Interview Of Beenu Arora

Beenu_AroraAbout Beenu Arora

Beenu Arora is awarded as Best Ethical Hacker by NBC 2012 for giving back to the community in the form of being a mentor to many people who are successfully climbing the ladder in this domain.
Beenu has been with the IT security industry for five years. Currently he is based in Melbourne, Australia with one of the big consulting firms. Beenu’s primary focus is in areas of Vulnerability Assessments / Penetration Testing, Web Application Security Assessments, malware analysis and Incident handling & response. Beenu is one of the Firm’s global subject matter specialists in attack and penetration testing, malware analysis, mobile security, cyber security and web application security. Beenu is also core team member of his organisation global malware team Defensive Technique group, where he develops tools and methodologies for incident response and malware analysis.

Interview Of Beenu Arora

You have mentored many people who are doing well in this industry, how does that make you feel?
I feel glad. I’m fortunate to know personally some of great minds of security community.

What are the obstacles which you’ve faced in your endeavour as an ethical hacker?
The biggest challenge I faced was to find right set of people or group from the security community where I could exchange knowledge or learn or socialise. Back in 2005, security stuff was not as open or as easily accessible.

How do you define ethics and hacking as separate terms?
I see “Ethics” as moral values which enable an individual to decide right and wrong. “Hacking” is an art to break/compromise into systems and/or applications. I don’t think there is a need to describe Ethical Hacking now.

Do you take security industry as a paradox?
There is NO absolute security. The pragmatic approach is to apply security controls on fence to make it costly for attackers.

What are your recommendations for people who wish to make it big in this industry?
I would advise them to be focused on their goals or objectives and never quit learning.

Do you conduct workshops, seminars, etc? If so, under which banner? and if not, do you plan to?
No. I do have plans to conduct near future.

As a consultant, does it ever make you nostalgic when you repeatedly consult the same thing?
No. Every client has a different perceptive of looking into risks. Identification of security risks requires understanding of IT assets and controls around assets. My consultation is mostly around advising and assessing controls.

Is Indian law fair on cyber crimes or is there a need for stricter rules?
I think there has been a significant improvement on the IT Act law from the national security perspective. The IT Act 2008 empowers the Indian government to intercept, monitor and decrypt computer systems, resources and communication devices. At the same time, it also raises a possibility where unscrupulous parties may use that to conduct cyber espionage over enterprises.

What does NBC Award mean to you?
I consider this to be a personal achievement.

A message for our readers in a tweet, please.
Thank you for your support and love

By Cattechie