Search

Lead Or Manage, Which Is The Ideal Approach In An Agile Team?

For all those who live in an Agile world, the word “manager” is not the most loved one. But what is it that makes us feel like that? Why don’t we have the same feelings when we hear the word “leader”? Well, let’s think a bit about it... Often used interchangeably, the terms management and leadership create confusion among people. Some people think that management and leadership are the same thing, others don’t.  In fact, the term leadership in the organizational world is relatively new. A couple of centuries ago, no one would have thought of using it in a work environment. Indeed, great leaders of history were related to politics, philosophy, governments, religion. Some examples are Abraham Lincoln (president of the United States that abolished slavery), Martin Luther King Jr (Baptist minister who led the Civil Rights Movement) and Mahatma Gandhi (who led India to independence and inspired movements for civil rights and freedom across the world), among others. Based on these examples, and if you Google it, you will find several others, we can infer that to lead is to motivate, to inspire, to influence people. And why would someone want to influence others? Well, to share a vision with the team and motivate the team to be aligned to that vision!  So, what makes the difference between a manager and a leader? Basically, it is the approach they use to reach people and the approach they use at work. Leadership is about inspiring and management is about planning. Leaders are focused on aligning people to the organizational vision, which includes obtaining their buy-in, communication, motivation, and inspiration, while managers focus on planning, budgeting, and taking the vision to a reality. Managers follow processes that make organizations successful, they take care of numbers that demonstrate good performance and solve problems when they arise.  Control or inspiration? Basically, managers direct and control. They follow the organization’s policies and processes. Their work is more rational and logical. They create plans and follow them till their success. Managers have to detect risks that may impact their plans and mitigate them. Their objective is to have everything under control, even those plan items that may be at risk since their final goal is to achieve the expected outcome for the team. Management is the practice of manipulating people for personal gain. Leadership is the responsibility of inspiring people for the good of the group. — Simon Sinek (@simonsinek) February 6, 2018 On the other hand, leaders let people be themselves, but at the same time, they share with them the organization’s vision and inspire them to follow it, to be part of a bigger purpose. Leaders understand that forming high performing teams is much better than having individual heroes since diversity is the key to success. This is the reason why their focus is on developing people to its highest performance. Leaders truly believe that this is the path to achieving the expected outcome for the team. Status quo or disruption? Managers ensure that the organization’s policies and processes are followed, but leaders… leaders challenge the status quo. Managers try to ensure that every plan is complete as agreed, but leaders embrace change. They know that change is part of our lives and that if teams do not adapt to change, they may die. This doesn’t mean that managers don’t believe this as well, but their focus is set on achieving goals, as planned. People or processes? Managers create or follow processes and use tools to support the team in the accomplishment of their objectives. Leaders focus on developing people, by coaching them to be a better version of themselves. …..“People over processes”, this is one of the values of the Agile manifesto. And this is the point where we distinguish leaders and managers, and why managers are not “that well seen” in Agile environments.  After having made this comparison, we may now understand those who are against management in Agile environments. Managers seem to be the opposite of what any Agile team may want… However, in order to have successful organizations, there needs to be managers and leaders, people with logical minds and people with innovative ideas. If an organization is run efficiently, then for sure there are leaders and managers in it!! It is the key for organizations to create the correct balance between leadership and management. Of course, “correct balance” may mean something completely different for each organization, and it is their responsibility to define it and achieve it. Achieving it may mean having in your team leaders, managers or people that have management and leadership skills, which gives them and the company a competitive advantage. It is key to understand that both sides of the coin are important. Nowadays, people not only look at their managers for them to assign tasks but for guidance. Teams are eager to grow and improve, teams are eager to embrace change and be challenged. So, what are you waiting for? Challenge them! Give them what they want and they will be high performers, for sure! As Peter Drucker says: “You don’t manage people. Your task is to lead people by making productive their specific strengths and knowledge.” Never forget that in Agile environments, “people” are your highest priority. 

Lead Or Manage, Which Is The Ideal Approach In An Agile Team?

251
Lead Or Manage, Which Is The Ideal Approach In An Agile Team?

For all those who live in an Agile world, the word “manager” is not the most loved one. But what is it that makes us feel like that? Why don’t we have the same feelings when we hear the word “leader”?

Well, let’s think a bit about it...

Often used interchangeably, the terms management and leadership create confusion among people. Some people think that management and leadership are the same thing, others don’t. 

In fact, the term leadership in the organizational world is relatively new. A couple of centuries ago, no one would have thought of using it in a work environment. Indeed, great leaders of history were related to politics, philosophy, governments, religion. Some examples are Abraham Lincoln (president of the United States that abolished slavery), Martin Luther King Jr (Baptist minister who led the Civil Rights Movement) and Mahatma Gandhi (who led India to independence and inspired movements for civil rights and freedom across the world), among others.

Based on these examples, and if you Google it, you will find several others, we can infer that to lead is to motivate, to inspire, to influence people. And why would someone want to influence others? Well, to share a vision with the team and motivate the team to be aligned to that vision! 

Management Quote

So, what makes the difference between a manager and a leader? Basically, it is the approach they use to reach people and the approach they use at work. Leadership is about inspiring and management is about planning. Leaders are focused on aligning people to the organizational vision, which includes obtaining their buy-in, communication, motivation, and inspiration, while managers focus on planning, budgeting, and taking the vision to a reality. Managers follow processes that make organizations successful, they take care of numbers that demonstrate good performance and solve problems when they arise. 

Control or inspiration?

Basically, managers direct and control. They follow the organization’s policies and processes. Their work is more rational and logical. They create plans and follow them till their success. Managers have to detect risks that may impact their plans and mitigate them. Their objective is to have everything under control, even those plan items that may be at risk since their final goal is to achieve the expected outcome for the team.

On the other hand, leaders let people be themselves, but at the same time, they share with them the organization’s vision and inspire them to follow it, to be part of a bigger purpose. Leaders understand that forming high performing teams is much better than having individual heroes since diversity is the key to success. This is the reason why their focus is on developing people to its highest performance. Leaders truly believe that this is the path to achieving the expected outcome for the team.


Status quo or disruption?

Managers ensure that the organization’s policies and processes are followed, but leaders… leaders challenge the status quo. Managers try to ensure that every plan is complete as agreed, but leaders embrace change. They know that change is part of our lives and that if teams do not adapt to change, they may die. This doesn’t mean that managers don’t believe this as well, but their focus is set on achieving goals, as planned.

People or processes?

Managers create or follow processes and use tools to support the team in the accomplishment of their objectives. Leaders focus on developing people, by coaching them to be a better version of themselves.

…..“People over processes”, this is one of the values of the Agile manifesto. And this is the point where we distinguish leaders and managers, and why managers are not “that well seen” in Agile environments. 

people or processes

After having made this comparison, we may now understand those who are against management in Agile environments. Managers seem to be the opposite of what any Agile team may want…

However, in order to have successful organizations, there needs to be managers and leaders, people with logical minds and people with innovative ideas. If an organization is run efficiently, then for sure there are leaders and managers in it!!

Leader & manager difference

It is the key for organizations to create the correct balance between leadership and management. Of course, “correct balance” may mean something completely different for each organization, and it is their responsibility to define it and achieve it.

Achieving it may mean having in your team leaders, managers or people that have management and leadership skills, which gives them and the company a competitive advantage. It is key to understand that both sides of the coin are important. Nowadays, people not only look at their managers for them to assign tasks but for guidance. Teams are eager to grow and improve, teams are eager to embrace change and be challenged. So, what are you waiting for? Challenge them! Give them what they want and they will be high performers, for sure! As Peter Drucker says: “You don’t manage people. Your task is to lead people by making productive their specific strengths and knowledge.”

Never forget that in Agile environments, “people” are your highest priority. 

Gisela

Gisela Provenzano

Blog Author

Gisela is an IT consultant with over 10 years of experience as a Processes and Methodologies SME, Project Manager, Scrum Master and Agile Coach. Her forte includes Agile methodologies like Scrum, Kanban, Scrumban, Pair Programming, and TDD for Data Science and Operations Research projects. Since 2013, she has been working for different accounts like Deloitte, Carnival, Teletech, BBVA, LAN, GAP, Pernod Ricard, K12, iSeatz and Westcon, wherein she was involved in project improvements, processes framework implementation, project management, consultancy and coaching.

Join the Discussion

Your email address will not be published. Required fields are marked *

Suggested Blogs

The 7 Highest-Paying IT Certifications Must Do In 2020-21

Launching a career in IT takes much more than just college education. You need to be tech-trained and have one of the top IT certifications. Wondering why you need such certifications? Jobs in the IT domain require specific skill sets and having such certifications validate your ability to perform the job. Being certified also works in your favor when you are looking for a job for the first time or need a job change since the hiring managers would know you possess the skills to succeed. From security and networking to cloud computing and virtualization, there exists a wide range of IT certifications that would help you to earn a fat paycheck and launch your dream IT career, or take your career a few notches above in case you are already employed. However, not every certification would help. You need to find the ones that will give you the optimal return on your money. But with a proliferation of a wide range of certifications, each claiming to be better than its competitors, how do you decide which is the best for you? We bring you some help in your endeavor by listing the top seven IT certifications that you must do in 2017-18 to enjoy a rewarding IT career. 1. Certified in Risk and Information Systems Control (CRISC) This certification from ISACA is designed for IT project managers and professionals as well as others whose job needs them to recognize and manage IT and business threats through suitable IS (Information Systems) controls. The CRISC exam covers the whole life cycle, from design and implementation to continuing maintenance, and will fetch you an average yearly salary of $131,298. On our list, this is the highest-paying certification. To get it, you must have a minimum of 3 years’ experience in at least two of the four areas (Identification, Assessment, Control Monitoring and Reporting, and Response and Mitigation) covered by this certification and pass the exam that consists of 150 multiple-choice questions. You can register for this computer-based test on the ISACA website, which will cost you at least $420 (a bit more actually when you add the cost of test materials and preparation to it). In 2017, this exam is offered in three test windows (May 1 - June 30; August 1- September 30; and November 1 to December 30). Every year, you will need CPE (Continuing Professional Education) credits for maintaining your certification.  2. Certified Information Security Manager (CISM) The primary focus of this certification from ISACA is information security management. Though this certification will let you deal with engineering and designing of security protocols, you will have greater involvement in the company’s security management. This certification will let you earn an average yearly salary of $128,156. To get it, you must have 5 years’ experience in Information Security, a minimum of 3 of which should be as a security manager. This experience of yours must be achieved within the 10-year period prior to your date of application for certification or within the 5-year period from the date of passing the exam. Unlike the CRISC where no exceptions are applicable to the experience requirement, the CISM has some alternatives to the experience requirement. This exam consists of 200 multiple-choice questions. You can register for this computer-based test on the ISACA website, which will cost you about $415 (but a lot more actually when you add the cost of test materials and preparation courses to it). In 2017, this exam is offered in three test windows (May 1 - June 30; August 1- September 30; and November 1 to December 30). Every year, you will need continuing education credits for maintaining your certification.  3. AWS Certified Solutions Architect – Associate This certification is aimed at people involved in designing and managing applications on the AWS (Amazon Web Services) platform. The exam covers everything from AWS best practices, AWS cost estimation and identification of cost control measures, to AWS system design and deployment. For getting this certification, you need to have hands-on AWS experience (1 year or more) along with proficiency in one high-level programming language. The candidates also need to have the ability to recognize an AWS-based application and define requirements for it together with the experience of deploying hybrid systems with AWS and components on-premises and be capable of providing the best practices for setting up reliable and secure applications on the AWS platform. Kryterion testing centers offer this computer-based exam that consists of 60 multiple-choice questions. The exam registration fee is $150. However, armed with this certification, you will get to earn a yearly average of $125,091. 4. Certified Information Systems Security Professional (CISSP) This CISSP certification is your ideal choice if you are an auditor, analyst, systems engineer, security consultant, or manager since it gives you the chance to prove your capability of engineering, designing and maintaining the IT security policy of a company. Pearson Vue Testing centers offer this exam against a few of $599. This exam consisting of 250 multiple-choice questions and needs an eligible candidate to have a minimum of 5 years’ of full-time work experience in two or more of the eight domains CISSP CBK (Common Body of Knowledge) domains. Those not having adequate work experience can meet 1 year of required experience with a 4-year college degree (or its regional equivalent), or a credential permitted by the CISSP Prerequisite pathway. As a second alternative, you can earn your (ISC)2 Associate designation by taking and passing the CISSP exam, after which you will have up to 6 years’ time to earn the necessary work experience. You must earn CPE credits every year to stay certified. This certification will give you access to a career that pays an average yearly salary of $121,729. 5. Project Management Professional (PMP) This is the most renowned project management certification that lets you work in almost any industry, at any location and with any methodology. Project Management Institute (PMI) has created this test and manages it as well. You have to apply at the PMI website to take this exam. After the approval of your application, you would be able to sign up for the actual exam via Prometric. The prerequisites of this exam are having a secondary degree (associate’s degree, high school diploma, or the global equivalent) along with 7,500 hours of project management experience and 35 hours of project management education; or having a 4-year degree together with 4,500 hours of project management experience and 35 hours of project management education. You will need to shell out $405 for taking this test. Every three years, you need to compulsorily earn 60 PDUs (professional development units) for maintaining your PMP. $119,349 is the average yearly salary that this certification will bring your way.  6. Citrix Certified Associate – Networking (CCA-N)   This certification is ideal for systems or network administrators, architects and engineers adept in desktop and app virtualization, who plan to expand their skills to include NetScaler 10.5 for desktop and solutions app. To get certified, you have to prepare with the recommended training that includes two options: taking Citrix NetScaler Essentials and Unified Gateway or CNS-222; or getting prepared with Citrix NetScaler Unified Gateway or CNS-221 in case you’ve already taken the Citrix NetScaler Essentials and Traffic Management or CNS-220. In addition, you have to analyze the preparation guide for Exam 1Y0-250: Implementing Citrix NetScaler 10 for App and Desktop Solutions; and pass Exam 1Y0-250. The exam costs $200 and the certification would stay valid for 3 years. With CCA-N certification, you can aim to earn an average yearly salary of $102,598.  7. ITIL v3 Foundation It’s the entry-level ITIL certification that offers an extensive knowledge of the IT lifecycle together with the ITIL terminology and concepts. It covers everything from capacity and availability management to incident and change management, along with IT operations and application management. Selection and authorizations of partners are done by ITIL, who in turn provide education, training, and certifications. The ITIL foundation exam consists of 40 multiple-choice questions and costs $150 plus taxes (VUE/Prometric). To pass this exam, you should have knowledge (at the comprehension level) of ITIL service life-cycle, service management as a practice, and the key models as well principles along with awareness level knowledge of generic definitions and concepts, selected processes, roles and functions, as well as technology and architecture, among others. Simply passing this exam is all you need to do to get certified, and once you have this certification, you can expect to earn an average yearly salary of $103,408.  Summary A quick analysis of this list shows that all these top certifications pay more than $100,000 on an average, and are related to the domains that are experiencing a growing demand in the market, namely security, virtualization and cloud computing, together with networking and business. All these IT certifications can help in your career advancement – no matter whether you are a junior-level employee aiming to improve your skills to bag better opportunities in the IT industry, or a tenured employee looking to constantly grow and adapt your skills to meet the fast-changing IT landscape. But since you will come across a huge number of IT certifications that are offered today, it becomes important to research well before taking your pick since a handful are far more valuable than the others.  
The 7 Highest-Paying IT Certifications Must Do In ...

Launching a career in IT takes much more than just... Read More

5 Trends Influencing Cloud Computing In 2021

Cloud security was the biggest concern of 53% of the webmasters that participated in the giving birth to an important 2017 cloud computing trend, i.e., improved cloud security. The cloud providers like Google, Microsoft, AWS etc., have started coming up with advanced threat monitoring tools and other robust identity management functionalities to increase the security within every layer of cloud infrastructure. This improved cloud security trend would not just reinforce the trust of organization on cloud computing but also transform the way cloud security was being operated over the years.   Like improved cloud security with many cloud benefits, there are many other trends that are influencing cloud computing in 2017. These trends are changing the way cloud computing was being used as well as provided by the organizations and cloud providers respectively in the yesteryears. A clear understanding of these trends is imperative to gain a competitive edge in terms of speed, agility as well cost savings. So, let’s not waste any more time and jump straight to the five trends that are influencing cloud computing in 2017.  Hyperconvergence The hype around hyperconvergence in the realm of cloud computing has increased drastically in 2017. A gradual shift can be seen to hyperconverged cloud infrastructure aka HCI that has provided ease in the process of managing integrated technologies with the help of a common toolset. It will allow organizations to leverage the already integrated storage resources that will ease power computation for faster cloud implementation. Organizations that seek to build their own private cloud resources would be turning their attention towards hyperconverged cloud infrastructure that offers the support of virtualization at present.  Hybrid Cloud Management Due to the increased need for flexibility and swift information sharing, an orchestration between the private cloud and public cloud services has surfaced in the cloud computing domain. This amalgamation of public and private clouds is called a hybrid cloud. The need for effective management of hybrid cloud has given birth to cloud service brokers in 2017. They are responsible for not just defining all the hybrid services but also securing and managing them. The rise of these hybrid cloud manager aka cloud service brokers would be a big influence in the way cloud computing management worked earlier.  Enterprise Cloud Computing A dramatic rise in enterprise cloud computing has been witnessed in the first semester of this year. Instead of depending on a single cloud for their different information technology and business needs, companies are now diversifying their approach to multiple cloud models. Enterprise cloud computing is allowing businesses to make contracts with different cloud providers irrespective of them being private, public or hybrid. They are now getting their services hosted on different platforms that offer the most appropriate solution to their needs.  Cloud-Run Business Apps At present, the share of cloud-run business apps is 70%, which is gradually increasing with the expansion of enterprise cloud computing. By the end of 2020, more than 90% of the organizations in the world would have cloud-run apps for their business. Increased productivity, enterprise mobility, and user-driven customization are some of the core drivers for business apps towards cloud computing. Cloud adoption has accelerated in 2017 and would continue to do so in the coming years.   Cloud Containers On The Rise Cloud containers like Linux are used by top companies like Google, Microsoft, Facebook etc., and are becoming a rage among other organizations too. They offer a more secure, streamlined and simplistic implementation methods for each and every infrastructure requirement. Cloud container is one of the most relevant developments for the developers as it enables the packaging of applications in a more standardized way. It also facilitates the development of various micro services that’ll provide ease in security, monitoring, storing and networking etc. While cloud computing is not a new technology for businesses, the trends discussed above have given it a makeover and transformed the way it is being used by businesses in 2017. All the five trends, i.e., hyperconvergence, hybrid cloud, enterprise cloud, cloud-run business apps and cloud containers have led to a continuous expansion of cloud computing throughout the first two quarters of this year and would continue to influence cloud computing in days to come.  We have been able to cover only a small part of what Cloud Computing has to offer. There is so much more to learn. You can move on to the AWS certification course of KnowledgeHut that will help you prepare for the AWS certification exams.
5 Trends Influencing Cloud Computing In 2021

Cloud security was the biggest concern of 53% of t... Read More

Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or in more technical terms, “Penetration Testing” is not something you can master by reading an article or doing a crash course. There is much more to ethical hacking! In this article, we would have a look at what hacking is, the different types of hackers, steps involved in a hacking or penetration testing activity including common tools and techniques, how the industry looks at ethical hacking and the common certifications related to hacking. Before we jump into the details, let us understand what a vulnerability is, because we would be using this term again and again. Vulnerability is any loophole or a weakness in the system that could be exploited by a hacker. What is hacking and ethical hacking? To understand hacking, let us first understand what a hacker does. Whenever we think of a hacker, we imagine a guy with a hood, sitting in a dark room, having multiple computer screens in front of him and typing something at a blazing speed! We hate to burst your bubble, but most hackers do not fit that preconceived stereotype! A computer hacker is a person with deep domain expertise in computer systems, who is well versed in various methods of overcoming defense mechanisms by exploiting vulnerabilities in a computer system or network. A hacker could be financially or politically motivated or could be working with an organization to help them strengthen their infrastructure. Hacking refers to the activities that can overpower/derail the security mechanisms of digital devices like computers, smartphones, tablets, and even entire networks. It exploits the vulnerabilities present in the system or network to gain unauthorized access to confidential information. Hacking could be for personal benefit or with malicious intent. However, in ethical hacking, the hacker exploits the vulnerability, gains access to the data, but never alters, deletes or uses it for personal or professional gain. The hacker, in this case, will disclose the vulnerability to the owner of the system with a “Proof of Concept” (PoC) and request the owner to get the vulnerability remediated. Generally, ethical hackers have explicit permission to exploit the target from the owner. Who are the different types of hackers? Hackers can be generally categorized into three types based on the kind of work they do and the intent behind their hacking. Black Hat Hackers – These are hackers who attempt to bypass security mechanisms to gain unauthorized access with a malicious intent. Generally, these hackers work with the intent of financial gain and/or causing damage to the target. They may be individuals, self-motivated groups (also known as hacktivists who aim to bring political or social change) or politically motivated groups (state sponsored hackers). White Hat Hackers – These are professionals generally working with or for a company to help strengthen its digital security systems. The white hat hacker has explicit permission from the system or the information owner to attack the system. The intent here is to fix potential vulnerabilities before the black hat hackers could exploit them. Grey Hat Hackers – These individuals operate either as   white hat hackers or black hat hackers, hence the nomenclature. What are the steps involved in hacking? Let us take a deeper dive into ethical hacking and understand the steps involved. Throughout this section, we will look at the steps involved in ethical hacking, and some commonly used tools and techniques which hackers generally use. To illustrate our explanation, let us assume an attacker, Mr. X is targeting an organization TaxiCompany Inc. 1. Reconnaissance or Foot-printing – As per the Oxford dictionary, reconnaissance means, “the activity of getting information about an area for military purposes, using soldiers, planes, etc.”. Similarly, in hacking, reconnaissance means gathering information about your target. This information includes IP address ranges, Network, DNS Records, Websites, or people working with the organization. So, in this step, Mr. X would try to find the details of the key people working for TaxiCompany Inc., its website, etc. Reconnaissance could be active or passive in nature. In active foot printing, Mr. X would directly be scanning the network of TaxiCompany, or its websites using various tools. In passive foot printing, the Mr. X would not directly interact with any infrastructure or person. He would rather look at publicly available information from social media, public websites, etc. Commonly used tools/techniques for reconnaissance:  Who Is: Who is lookup tells you details about the website, the owner, contact number of the owner, and the address where the website is registered? You can simply visit who.is and enter the domain you wish to search for. NMAP: NMAP or the Network Map is a tool widely used for recon and scanning. Hackers can use this tool to find details like IP range, active hosts, open ports, etc. A simple command is nmap to find active hosts is “nmap -sn 192.168.1.1-100”. This command will find all active hosts in the provided IP range. Social Engineering: This is a technique, whereby the attacker engages directly or indirectly with the staff of the target organization and manipulates them psychologically to reveal confidential information. Some other tools which are used for footprinting include social media sites, Nessus, Acunetix, lullar.com 2. Scanning – Once Mr. X has some basic information about the TaxiCompany, he would start to collect in-depth information which could help him penetrate the network and access confidential information. Mr. X is most likely to use port scanners, sweepers and vulnerability scanners of different types. Mr. X could now be targeting the website or the network of the organization. For websites, using scanners like Nessus and Acunetix could give loads of information about the server where the website is hosted, open ports, server version, hosting platform, etc. In case of a network, network mapping and scanning tools will help Mr. X understand the active hosts, services (ports) running on them and with some intense scans, the OS running on the active hosts and even the vulnerabilities present! Kali Linux is a distribution of Linux operating system which is widely used by hackers around the globe for hacking and penetration testing. It contains almost every tool one would need for various steps of hacking. NMAP, wireshark, ncap, metasploit, etc. are pre-loaded in Kali Linux. Now based on the information gathered in the scanning phase, Mr. X can now easily look for vulnerabilities in the OS or the hardware using databases like NVD or CVE. Commonly used tools/techniques for scanning: Apart from NMAP, the below tools are used to perform vulnerability scanning: Nessus: The most famous vulnerability scanner from Tenable, it has 100s of plugins which allows you to make sure all vulnerabilities and misconfigurations are identified. Acunetix: Acunetix is known for its features and capabilities for web application scanning. 3. Gaining Access – Now Mr. X knows the network, active hosts, services running, details of the operating system and the vulnerabilities present. Next, Mr. X would gain access to the assets of TaxiCompany. Mr. X now has several options to penetrate the network. He can send a “Phishing Mail” to some key people (contacted using social engineering) and trick them into clicking a malicious link (and seek username and password). Alternately, he could try tricking them into downloading a malicious attachment and installing a keylogger to get all the keystrokes. This is a fairly easy task. There are certain fake-mailers like zmail or emkei.cz which allow you to send email to anyone using any email ID as the source email. Emkei is a very popular and useful tool for sending fake email and running phishing campaigns. One can design a mail looking exactly like the original one from the same email ID and trick someone into clicking or downloading something. Designing a phishing page or creating a malicious file is also possible using “Metasploit”. Metasploit allows you to create an exploit and using msfvenom (or any similar tool) you can attach this exploit to an innocent looking pdf or excel file! Once the target user inside TaxiCompany opens this attachment, Mr. X gets the meterpreter shell and can now access almost everything on the target machine. Mr. X has now successfully gained the access of a system within TaxiCompany. Now he is free to navigate the system and the network to get the information he is looking for or infect more devices! Commonly used tools/techniques for gaining access: Kali Linux: A fully loaded operating system with all the tools starting from wireshark to Metasploit to burp suite, it contains everything! Phishing: A technique where the users are lured into clicking or downloading something on their computers. It is also possible by phone calls; a common example is fraudsters pretending to be from Bank and asking card details and OTP. 4. Maintaining Access – Once Mr. X has gained access; he would probably like to secure that access or create another one to ensure that he has a persistent access to that machine. This could be done by using Trojans, Rootkits and backdoors. This is generally done to ensure that more information could be gained or to launch attacks using this machine. In a case where attacker controls a machine and uses it to launch further attacks, the machine is said to be a bot. An attacker uses several of these bots, called ‘botnet’, to launch attacks such as Distributed Denial of Service (DDoS) wherein thousands of requests are sent to a server at a time, potentially consuming all the bandwidth and forcing the legitimate traffic to drop. 5. Covering Tracks – Now Mr. X has the access to the TaxiCompany’s confidential information and one of the computer systems. He now wants to make sure that he is not caught! This is generally done by corrupting or deleting the logs. While this is done at the end, some precautions need to be taken from the onset, such as using a Virtual Private Network or a VPN. VPN is a tool which encrypts any data between the source and the destination, hence making it very difficult to intercept the data. Also, VPN ensures that your actual public IP address is not visible to the target. There is always a dummy IP address which is visible to the target. So even if someone gets to know the IP of the attacker, that would actually be only the IP address of the VPN service provider! Some common free VPN tools are Hide my Ass, Nord VPN and Express VPN. How does the industry view ethical hacking? Ethical hacking is not only about CTF, HTB and bug bounties. It is much more than that. These days every company hires ethical hackers to make sure that their network, applications and data are secure from cyberattacks. Penetration testers are highly paid within an organization and they play a key role in identifying the security vulnerabilities and helping to fix them. There are various sub domains for ethical hacking which include mobile security, web application security, network penetration testing, API security and system security. Certifications related to ethical hacking If you want to pursue a career in Cyber Security, or to be more precise, in ethical hacking, having a credential is helpful. It affirms your prowess in cyber security and gives you an edge over your counterparts during the hiring process. Below are a few certifications in the field of ethical hacking that are globally acknowledged: EC-Council Certified Ethical Hacker (CEH) – The CEH, or Certified Ethical Hacker credential is the number one certification that any aspiring ethical hacker should aspire towards. The most common certification in the field of cyber security, it provides in-depth working knowledge about ethical hacking and the concepts related to it. CompTIA Security+  –  A little less technical than the CEH, CompTIA Security+ aims at imparting fundamental knowledge of security concepts and offers less focus on practical, hands-on skills. Offensive Security’s OSCP – One of the toughest and most reputed certifications in this sector that necessitates passing a 24-hour exam, it aims to test your skill set and understanding of cyber security. KnowledgeHut offers in-depth training that can help you to prep for these sought-after certification exams. Get guidance from the experts—click here to explore ways to crack these exams at your very first attempt!  
7389
Learn Ethical Hacking From Scratch

Despite the appealing title, ethical hacking or... Read More

Useful links