Abartan Dhakal is the Professional Penetration tester currently working in Sydney Australia. He had been there for 1.5 years, actively pursuing his career in the Security community.
As he is related to the cyber securities and currently working in the penetration testing field, we interviewed him about some myths of hacking, cybersecurity, and penetration testing. He also shared his thoughts about recent data breaching incidents and suggested the preventive measures to remain safe online. Let’s know him from his own words;
Interview with Professional Penetration Tester Abartan Dhakal
1. Tell us something about you, your career, and your journey till date.
I am Abartan Dhakal from Nepalgunj but currently studying and working in Sydney, Australia. I have been working as a professional penetration tester in one of the companies in Sydney, for over 1.5years.
I have been active in the security community and freelance work for over 3 years. It’s been a good journey so far since the day I started in this field and managed to be a self trainer security specialist. I had got some good help from some of our Nepalese security community members and international security community members in order to be what I am today.
2. What are the myths of the hacker? Is hacking a good or bad thing?
People, when they hear the word hacker, tend to have some myths that they are the bad guys who want to hack for fun, using some fancy colored terminal in their computer, wearing a hoodie, and hacking from the darkroom. But this is not the case.
People, when they hear the word hacker, tend to have some myths that they are the bad guys who want to hack for fun, using some fancy colored terminal.
We hackers are living together in the light, are good, and trying to help secure different companies and organizations from bad hackers. Some wear normal casual dresses to official suits. You can find hackers in different age groups, skills, and industries who are also working for the good. In my view, hacking itself is neither good nor bad.
I can’t really say if hacking is a good or a bad thing.
Hacking is just a skill and it is up to the user who gains these skills to either make it bad or good. It is the same as other skills like martial arts or anything, you name it. Either you use the martial arts for your defense or for offense, it solely depends upon the user itself. So I can’t really say if hacking is a good or a bad thing.
3. What’s the preventive measure for hacking?
Hackers are always been trying to find newer ways to hack into the latest technologies and assets with the development of it. So there’s no concrete way to totally prevent being hacked but there are a few ways you could minimize the risk of getting hacked.
- Never click or download anything from the internet if the source is not legit.
- Do not open or download any attachment from the emails from unknown sources.
- Make sure to properly use and update your antivirus software, operating systems, and all other devices.
- Do not use the same password on multiple websites. You could try using password managers in order to generate and manage unique passwords for each individual service.
- Try not to use public WIFI for performing sensitive operations like internet banking, use social media, etc.
- Do not share your passwords with anyone and change it regularly (like in every 3months or so)
4. What is Penetration testing? Why is it needed?
Penetration testing in common terms is the company trying to get to know their current security posture in its assets. This is achieved by testing for the vulnerabilities (security loopholes) in the system that is in the scope of testing.
It helps to minimize the risk of getting a breach from the specific assets that are being penetration tested since companies can patch the vulnerabilities (close the gaps) after they receive the report.
5. What are your thoughts regarding current data breach incidents in the world?
It seems like companies are still neglecting some parts of their asset or lack proper security awareness within their organization which has led to most of the breaches.
Companies are still neglecting some parts of their asset.
It also looks like they have not taken care of the security much seriously which in turn turned out to be the reason for breach via exploitation of vulnerabilities that have been there for ages.
6. You are also a penetration tester. What are your best and worst experiences?
My worst experience was trying to educate one of the clients of why they should do a proper penetration test and I was having a hard time trying to convince them while there have been really good experiences.
I managed to learn a lot of new things and been seeing a really good boost in the Nepalese security space that more and more people are learning to be a hacker.
7. What do you think about the difference in penetration testing in Nepal and other countries?
The major difference I found between Nepal and other countries is that many foreign companies are trying to invest in their security while still most of the Nepalese companies do not want to invest in their security. Though this scene is being slowly changed and Nepalese companies are also trying to focus on their security.
Most of the Nepalese companies do not want to invest in their security.
Something I believe is that they should collaborate more with the Nepalese security community members so that they could get the benefits of it and at the same time our infosec community also gets benefits out of them. This could help creating more better manpower as more people will be interested to learn to be a security professional while the companies would be more secure and can utilise the local resources
8. Your last few words
Thank you very much for having me. The above-mentioned things were just from my perspective and it could’ve changed significantly as it been a while since I left Nepal. If anyone wants to reach out to me, I can be reached on Twitter (@imhaxormad) or Facebook (@abartandhakal).
Thank you Abartan from ICTByte for his kind words and lots of appreciation for sharing his thoughts with us.