I am Kaustubh Padwad, currently serving as Information Security Manager at Reliance JIO Infocomm Ltd, specifically working on embedded device/IOT security research. You can read more about me here.

Who is an Information Security Analyst?

Information Security Analyst is a white collar “HACKER”, where organization rent or hire a hacker to break into a system and try to get details such as usernames, credit card details, password etc.

When unethical hackers tries to steal information, ethical hackers make sure they do not get access to company’s information or database.

What is your job role within the organisation?

I am currently working with the embedded device/IOT security. I simply hack every system I come across, as well as try to hack almost everything – your car, your cable set top box, your smart TV, your smartphone, almost every technology.

We hack, it means we discover the vulnerability and then that vulnerability gets patched (means FIXED), so that other blackhat hackers or bad guys cannot hack it. We hack it to make it more secure.

As JIO sells many products to market, for customer’s safety it is required to secure the data. For e.g. assume that your credit card details get leaked via flipkart. Flipkart will have to take the responsibility here. Thus we are hired to maintain the security of the organisation.

What motivated you to become an Information Security Analyst?

When I was in 8th standard, I was able to break my school’s computer system and get the question paper out it. It was a thrilling experience for me. However, I did not make use of the opportunity to cheat. But at that time I realised the power of hacking and importance of security.

What steps did you take to land in your present job?

When I was in school, I had a clear mindset that I want a job as a hacker. But at that time (in 2007-2008) security was not given much importance in India.. After graduation I tried a lot to get a job as a hacker. One of the CTO of an organization told me that, if I want to get good grip on security I should know the system in and out. Therefore, he suggested me to start working in a corporate company. And finally I took the following path to become a Security Engineer.

What do you love about your current role?

My passion is hacking and I followed my passion and made a career out of it. So, I feel lucky enough and it gives me immense happiness. I love everything about my job. Every morning I start with the thought, “Today I am going to do something wonderful”. And it happens almost everyday, so that’s the best thing about my job.

What are the challenges you face in your career?

Technology grows and changes everyday. So I have to keep reading a lot of stuff to keep myself updated.

What type of software engineers will be high in demand in 2022?

This is something which no one can predict, as we all know that in 90’s we were dealing with KBPS internet speed and now we have Gigs of speed. Earlier technology was only ready to handle 100’s of customers at a time and now we are focusing on 100 Millions of customers at a time. So NODE JS, Web Developers and Full Stack Developers might be in demand and the core system engineers like Kernel Developers and Core System Developers will be always in charm.

How do you like to spend your free time?

Performing research and development and reverse engineering. I also do exploit writing, vulnerability identifying and some times I play PS-2 games, and bike riding.

What are the skills and education required to be a Information Security Analyst?

Skills:

Most important thing is the Hacker Mindset, apart from this knowing the languages like Perl, Python, Bash, Batch, Shell, C, C++ and OS knowledges of Windows, Linux, Unix and Networking Knowledge will help a lot in this field.

One should understand how technology works, may be by dynamic analysis or by reading source code. He should also come up with ways to break it.

Being a hacker is more a mindset than a matter of skills.

Education:

BCA or B.E. in CSE/IT, they are all more or less the same. Any of these programs can help you become a good Developer, Good Network Engineer or a Hacker. It’s all upto you what you want to do in future with the basic education you get from college.

My academics didn’t help me a lot in this field but yes the languages and other things which I studied at BCA was useful.

What are some alternate career options for a Information Security Analyst?

• Auditor
• PCI Auditor
• Forensics Analyst
• Security Operations Center (SOC) Engineer

Many doors will open for you once you become a good analyst.

What do you think potential recruiters look for in a fresh Information Security Analyst?

Again I would say the same “THE HACKER MINDSET”. One should think like how can he break the stuff/ system. This is for pure Hacker.

For other roles like Audit –  your communication skills, observation skills and analytical skill are very important.

S/he should be good with languages and should know how technology works.

Any recommended resources for aspiring Security Analyst?

• Corelan  is good for beginners
• Stackoverflow is always there for all kind of problems.
• How To Become A Hacker – Basic Guide For Beginners

Follow your passion. It’s hard to get what you want, but once you get it you are not doing a job anymore.

You will enjoy everyday of your career.