David Lease wanted to protect his customers from Internet hackers. But rather than just add some new security software, he went a step further.
Lease went to a school to learn how to hack into computers himself.
"The whole thing to understanding a hacker is learning about the hackers' tools and techniques and how to use those things against them," he said.
Lease -- a senior consulting engineer with the systems integration firm Computer Sciences Corp. (NYSE:CSC - News) -- is a graduate of the InfoSec Academy's certified ethical hacker training course. The class encourages students to develop cybercrime skills on a computer keyboard.
The goal is to find more innovative ways to thwart online criminals, says Richard Van Luvender, president of InfoSec, a unit of TechTrain, which sells tech training and consulting services. Without help, many people don't even recognize hacking activity when they see it.
"We noticed the trend that many companies were being attacked by people with malicious intent," he said. "And at the same time, a lot of companies were not aware they were being attacked."
The hacker school's curriculum reads like a cybercrime menu. Students learn how to steal data, such as credit card information, from online databases. They're also taught how to break into password-protected areas.
"We teach them how to attack a Web site and find a vulnerability," Van Luvender said.
The training is not unlike a military boot camp. Students get about 80 hours of classroom and lab work crammed into seven days.
No one is expected to sleep much. The computers are open to students 24 hours a day.
Students get instruction and work in computer labs during the day. Most work in study groups in the evening. At the end of the week, they must take a multiple-choice exam with 250 questions to pass the course.
It's fast-track training, Van Luvender says. "A lot of people compare it to taking a sip from a fire hose," he said. "There is a lot of information they get in a week with us."
Most of the students, like Lease, have experience in network security systems.
Some build on their skills very quickly.
Lease recalls one class assignment that required students to hack into a phony network of computers. A few students jumped ahead of the rest, he says.
"Some of the guys hacked into it, took over the systems, built up the security and prevented the rest of the class from being able to hack in," he said.
Students who get the hacker training come from all fields.
Some work for government agencies, such as the Las Vegas Police Department and the U.S. Postal Inspection Service. Others hail from defense contractors and financial institutions.
Even personal computing giants like Microsoft (NasdaqNM:MSFT - News) and Hewlett-Packard (NYSE:HPQ - News) have sent students for training. The training costs about $3,500 per person. The price includes a week of lodging and most meals.
Not just anyone can sign up, though. Students must prove they are employed in some area of technology or security.
InfoSec's hacker training is like a loaded gun. You have to be careful about who you arm, Van Luvender says. "A student has to be someone a company funds -- to prevent an individual from saying, 'Hey, I'm going to learn this to get some revenge,'" he said.
The course has churned out some 400 graduates since it started in October 2004. And so far, there hasn't been a problem with rogue alumni, Van Luvender says.
But does the training work? Lease, who has 20 years of experience in the computer and networking business, seems to think so.
|
Advertises 