase to nearly 4.2 million by 2015. The need for information security for security compliance in India is mandatory for all companies with an IT backbone. The requirement for such personnel is especially high with organisations in the IT/ITES space.
A fresher may work as an intern for a couple of months and can start with a minimum of Rs 2.5 lakh per annum. With one year of experience, one can expect upto Rs 4.5 lakh per annum. Those with work experience five years or more can get from 10-12 lakh per annum.