AHMEDABAD-BASED ETHICAL hacker Falgun Rathod was inspired by Om Jai Jagadish (2002), in which Abhishek Bachchan's character uses his skills as a hacker to create a security software. Rathod also got motivated by Die Hard 4 (2007), in which a young hacker helps the authorities stop a cyber attack, and Hackers (1995).
When Rathod started as an ethical hacker, around 2009, the concept was fairly new. Having worked in different industries, Rathod learned that it was extremely difficult for an industry to survive cyber attacks without the help of ethical hackers. Especially in the banking and insurance segment. “I knew ethical hacking had a future and decided to pursue it as my career,” he said.
However, it has not been easy. The integrity of those who pursue ethical hacking is always under scrutiny. Rathod said clients are “naturally” reluctant to trust an ethical hacker. “They believe that hackers will hack into all that is available and misuse the data,” he said. “Thus, proving our integrity is crucial and, at times, difficult,” added Rathod.
But, of late, an increase in cyber attacks and data breaches have led to an increased demand for ethical hackers or white hat hackers, who attack clients' technology to identify weaknesses; they also detect and resolve bugs. Recently, Solapur-based ethical hacker Mayur Fartade was paid Rs22 lakh for reporting a malicious bug on Instagram. It allowed access to archived posts, stories and reels without following the user, even when the profile was private. IT companies and police cybercrime cells are increasingly employing ethical hackers. Market reports have time and again stressed that there is a dearth of ethical hackers and skilled cyber security experts in India.
Rathod said knowledge of operating systems, like Linux, IOS and Windows, is a key skill. He added that interpersonal skills are also important for creating and maintaining good business relationships. “Also, one may or may not be certified, but there is no substitute to knowledge,” he said. “There are free tutorials, open notes, research papers and case studies available to learn from. I have seen students from diverse streams—pharma, mechanical, business—who have managed to self-learn. A student who has knowledge of programming languages such as PEARL and PHYTON has an edge.”
Ethical hacker Trishneet Arora, founder and chief executive officer of TAC Security, a cyber security company, developed an interest in ethical hacking at a young age. “I remember when my father first brought the computer home, I played games on it for a day and dismantled it the next day to see what is inside and how it works,” he said. Arora, like Rathod, said there are challenges to being an ethical hacker. “The negative connotations have been a hindering factor,” he said. “The other factor is education. I have often seen people enter the field and then not have enough knowledge to make an informed decision on which side to choose. They become heavily invested in the dark web and end up on the wrong side of the law.” Arora added that those who do become ethical hackers cannot stop learning or evolving as the adversaries do not stop. He added that it was important to try new things and think out of the box.
Both Rathod and Arora have had their share of interesting experiences. Rathod recalls a case where an educational institution received a strange email. “This institution has thousands of students and hundreds of teachers, which makes it difficult to identify where the email came from.” he said. “It could have come from the dark web. We worked on it for months, but could not resolve it. It has been a couple of years and our team is still clueless. So yes, that happens.” Arora feels that each case is unique and a new challenge. “But, we like the challenges that come our way everyday,” he said. “It helps us understand threats and explore new ways to secure cyberspace.”
Benild Joseph, a cybersecurity researcher, TEDx speaker and podcaster, echoes such views. “I had developed an interest in ethical hacking when I was in high school, but, when I ventured into the field around 2009, hackers were known as digital robbers,” said Joseph, who is an advisory board member of Cybersecurity Ventures, New York, and president, Information Systems Security Association, India chapter. He said there was hardly any opportunity to study about ethical hacking during his youth, but added that the field had evolved in India.
During his career, Joseph has hacked into more than 40 corporates and found critical vulnerabilities for the likes of Facebook, Yahoo, Blackberry, Sony Pictures, Tesco, AstraZeneca, Vodafone and Deutsche Telekom. He said that though the situation around cybersecurity had improved in India, there were still a lot of skill gaps. Experts feel that the future of ethical hacking is bright. “As automation continues, there will be more demand for ethical hackers, not only in India, but also globally,” said Rathod.
There are many options to choose from when it comes to a career in ethical hacking, like cyber security analyst, data analyst, information security analyst, web vulnerability researcher, malware analyst and forensic researcher. “Firms have more budget for cybersecurity and there are more roles for an ethical hacker,” said Arora. “We currently lack a workforce compared to the jobs available.”