This AIMETC graduate is SOARING high in the world of cyber security and networking 

Here is one Apeejay alumni who is living up to the motto: ‘Soaring high is my nature,’ literally. Bengaluru-based IT professional Hardipinder Singh, a SOAR engineer with Cyware, honed his skills in security and networking with Wipro and IBM. In a wide-ranging interview, he recounts how Professors from Apeejay Institute of Management and Engineering Technical Campus (AIMETC) first realised his potential to shine in this niche career, explains how giants such as Google, Microsoft and Facebook are bullish about the role of Security Orchestration, Automation and Response (SOAR) engineers  and why people need to be more conscious about the personal data they share. Edited excerpts:

Please take us through your educational and professional journey

I started in 2013 at the Apeejay Institute of Management and Engineering Technical Campus (AIMETC) for my BCA and in those three years, I learnt quite a few things. One of the major influences that helped me start my career in security was that of Mr Harpreet Singh, one of my professors. He guided me to get a certified ethical hacker certification. I went for that side by side and because of that stepping stone, I started my security journey. In the 2016 placements, I was placed in three major companies: Wipro, Infosys and Accenture. I chose Wipro because they were offering a bright future related to networking and security. I took up the offer and began working with Wipro in December, 2016. I worked there for five years and I simultaneously completed my M. Tech from the Birla Institute of Technology and Science, Pilani. In these five years, I had worked in GSK and Intel as a contingent worker.  In the last three years I began working as the automation lead and security back-end engineer. My primary job was working on the Wipro security IPO SMC.  I learnt quite a few things and I had gone in for quite a few certifications in that period of time. Now, since I wanted to get back to security, I joined Cyware and am based in Bengaluru for the last five years.

How did you balance working with an IT giant and completing your M.Tech at the same time?

It was not easy, but Wipro made my life a little easier on the studies front. During the week I worked and on weekends I attended online classes. It was a harmonious process. It didn’t feel like I was studying in a college, I was applying whatever industrial knowledge that I was learning in the classes on an everyday basis. 

Please tell us about your current job profile as a Security Orchestration, Automation and Response (SOAR) engineer at Cyware?

In the last project at Wipro I was working as automation lead and security back-end engineer. It related to quite a lot of orchestration and automation of security postures and how responses are made. So, on the basis of the kind of experience I received, I got a job opportunity as a Security Orchestration, Automation and Response (SOAR) Engineer 2. Here I am working on two tools — Orchestrate and Response. My main job is to bring in the data from the security tools and work in such a way that a positive orchestrated response is given to every security incident that occurs. 

In layman terms, please explain what a SOAR engineer does ?

SOAR is an emerging technology that gained popularity two years ago. There are not many players in the industry and very few competitors in the market yet and tech giants such as Google, Microsoft and Facebook are investing heavily in it for the future. As an example, in simple terms, suppose you connect to any website, say Google, or Microsoft, or Facebook from your mobile phone, you are making a connection to an external computer somewhere. Once you make that connection, a bridge is made for data to flow from one place to another. Depending on what you are searching for and how you do it, there may be various techniques and methods with which this flow can take place. But it can also land a person into trouble. So, what the person will do in that process is to get some security tools such as firewalls, security scanners, anti-virus software etc. The problem arises when these tools are not communicating with each other.  If they are not communicating with each other they are not sharing the intelligence that they are gathering that can benefit the user. Let’s suppose your ant-virus sees that the browser from which you are surfing the Net is outdated. If it communicates this, the firewall that is supposed to protect the latest threats and intrusions will carry out its function and everything will work harmoniously. As SOAR engineers, we ensure this communication between security tools happens efficiently.  What we do is that we orchestrate security tool postures and collect security data in such a manner that each of the security tools is communicating harmoniously with each other and the user doesn’t need to worry about every tool working effectively in a manner that protects the network and the user.

What are your views on the proposed Personal Data Protection Bill?

Honestly, I haven’t read up on the Bill. But as far as I know, banning VPNs and ensuring that data goes in a routed way managed by the government may not be the best way forward. The way data is cloned, in my view should not be governed by any third party let alone the government. Of course, the State may have to step in at certain points. But generally data is a private entity. Say you are having a private conversation, nobody should be eavesdropping on it including the State. It doesn’t feel safe if that happens. The way kids these days surf, I think a regulatory mechanism is required but it depends on how it is implemented.

What role can information protection professionals like you play in raising awareness among common people about data privacy?
What I have seen is that when people like me try to explain security and what needs to be done to protect our information, it sounds like a hassle to many. If you remember, a couple of years ago, when the WhatsApp chats of a few individuals were leaked, people were momentarily worried about it. But if you told them about alternatives such as Telegram that had already existed for some time, not many of them were ready to switch because of the convenience and ease that existed. If people are to be made aware of ways to manage data privacy, we need to bring it down to a very simple level and make it so interesting that the man on the street understands data privacy. Most people are nonchalant about sharing their data with many companies, till a big incident happens and they get into trouble. Most people don’t want to inconvenience themselves by trying out new alternatives simply for the sake of securing their data.

With artificial intelligence and machine learning on the rise, the possibility of misuse of personal data also rises. What is your view on this?

Honestly, it depends. From what I’ve seen in the AI models being built, they may intrude on your privacy to a greater degree than the normal tools that you are using. As such, in the future it is a concern that may decide how data models are created. But for the time being intrusions into your personal life and messages can be problematic. AI and ML are still in a nascent stage in the country, but at a few companies such as IBM, the way they are converting natural language and converting text and understanding how people speak, the international market is rising rapidly. In India, the stage of refinement is yet to be achieved.

Please share your memories of the time you spent at AIMETC, Jalandhar?

That was a period of great learning and gave me a platform on which I’ve built my whole career. The big memories I have of two of my professors, Dr Amit Sharma and Mr Harpreet Singh, they guided and motivated me for a career in security and networking. They realised my potential and motivated me by saying I could shine in this career. That was a blessing. Secondly, Kanika Chopra Ma’am and Aman Pratap Sir shaped my articulation and public speaking skills with debates and hosting events. I will be always grateful to my teachers for that.