INI: The Information Networking Institute

Alumni Profile: Security Consultant

On first impression, everything is illegal about what he does, breaking into computers, Web sites and networks. But Amit Bagree (MS17) is neither a rogue government agent nor a cyber criminal. He applies his MSISTM degree to help companies secure their critical digital infrastructure as a Security Consultant with Foundstone, a division of McAfee.

"I'm based out of Orange County, California but end up traveling very often, which can be tiring and energizing at the same time because most of the projects I do are really exciting. How can you not get a kick out of hacking some of the most important systems and biggest networks on earth? Be it big financial institutes, insurance companies, government or even universities."

Put simply, Amit is a hacker, but his activities are all under legal contract, and he gives his clients the strategies they need to better protect their assets. He was recently in a client's internal
network to compromise a Microsoft Domain Administrator account, the "ultimate prize" in this line of work. He thought he had tried everything. "I had exhausted most of the common tricks
in my hacker bag, and by the fourth day the level of impatience and frustration had reached its limit, but I didn't want to give up," he recalled.

"Technical details apart, three hours before I needed to catch the return flight ... BOOM. I get it! My mantra, 'Look long, look hard,' paid off."

He typically communicates with technical staff on the client side to outline the problems, and he communicates high-risk findings immediately. He concludes his work by detailing the technical issues he has found and providing the company with strategic recommendations to ensure their security into the future. Often project close-outs require meeting with C-level management to deliver his conclusions.

"For every hole we discover, we recommend fixes or mitigating strategies. These can be patches, upgrades, software or hardware. The multidisciplinary courses such as Risk Management, Groups and Teams in
Organizations, Finance and Entrepreneurship have helped me in understanding the big picture. A dollar value to everything security," he said.

Amit's love for his job is apparent, and he constantly brushes up his knowledge of the highly dynamic information security industry. He keeps a tab on relevant books and blogs and contributes to an internal Skype channel that Foundstone consultants set up to share news with each other. He is a regular Red Team Hacker at the Western Region Collegiate Cyber Defense competition and attends BlackHat and DefCON in Las Vegas.

Amit says his interest and skill in hacking developed over time, starting in his second year of college when he picked up the Unofficial Guide to Ethical Hacking by Ankit Fadia. "From then on it was mostly searching the Internet for more knowledge and trying out mischief on my brother's computer," he said. "If it were not for my father's courage to afford the education and my family's support, I wouldn't be doing what I'm doing. Big hugs to all my family and friends for always being there for me. Special thanks to my Director Corey White & VP Bill Hau for giving me the opportunity to work at Foundstone and cheers to the entire Foundstone team."

Article originally printed in the 2009 INI Alumni Newsletter.

Confident. Connected. Going Places.

The INI is a department of the College of Engineering at Carnegie Mellon University and the educational partner of Carnegie Mellon Cylab.

Contact Us Privacy Policy