Couple of weeks back, I happened to meet a young boy studying in 12th standard. He was telling me that he aspires to become an ethical hacker. Information security is ‘the thing’ and one of his uncle’s friend’s friend who works in information technology says so. This word ‘hacking’ has created a magic spell on him that this young boy was debating with me, whether it makes sense to pursue an engineering degree or he should just go and start learning technologies to become a hacker.
First question from my side “ Why you want to become hacker in first place.” “It’s kind of cool you know! And there is lot of money” the boy replied. “So what is the plan now to become that cool hacker?” I asked. “Oh! It is simple. You just go and join some course. You can go to the training institute and ask the people there. They would tell you how hacking is growing, and world needs such many experts to defend these malicious hackers.”
Allianz risk barometer states that cyber incidents is one of the biggest risks the world is witnessing. I agree that there is a need for lot of resources who are trained in information security today. Is it possible to become a great information security specialist (or hacker) that easily? The honest answer is No.
I have seen many such young enthusiastic learners are being dazzled by glamour of words like artificial intelligence, machine learning, ethical hacking, data science, internet of things (IoT) and so on. My humble suggestion is to understand the real meat by separating it out from the all this technology marketing jargon.
There is nothing ethical about hacking. The negative punch in the word was attractive and made it popular. Essential one is aiming to become an information security administrator or specialist. Please read it as security administrator whenever you will encounter a word hacker.
Let us start with my favorite question. If ethical hacker makes lot of money, then do you know what he/she really does every day? What kind of knowledge and skills is needed to perform the job effectively?
Ethical hacker is the one who is acting as police guarding your IT infrastructure. He is the one who is protecting you from the malicious hacking attacks. Hence it is obvious that he/she must think like a thief to be an effective policeman. For this I agree with the word hacking skills. But policeman must take care of few more aspects like protection. And that separates him/her from hacker.
Search on internet and you will find many courses related to information security and hacking. In them one can find one of the popular courses like CEH or Certified Ethical Hacker. When you start reading the contents of the training course (as a novice) you will find hundreds of words which are Greek to you. Some of the examples of such words are session hijacking, vulnerability analysis, denial of service attack, SQL injection and so on. In such courses, the latest tools for hacking are covered. Based on this you want to join the course and start learning.
Hold on. Think it in little different way. Imagine that you are a hacker and want to break a lock. To break that lock in the shortest possible time would need what kind of knowledge? Knowledge of hammer, spanner or what tool? Or it is more important for you to first know how the lock is constructed? What may be possible lacuna in its making that can be exploited to break it. Does it make sense to start how the hammer operates or lock is constructed? I believe you know the answer.
The starting point of becoming a great ethical hacker or a great information security administrator is knowing the nuts and bolts of the systems which one is supposed to guard. It makes perfect sense to start with an operating system administration, study of networks, various devices used in the entire IT system. With such strong foundation, one will be able to understand what are the weakness of these systems which are called vulnerabilities in the domain of information security.
Once you have knowledge of this and some experience of working with these systems, you will appreciate and understand why a course in Ethical Hacking or Security administration is designed like that. All those Greek words will start making sense.
Here is one of the possible ways of starting your career in information security domain.
1. Learn fundamental like hardware, networks, devices
2. System administration: Windows Server or Linux Server
3. Networking, Routing and switching
4. Ethical Hacker/ Security Administrator
Is this path an alternate to an engineering degree? Certainly not in the current context. If someone is interested in learning cutting-edge information technology, he/she is welcome. However, one should start pursuing graduation in engineering or other disciplines based on your choice. Now in parallel, start exploring the world of information security. You can even join training courses. However, mind their sequence and the reasons behind it.
If you already are a graduate engineer and looking for job, doing course in information security, cloud computing, automation would help. However, if you start with systems administration and learn MCSA, RHCSA, RHCE, CCNA like technologies and acquire global certifications, your chances of getting job would increase. Then course and/or certification in advanced technologies like ethical hacking would be an icing on cake. But please remember icing is attractive only when cake is itself is delicious.