[Techie Tuesday] Meet Vivek Ramachandran, a cybersecurity expert and the man who discovered the Caffe Latte Attack
Vivek Ramachandran’s interest in cybersecurity sparked in the year 2000 when the world was rocked by one of the largest cyber attack on internet giant Yahoo.
All of 17 then, Vivek wondered how a single hacker could bring down the networks of a giant like Yahoo. And from then till now, Vivek’s interest in the subject has grown by leaps and bounds.
Today, Vivek is an influential voice in the world of cybersecurity. He is currently the Founder and CEO of Pentester Academy, a Cybersecurity training platform. Backed by Sequoia Capital, Pentester has been training several thousand students across the world. Prior to starting his teaching career, Vivek, an IIT Guwahati graduate, worked for majors like Reliance and Cisco.
However, the discovery of the Caffe Latte attack was a turning point in his career, which made him realise the importance of cybersecurity in the tech world, and the need for cybersecurity education, which eventually led him to start Pentester Academy.
Vivek’s work on wireless security has undoubtedly made him one of the best cybersecurity experts in India at present. Here’s an account of his journey in the ever-evolving field of IT security.
Love for technology and science
Hailing from Kolkata, Vivek’s love for technology, mathematics, and science began in his childhood. “My grandfather was a tinkerer, and he would open gadgets and work on them. It piqued my natural curiosity towards anything related to machines and science,” recalls Vivek.
His parents were bankers and his grandparents were teachers, which naturally inclined him towards academics. Looking at his interest in mathematics and science, Vivek’s aunt advised his mother to buy him a computer.
“I think I was the only one in my school to own a Compaq Presario,” says Vivek. It was during this time that one of his teachers encouraged him to focus on IIT. In 2000, Vivek applied and cleared his entrance at IIT Guwahati.
Though Vivek had chosen electronics, his passion for computer science continued, and he started learning more about security during his free time.
At the end of his third year, Vivek wanted to do his project in cybersecurity. But being the only electronics student who wanted to do a project in cybersecurity, Vivek found it hard to find an internship.
Vivek Ramachandran during his IIT Guwahati days
Trip to Switzerland
“I wrote to every possible professor and university around the globe. Finally, I got a response from a professor at the University of Rapperswil, Switzerland. The professor wrote back asking me if I had worked on wireless security,” says Vivek.
Vivek was not much aware about wireless security. But at the same time, he didn’t want to lose his internship. “After burning the midnight oil for several days, I researched and wrote a paper on wireless security and landed in Switzerland in 2003,” says Vivek.
“At Zurich, I worked hard and learnt more about wireless security. The project was supposed to be completed in three months, and I finished it in half the time. I even got a laptop as gift,” says Vivek.
These kind of positive reinforcements help and make you more focussed, says Vivek.
Learning on the job
After completing his project in cybersecurity, Vivek joined Reliance in 2004.
“I worked there for a few months, but the place where I found myself at home was Cisco.” The company had set up a lab environment where we could learn and start building projects on security. “I would work from Monday to Friday, and on Saturdays, I would go back to learn different things on security. I even got a couple of research papers published while at Cisco,” says Vivek.
But Vivek realised that his skill was more in breaking rather than building security products. So, in 2006, he joined Airtight Security Networks, which was later renamed as Mojo Networks.
Vivek during Microsoft's security shootout
Getting deeper into hacking
The same year, Vivek participated and won the Microsoft Security Shootout, a cybersecurity hacking competition.
Mojo Networks looked at security in different ways, which gave him a broader perspective. He also got the opportunity to work with Pravin Bhagwat, Co-founder and CTO, Mojo Networks.
“Pravin gave me my first challenging project. There was this technology called web cloaking, and if I could crack it, they would publish my paper and I could talk at a conference,” says Vivek.
Vivek successfully cracked it, and became one of the first Indians to go to the Defcon Security Conference in Las Vegas, where he presented a paper on cybersecurity.
Cracking the Caffe Latte Attack
Vivek’s curiosity about cybersecurity continued to grow, and it was then that he discovered the Caffe Latte Attack in 2007.
“I had started working on WiFi security and Cabe security. I was hacking and experimenting, and it was then that I accidentally discovered the Caffe Latte Attack. I figured there was a way one could crack the web key with the password to get into the wireless network using a client’s access points. There was a weak link in the network. I spoke to Pravin, who asked me to write about it and we went to the press,” says Vivek.
This was a turning point for Vivek. Not only did he realise that cybersecurity was going to be strongly needed, he also realised that very few people understood it because it was intricate, and people just didn’t think like hackers.
“It was just a certain way of thinking, and that ended up being my secret sauce. I realised there would be many people around the world who would want to learn about cybersecurity,” says Vivek.
The Café Latte Attack is now part of Wireless Security textbooks and is used for several wireless penetration testing tools like Aircrack-NG.
In 2009, Vivek started Securitytube.net and recorded and posted videos on a range of cybersecurity topics.
India wasn’t considered a technology hub then. “We were looked as a cheap outsourcing destination, and people made comments on the most mundane things like my accent,” says Vivek.
Undeterred, Vivek continued to post videos, and within a year, there were more people who were keen to learn than not.
“By 2010, I thought of focusing on teaching. While many wondered why I had given up my lucrative job to focus on teaching, my parents said, do what makes you feel happy. By then, I had realised that teaching made me happy,” says Vivek.
Soon, he started getting invites from different corporates across the globe asking him to teach their recruits. It was the break Vivek was looking for, but it also meant living out of a suitcase. In the early 2010 and 2011, the idea of online education hadn’t kicked off. “But it gave me a global perspective of the space,” adds Vivek.
Vivek with his late grandmother
The first step as a teacher
In 2011, Vivek launched an online course. The course was priced for $250. While the videos were free, they would get a certification on cybersecurity.
“But I felt my name on a certificate wouldn’t matter,” says Vivek. But within six hours, he had 100 registrations.
“I was worried if people really understood what they were paying for. I mailed the first 100 people who made the purchases, and they responded saying we’ve been following your videos for a while now, and would love to have a certification from you. It was then I truly understood the power of learning. People who didn’t actually know you and irrespective of your background, wanted to support learning,” recollects Vivek.
Vivek has also authored many books, including BackTrack 5 Wireless Penetration Testing Beginner’s Guide.
Piracy that helped gain visibility
Around this time, Vivek was in Brussels teaching a class for the European counsel general, and he learnt that his videos were getting pirated.
Surprisingly, Vivek says, “The users had started doubling. What I figured was that because of the piracy, my lectures had become more popular.”
Vivek says, instead of killing us, the piracy gave us more visibility, and he decided to bundle up the courses and start Pentester Academy in 2011. It was a digital library of all SecurityTube courses, with a monthly subscription of $39.
By 2018, the company had become a multi-million-dollar business, and had students from 90 countries. “I started getting calls from the US Defence forces to teach their recruits on cybersecurity in 60-day bootcamps,” says Vivek. He also built a few products for the US Army.
“We then pivoted from an online cybersecurity lab-focussed company to a courses-focussed company,” says Vivek.
From 2018 to 2019, the team build the lab infrastructure and the first 1000 cloud labs. They also started getting acquisition offers.
“While many people told me to take the offer and become a serial entrepreneur, I personally didn’t see myself in that space. I am in love with cybersecurity education, and I can’t fall in love with anything else,” says Vivek.
Pentester is currently focussed on online labs.
Being backed by Sequoia India Capital's Surge
It was then that Jaspreet Singh, Founder, Druva Technologies, and Vivek’s batchmate from IIT Guwahati, told Vivek about Sequoia Capital. Vivek wrote a cold mail to Shailendra Singh, Managing Director, Sequoia Capital, and Shailendra wrote back. Since then, there has been no looking back.
Vivek recalls: “In a recent conversation, Shailendra said, thanks for that cold email that started everything.”
Advising future entrepreneurs and techies, Vivek says, it is fine to do things that is unexpected and different. “VCs are known to ignore cold emails, but if you don’t try, you will never know.”
He adds, “Learn how to showcase and market your work. Many technical people do not do that well, but that is an important skill.”