I’ve done close to 100 training sessions now. I’ve done consulting work for many small agencies, and I guess the big break was when I decrypted the message that was intercepted by the US Government. When I talk to a particular company, they go through my profile and it completely changes the way they look at me.

What are your goals over the next 5-10 years?

I finish my education in a year’s time, so I’ll finally have a Stanford University degree. But I definitely want to pursue computer security as a full time career – consulting and training will always continue. But recently I’ve also branched into new fields. I’ve invested a lot into real estate in India, which is really booming in the cities. Another thing I plan to do is set up a chain of restaurants in India. The idea is to perfect the model and then to franchise it out. In India, going out to dinner or lunch is like an event – everybody dresses up. So I think there is a huge market for different cuisines and different kinds of restaurants.

Most Australians remain oblivious to computer criminals. What are some of the real threats local companies face?

In the last six months there have been around 20 to 25 major viruses that have infected thousands of mobile phones across 20 to 30 different countries across the world. So mobile phone security is the next big thing.

But within computer security, I think SPAM has always been a big issue of concern. Even today, most companies are struggling to come up with good, fool-proof counter measures against SPAM. Phishing attacks are always there. I think its just that more appliances are being connected to the internet. We are talking about digital homes, where refrigerators, televisions, all different electrical appliances are connected to the internet. The time where it’s possible for an attacker to hack into a refrigerator is not to far away. The more we depend on technology, the more concerns we will have over invasion of privacy.

Identity theft seems to be quite a big problem at the moment.

It’s known as social engineering, where in you can just call up a bank or company call centre and pretend to be someone else in order to find out sensitive data about that person, which then can be misused against them.

You receive a monthly mobile phone bill, right? What do most people do? They make the payment and simply throw it away. But there is a technique called dumpster diving, where people go through the victim’s trash for bills, which contain all of the information you need to call up that person’s mobile phone operator and change any sort of information about that particular account.

A lot of smaller businesses don’t have big budgets to protect themselves from some of the issues that you’ve raised.

They can send me an email. Say, for example, you own a mid-size company. If you were to do security on your own or you wanted to hire a systems administrator, what would you pay?

Ten grand a month?

About US$8,000? What if I told you that I manage your security, and you could pay me only US$299 a month?

It sounds like a relatively good option.

Exactly. The end vision that I have is for people being able to go to a website, fill out a form, describe the network, describe the number of systems, platform and the kind of software they are running. They should be able to install a patch and then remotely, my people sitting in India, who are being paid Indian salaries, in India currency, are then able to provide affordable, quality security solutions, management and security monitoring services to clients the world over.