Somewhere in CIP’s busy IT department lurk four hackers, dedicated men who know how to infiltrate the Center’s IT security protocols and bring the department to its knees. But these are no ordinary hackers; they are hackers with ethics.
“Hackers with ethics?” you might be thinking right about now. “Isn’t that an oxymoron?”
Not if you’re a Certified Ethical Hacker (CEH). Just ask CIP IT experts Dante Palacios, Peter Valdivieso, Roberto Del Villar Prado and Rolando Navarro Jara. These four men were recently certified by the EC-Council (The International Council of E-Commerce Consultants) and are now armed with the same tools that a malicious hacker would use. But with one huge difference: they use those tools to protect their Center’s information assets. After all, to catch a hacker, you need to think like a hacker.
Although the Americas chapter of the Enterprise Security and Business Continuity (ESBC) project of the ICT-KM Program supported these specialists in their certification bid, it was their determination and hard work that led to the quartet’s success.
Like his three colleagues, Dante Palacios, a Systems & Server Administrator with eight years’ experience at CIP, decided to take advantage of the CEH introductory course offered by the Project. He took about six months to cover the necessary course work, juggling his studies with his duties at the Center. It was only in the run up to the exam that he took time off to study.
“Personally, the certification brings me great satisfaction and, of course, it improves my professional career,” says Dante of his achievement. “It will also help CIP to increase its level of professionalism and enable the Center to address CGIAR ICT security issues.”
Peter Valdivieso, CIP’s Helpdesk Administrator, feels that the certification gives an added dimension to his five years’ experience at the Center and allows him to work with his three colleagues to “monitor CIP’s networks and systems more intensively.”
Peter also mentions CIP’s IT Manager, Anthony Collins, who spearheaded the recently completed ESA Project, for his invaluable support during his studies.
CIP’s Systems & Server Manager, Roberto Del Villar Prado, became interested in the certification while participating in the ESA Project last year.
“I can now evaluate and establish security controls in CIP’s ICT infrastructure,” he says of the result. “I also devote more time to review, analyze and evaluate security risks. We are working on strengthening controls in perimeter security, antivirus alerts, and USB security threats with USB flash drives.”
Rolando Navarro Jara, Network & Systems Administrator, has been with CIP for three years and works with his colleagues on IT security assessments.
“My role involves maintaining information confidentiality, reducing risks, and preventing attacks,” he says. “Because CIP is a member of the CGIAR, I think there is a good opportunity for us to share the knowledge with other Centers.”
Rolando feels that he has benefited tremendously from the topics covered during the studies, such as: gathering information, vulnerability analysis, viruses/worms, Web and Linux analysis.
The Americas chapter
The Americas chapter of the larger ESBC was designed to assist the CGIAR in achieving its end goal of protecting valuable information assets developed, maintained and owned by all the Centers, and managing information security risks across CGIAR by implementing secure information architecture. One of the broad objectives of the Project was to promote the training of ICT systems security administrators with international qualifications such as the CEH.
The Program would like to extend its heartfelt congratulations to Dante, Peter, Roberto and Rolando on their success.