A proposed legislation, aimed at criminal hackers, is raising concerns among cybersecurity professionals. Georgia SB 315 could fundamentally change the way cybersecurity experts detect vulnerabilities in network systems. In light of recent events like the City of Atlanta ransomware attack and the proposed legislation, we connected with Meenaxi Dave, the instructor for our award-winning Ethical Hacker program. The Q&A addresses the key differences between ethical hacking and non-ethical hacking, the importance of the Certified Ethical Hacker certification, and the impact the legislation could have on the profession.
What is an ethical hacker?
Ethical hacking and ethical hacker are terms that are used interchangeably. These people are experts in the networking/computer field and use their knowledge to systematically attack the system with the permission from the owner of the network. Their goal is to find the vulnerability in the system before the malicious attacker can exploit it.
Who should become an ethical hacker?
We all should become ethical hackers. We all need to know basic things like applying patches as soon as they come out, change your password periodically, log out after you are done using an app, and look out for any unusual activities on your computer. Be vigilant.
Many well-known companies have had their sensitive data compromised. How can ethical hackers help companies protect themselves from vulnerabilities?
Ethical hackers can help monitor their system, find vulnerabilities, and make sure patches are applied on a regular basis. They will make sure all the computers and networking devices are configured properly, turn off the services that are not needed, change default passwords, and review the system logs to look for unusual activities.
What is the importance of the CEH certification? What does this mean for professionals in the industry?
Ethical hackers and attackers use the same tools. The CEH certification, teaches these professionals how to use these tools systematically and methodically. It teaches you to think like a hacker, but to use it to help people.
How do the students in the Ethical Hacker program learn a hands-on approach? Is there a software used during class?
The Ethical Hacker Certificate program uses a simulated lab that is not connected to the network, so we do not have to worry about students attacking someone in the real world. We have 75+ hands-on labs for them to practice on to gain insight into how to use different tools. We use more than one tool for one purpose to compare the results and give students an option to choose which one they like the best. It also shows that there are more ways than one to do the testing and they should always use multiple tools to make sure they all tell you the same thing before moving to the next step.
What is the difference between Ethical Hacking as a profession and an unethical hacker?
What is your opinion on how media and entertainment portray hacking? How does this affect people’s perception of ethical hacking?
Lately in the news, we have seen many big companies being attacked and affected. People are nervous about it. If big companies are attacked, how can they protect themselves? [However], we all can help each other by watching out for each other and sharing information. If someone is hacked, we should not judge them. Instead, be compassionate about it and have them share information so we all can learn from it.
What is your opinion on Georgia SB 315?
It will make an ethical hacker’s life difficult. Even if they see something, they would be afraid to speak up out of fear that a company or people could turn on them; asking how they found out about the issue or whether they may have tested a system without permission, but with good intentions. Or even worse, often you are connected on the network before you even realize you are on their network and it can put lot of people in trouble by being in the wrong place at the wrong time. Ethical hackers like to help people. I would be happy to help if someone asks me to check their system to see what is wrong. But if this legislation passes, I would be uncomfortable to even do a single thing on their system. It would be a shame not to help them, when you know what is wrong in their system and you can help them.
Meenaxi Dave has served as the instructor for the Ethical Hacker certificate program since its launch in 2017. Dave is an experienced information security educator with proven success developing, delivering and evaluating IT security-training programs for college level students. As a recognized technology leader, she has served on multiple nonprofit boards and as a judge for SkillsUSA computer contest. Her professional certifications include CISSP, CEH, CompTIA Security+, Network+ and Linux+.