School dropout becomes much sought after cyber security expert

Image: Amit Verma

Name: Trishneet Arora
Age: 23
Education: School dropout

Trishneet Arora’s CV reads far from perfect. When he flunked class VIII, he dashed almost all hopes of a secure future. Then, though he signed up for distance education to continue his schooling, he failed again in class XII. “I was never interested in studies. I was always a backbencher,” says the 23-year-old Arora. “As a child, I did all the things I was not supposed to do and kept my parents on their toes.”

But sometimes things that don’t quite start out well do end up yielding positive results. Today, Arora runs cyber security firm TAC Security, which counts among its clients Reliance Industries (the owner of Network 18, which publishes Forbes India), Amul, Avon Cycles, Ralco Tyres and government organisations, including the Central Bureau of Investigation, Punjab Police and Gujarat Police.

One of the youngest ‘ethical hackers’ in the country, Arora was just 19 when he started TAC Security in Chandigarh in February 2013. Its aim is to help a bevy of corporates, banks, government organisations and law enforcement agencies identify loopholes in their technology systems to avoid and combat cyber crime, a growing menace not only in India but also globally.

The connotation of the word hack is hardly positive but Arora calls it an art and says its implication changes depending on the cause you use it for. “There is no doubt that it also means that a person with the right skills can even hack into any bank and get millions of dollars but, remember, the next moment, he could also be behind bars. It depends on what he wants to nurture.”

Notwithstanding his aversion for formal education, Arora discovered he had an instinct for technology quite early. “Technology has always intrigued me,” he says, recalling having been reprimanded as a child by his parents for taking out the wires of a computer and playing with them. “I was all of eight then. I dismantled my father’s computer and could not fix it,” he says. “When my father took the computer to a mechanic, I accompanied him and observed the repair work. The computer was fixed in about 15 minutes.” 

The number of cyber crime cases registered under the IT Act 2000 increased by about 350 percent from 2011 to 2014
Image: Sergei Konkov Tass Via Getty Images


This fascinated him and pushed him towards making an effort to understand hardware and software at an early age. Soon, this led to his interest in hacking. “Hacking is a skill that I acquired on my own,” says Arora. His guinea pig: His father. Arora first made an attempt to hack into his father’s computer in 2007. “The success then prompted me to take up hacking ethically later,” he says.

Hacking isn’t a skill you acquire overnight, says Arora. “You have to be naturally inclined towards it and develop a healthy curiosity to delve deep into the systems. Initially, it was a tad difficult for me to understand the basics of hacking as there wasn’t too much reading material available on the internet then. But I relied on self-help. And as practice makes a man perfect, I realised I probably could pursue a career in it. After all, computers were the only thing I was good at.”

He even wrote his first book, The Hacking Era, which was published in 2013.

‘Ethical hacker’ Trishneet Arora was just 19 when he started TAC Security in Chandigarh in February 2013

Though he knew he could make a profession out of hacking, he didn’t imagine he would become a first-generation entrepreneur—his father is a tax consultant and mother, a homemaker. But the growing focus on digitisation and organisations reaching out to cyber security companies and ‘ethical hackers’ to build resilient defence systems against cyberattacks underscored the potential of this business to Arora.

According to a joint study by The Associated Chambers of Commerce and Industry of India (Assocham) and consulting firm PricewaterhouseCoopers (PwC), the number of cyber crime cases registered under the Information Technology (IT) Act 2000 increased by about 350 percent from 2011 to 2014. More recently, India made headlines late last year when it witnessed one of its biggest cyber frauds related to banks, with over 32 lakh debit cards of various public and private sector banks facing threats of breach due to hacking.

Today, a number of ‘ethical hackers’ function as independent agents and run their own ventures, while the big four accounting firms such as Ernst & Young, PwC, Deloitte and KPMG, too, have their own cyber security units. “Going forward, the demand for such services will only increase. After all, prevention is better than cure,” says Arora. “It is not just the victims of cyber threats who are appointing cyber security experts. Everyone else is also now beginning to understand the requirement to build their cyber defences to limit the damage from cyberattacks. As  per industry data, India needs at least 1,000 cyber security startups by 2020 to fight the cyber war.”

“In the past few years, India has seen a huge surge in cyber crime across all regions and sectors and this is primarily because of the proliferation of connected technologies,” says Vinayak Godse, senior director, Data Security Council of India, a Nasscom initiative. He, however, has reservations about the term ‘ethical hacking’. “Hacking is hacking in whatever way it is seen,” he says. Godse points out that the role of cyber security firms is going to increase in the years to come “as India adopts a new digital mindset to harness the true potential of technology”.

In fact, following November 8, 2016, when Prime Minister Narendra Modi announced the demonetisation of Rs 500 and Rs 1,000 currency notes, the number of queries pertaining to cyber frauds increased dramatically in the country. Between October last year and January 2017, Arora says TAC Security received requests for help with over 70 hacking incidents, including ransomware, financial frauds and website hacking in various Indian enterprises. To break up the numbers further, during the third quarter (October-December) of the current fiscal, the number of hacking cases for TAC stood at 48, while January alone recorded as many as 23 cases. In comparison, during the previous quarter of April-June, TAC received calls for help in three such incidents, while the number was marginally higher, five, in the July to September quarter.

The government, too, is recognising the rising threat to Indian organisations from cyberattacks, and is adopting measures to step up attempts to firewall high-tech malware threats. In Budget 2017, Finance Minister Arun Jaitley announced a proposal to create a Computer Emergency Response Team to strengthen the security of the financial sector.

“Cyber has emerged as a key focus area for senior leadership across industries, which has resulted in significantly increased demand for cyber security services. This has led to boutiques and startups coming up lately and addressing either multiple elements or specific areas across the overall cyber risk domains,” says Sudesh Anand Shetty, partner & forensic technology leader, KPMG India.

TAC Security, which had an early start and has been in the game for a few years now, offers specialised services called vulnerability assessment and penetration testing (VAPT) that help identify and quantify vulnerabilities in organisations and, in turn, provide them with an array of web security solutions to avoid any kind of data theft. Last year, it also set up a dedicated Cyber Emergency Response Team to look into quick recovery when a breach occurs. It plans to introduce new security products, including Artificial Intelligence and cloud-based VAPT technology. Besides, TAC also provides training on IT infrastructure and data security issues to employees across various sectors. “I started training students in colleges and universities, helping them as a mentor to build their careers in cyber security,” says Arora. “I realised one day I wanted to start corporate training as well. We then designed dedicated VAPT services for banks, corporate giants and MSMEs, which worked well and we got references one after the other.”

Apart from India, TAC also works out of Dubai and, going forward, it plans to expand its global footprint by foraying into Silicon Valley by the end of this year. The startup claims to have generated over Rs 1 crore in revenue from the domestic market and Middle East so far.

In August last year, TAC Security raised an undisclosed amount in pre-Series A funding from Vijay Kedia, a stock market investor, the managing director of the privately-held Kedia Securities and a director of three-wheeler maker Atul Auto Ltd. TAC Security, which started with three employees, has since expanded to a 15-member staff. It is also in talks to raise Series A funding of $10 million over the next one year. “It is estimated that every minute, half a million attack attempts are happening in cyberspace. I believe the opportunities available in this space are creating a new breed of ethical hackers-turned-entrepreneurs,” says Kedia.
 
With the money raised, Arora plans to build his team and make products that could help the firm generate more revenue. “Initially, nobody took me seriously because of my age. I started dressing up in business suits to look older and bring gravitas to my image,” says Arora who used to go to clients’ offices himself to test their systems because he lacked the team and funds. “But hard work coupled with luck and opportunity brings in success. It gives me immense pleasure to help organisations fight cyber crime. The respect you gain after doing the right job for the right cause has its own charm.”