HIS
job is to crack codes and break into the systems of companies — 24 x 7
x 365. Yet, he’s the good guy of the virtual world. Thirty
three-year-old Saumil Shah has successfully turned his love for hacking
into a profession.
Today, Shah’s four-year-old venture
Net-Square Solution caters to banks and healthcare service providers
mainly in the US and the UK.
Unlike hackers who do it just
for fun or personal gain, this ethical hacker uses his skills to test
security in web applications and software for its weaknesses. If an
ethical hacker sounds an oxymoron, Shah has a killer business model
too.
“Before implementing a software product or going
on-line, the companies come to us to check rigorously whether a
particular software, network or the website is vulnerable to hackers.
We do a penetration test for them,” says Shah. Penetration testing is a
method of evaluating the security of a computer system or network by
simulating an attack by a hacker. The process involves an active
analysis of the system for any weaknesses, technical flaws or
vulnerabilities. “Once we are sure that there are no loopholes, we give
a go ahead for the implementation. That’s how we earn money,” says
Shah. His company has registered Rs 5 crore as revenues last year and
is growing at 15-20% per annum.
Net-Square works in an
off-shore model. It was recently asked to detect bugs in Microsoft’s
Windows Vista. However, banking and healthcare sector are his major
clients. “Healthcare and banking industry needs fool proof databases as
most of the personal information like credit card and bank account
numbers are stored here, which can be misused.” Shah’s client list also
include healthcare service providers and one of the largest banks in
America. It is sheer passion for ethical hacking which keeps him going.
A pass-out from LD College of Engineering, Shah went to Purdue
University in the US for his masters in computer science. He worked as
a research assistant in Purdue’s COAST (Computer Operations, Audit and
Security Technology) laboratory after finishing his study.
He
also worked as a senior consultant with Ernst & Young, where he was
responsible for the company’s ethical hacking and security
architecture solutions as well as at the Indian Institute of
Management, Ahmedabad, as a research assistant and a visiting faculty.
Meanwhile, Shah served as the director of Indian operations for
Foundstone and pioneered its Ultimate Web Hacking training classes. All
these years, his heart was in his homeland. All this while, he was
thinking of coming back to Ahmedabad and setting up his own IT security
company. Finally, Net-Square happened in 2002.
“My idea of
going to the US was to learn advanced computers. I always wanted to
come back to Ahmedabad as it is good to stay with family and friends
here,” says Shah. He has also co-authored ‘Web Hacking: Attacks and
Defense’ (Addison Wesley, 2002) and is the author of ‘The Anti-Virus
Book’ (Tata McGraw-Hill, 1996). “Authoring books and training people at
conferences like BlackHat are the only way to market the knowledge one
has. There is no other way one can market IT security company like us,”
he adds. Net-Square now plans to come up with its own range of security
products in the Indian market too.
