By Dan Goodin in San Francisco
10th February 2008
For as long as he can remember, Shane Kelly has taken a keen interest in
taking things apart. When he was 11 and his family took delivery of its
first PC, he promptly pulled off the cover and disassembled it, much to
the chagrin of his parents.
"They weren't too impressed at the time," Kelly, who is now 16, says.
"But I put it back together. It worked."
A few months ago, the Solihull teenager successfully acquired an
accreditation in Certified Ethical Hacking, making him possibly the
youngest person to do so. While computers and networking have always
captured his imagination, he says his interest in security prompted him
to go for the hacking certification.
"That certainly stood out because it was the one qualification that
focused not on the defensive side but it actually took you into the mind
of the hacker," he says. "It was the mindset that gave me the motivation
into taking the course."
Once upon a time, network security and penetration testing was a
specialized field that was mainly inhabited by expensive outside
consultants. Now that the net has become a core part of transacting
business, more and more organizations are bringing these workers
"It's really come into its own as a legitimate area," says Terry
Kurzynski, CEO of professional services firm Halock Security Labs, which
also provides training for people seeking the credential. "We've been in
security for 11 years and it really hasn't been until the last four or
five years that ethical hacking has become a service."
It took Kelly about 10 months to complete the course work and pass the
four-hour test required to get the accreditation. That included a
five-day boot camp.
He recently landed a spot as a temporary worker at the University
Birmingham, where he expects to do IT-related work. He's considering
acquiring additional accreditations for Cisco and Microsoft
But eventually, he says, he plans to do security work.
"Due to my age, it's probably not going to happen in the next five
years," he says. "In the industry, you need to have a certain amount of
experience. I hope to see myself doing security work of some some sort."
Subscribe to InfoSec News