UK teen is world's youngest certified ethical hacker (maybe)

[InfoSec News <alerts () infosecnews org>]

http://www.theregister.co.uk/2008/02/10/certified_ethical_hacker/

By Dan Goodin in San Francisco 
The Register
10th February 2008

For as long as he can remember, Shane Kelly has taken a keen interest in 
taking things apart. When he was 11 and his family took delivery of its 
first PC, he promptly pulled off the cover and disassembled it, much to 
the chagrin of his parents.

"They weren't too impressed at the time," Kelly, who is now 16, says. 
"But I put it back together. It worked."

A few months ago, the Solihull teenager successfully acquired an 
accreditation in Certified Ethical Hacking, making him possibly the 
youngest person to do so. While computers and networking have always 
captured his imagination, he says his interest in security prompted him 
to go for the hacking certification.

"That certainly stood out because it was the one qualification that 
focused not on the defensive side but it actually took you into the mind 
of the hacker," he says. "It was the mindset that gave me the motivation 
into taking the course."

Once upon a time, network security and penetration testing was a 
specialized field that was mainly inhabited by expensive outside 
consultants. Now that the net has become a core part of transacting 
business, more and more organizations are bringing these workers 
in-house.

"It's really come into its own as a legitimate area," says Terry 
Kurzynski, CEO of professional services firm Halock Security Labs, which 
also provides training for people seeking the credential. "We've been in 
security for 11 years and it really hasn't been until the last four or 
five years that ethical hacking has become a service."

It took Kelly about 10 months to complete the course work and pass the 
four-hour test required to get the accreditation. That included a 
five-day boot camp.

He recently landed a spot as a temporary worker at the University 
Birmingham, where he expects to do IT-related work. He's considering 
acquiring additional accreditations for Cisco and Microsoft 
technologies.

But eventually, he says, he plans to do security work.

"Due to my age, it's probably not going to happen in the next five 
years," he says. "In the industry, you need to have a certain amount of 
experience. I hope to see myself doing security work of some some sort."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn