Ethical Hacking: an Essential Skill to Protect Your CompanyBy Jan Hogewoning | Thu, 01/07/2021 - 16:44
Q: What courses do you offer at the moment?
A: Right now, we offer courses in two areas. One is focused on ethical hacking and the other on forensic computing. The star course is a certification for hacking and cybersecurity. This can be taken by people who already have some experience in cybersecurity or by people who are starting from scratch. The course includes content that ranges from basic security topics to more advanced areas like pen testing, weapons testing, security auditing of web applications and much more. There is an opportunity to specialize a little in one area as a student. One of the benefits of our courses is that they are very focused on exercises. We want to give people practical experience beyond theory. This contrasts with a many of the programs out there, which can be 90 percent theory and only 10 percent practice. Ultimately, it will take hours and hours of practice before people begin to master these skills. With our course, we aim to reduce the learning curve with tools and methodologies. We also provide tips on how to apply this material in day-to-day tasks. We are looking at launching a new course focused on cyber-intelligence, counter-intelligence and tracing. In terms of costs, we have offered our courses for prices ranging between MX$2,000 (US$100) to MX$20,000 (US$1,000).
Q: How have the public and private sectors responded to your programs?
A: After five years, we have seen people’s perception toward cybersecurity change. It is becoming a more urgent priority, with more companies adopting these skills. When we started, there were many negative reactions to the concept of “ethical hacking.” People thought that we were training people to do things that were bad or illegal, even. They compared it to training a thief to rob a bank. Now, we are in a more digitalized environment and people are suffering from cybercrime. They realize, often after an attack, how important it is to have people who can do ethical hacking in their company, precisely to protect them. From the public sector, government dependencies seek us out to provide training to their cyber-police, financial intelligence, fiscal affairs agencies and others. In the private sector, we have trained staff from all types of companies. This includes companies in the energy, food and agriculture sectors. We have also had a lot of interest from lawyers and law firms. They are seeing more and more cases where cybercrime is a component. They need to understand this better.
Q: Why is ethical hacking an important skill for a company to have?
A: We now live in a time when it is no longer a question of whether a company will be hacked but when it will be hacked. Companies need to have a few individuals who know what is happening and what threats surround them, as many depend heavily on digital assets, like data from clients. Often in our courses, students are surprised when they see how much reach a cyberattack can have in a company. I think the lack of awareness of the potential impact of a cyberattack on a company, big or small, is the biggest issue. Executives of different areas of a company should be well-informed of cybersecurity risks.
A person with ethical hacking skills is someone in the area of IT. They monitor digital assets constantly, look for vulnerabilities where the company could be breached and when they find one, they patch it. This person can also carry out incident response if they have the training. A person can mitigate an attack, but also apply forensic techniques to find out where the attack came from. This includes not just looking in the digital space but also at human behavior. There are many cases where humans involved with a company are instrumental actors in a cyberattack, whether willingly or not. These days, cyberattacks are evolving. For example, cybercriminals can create an artificial voice recording of a real person asking for particular archives to be shared with them.
Q: How do you finance your programs?
A: All courses are paid for by students. However, we give participants generous discounts. If you took a course before, we provide a discount. We also have special group discounts if more than three people register together. We are investigating whether we can receive external financing from the government but we are still in this process.
Q: How well-recognized are your certificates?
A: Recognition is relative, in the sense that in the end people walk away with the skills and they are going to be tested by the companies where they work. However, we are registered with the Ministry of Labor and Social Welfare, as well as the Mexican Society of Certified Appraisers (AMPVD). We also have an alliance with a certification agent of E-C Council, a body that offers a globally renowned program for ethical hacking. Our relationship gives our students the option to receive an international certification. Generally speaking, most of our students are not motivated by the certificate but by the knowledge and skills they acquire.
RedTech is a cybersecurity services company that provides cybersecurity services as well as educational courses on ethical hacking and cyber-forensics