Sunday, January 2, 2011

Cyber guarding

By PRIYA KULASAGARAN educate@thestar.com.my


Hackers may have a reputation for having dubious intentions, but there are those employed to hack into IT infrastructures to ensure their security. 

WITH high-profile cases such as that of Lin Mun Poo, the Malaysian who stole a massive quantity of financial account data by gaining access to the American Federal Reserve Bank, hackers have earned a rather notorious reputation.

However, Dell IT security manager Meling Mudin thinks that this mainstream definition of hacking is a narrow one.
Meling: A hacker is simply someone who likes to figure out how things work.
 
“It’s not just all about breaking into computer systems,” says Meling.

“For me, a hacker is simply someone who likes to figure out how things work, and proceeds to use that knowledge to invent creative new ways of using something.”

With almost 10 years of experience in the computer security field, the self-described ethical hacker professes a passion for tinkering around with technology.

“As an ethical hacker, I’m legally employed by a company to hack into their IT infrastructure to make sure that it is secure.

“The thrill I get from it is being able to understand how a particular software or system works. I don’t see the point of unlawfully cracking into someone else’s computer,” he says.

My job involves ...
... penetration testing of Dell’s internal and external information systems, which includes its databases, network routers and e-commerce websites. Basically I make sure that the company’s global IT infrastructure is secure – by hacking into it to detect any vulnerabilities.

Privacy is a particularly serious issue as scammers could potentially collect users’ personal data without their knowledge in order to gain access to bank accounts and credit card numbers. — File photo
 
The methodology for doing this is fairly routine. First, I gather all the information I need about the system and how it works, and then I look for possible vulnerabilities and try to exploit them. After that, I offer support in order to remedy any flaws in the system.

Hacking into a system is not just a matter of blindly going in and messing it up, because if I bring down a critical component in a company’s IT framework, it could potentially crash the whole thing and cost the company thousands.

So, I have to plan an attack so as to exploit any weaknesses without compromising the entire system.
Another thing my department does is a quarterly review to make sure that Dell’s system and security policy comply with the industry standards.

My morning starts with ...
... checking e-mails and going through my Google Reader to check out the latest updates in security threats and systems.

The rest of the day is usually just getting on with my work or updating clients on my progress.

As more people become increasingly reliant on technology for everyday tasks, there is a greater need for experts to ensure computer and network security. — AP file photo
 
Working at Dell, I only need to go into the office once a week to attend meetings, brief clients or have a one-on-one session with my supervisor.

The rest of the time, I’m free to do my work wherever I want, as long as deadlines are met. Typically, I would be working on multiple projects, and each one can take between three to 10 days to execute.

However, this varies from company to company. If you’re working at a consultancy firm for instance, you probably would have to go on-site to work at the client’s request.

To qualify, you need...

... a degree in information technology, computer science, or even engineering.

These days, there are numerous professional certifications to pursue if you wish to specialise in a certain area of IT security. You could for instance be a malware analyst or a forensic investigator.

But getting certified can be an expensive affair as these courses cost thousands. If you can’t afford it, it’s better to just build up experience in the field. The security industry in Malaysia is still quite small, so your peers will know how good you are as long as you take the initiative to prove yourself. As long as you are reputable, it doesn’t matter if you’re certified or not.

The best person for the job ...
... is someone who is passionate and interested in the world of computing.

You also need a sense of curiosity about how things work, and have the eagerness to keep learning.
Since you need to translate a lot of technical jargon into plain language for your clients, having good communication skills is equally important.

I love my job because ...
... of the continuous learning experience the field provides. In IT security, there are always new threats to circumvent and new methodologies to explore.

I enjoy getting into the mechanics of the latest technology and see how we can improve security systems.
What I dislike most...

... is nothing really! I honestly have no complaints, because it’s all part and parcel of my line of work.
Although a task like writing reports can get tedious at times, it is an important process in order to get the client to understand what it is that I have just fixed.

Prospects for the future...
... are very good. There will always be a demand for security professionals, especially as we get more and more reliant on technology for everyday tasks.

Privacy is a particularly serious issue as scammers could potentially collect your personal data without your knowledge in order to gain access to bank accounts, credit card numbers and so on.

A millionaire by 30?
 It is possible, as long as you plan your career. If you have the right attitude and enough experience, I certainly think that you can make a fair amount of money.

No comments: