by: Maryam Syed
Founder and CEO of one of the largest IT security consultancy companies in Pakistan Zubair Khan has played a pioneering role in the development and growth of this field. He is a strong believer in constant research in the field that would keep the industry updated of all cyber security threats that face our computer systems. There is currently a gap between the IT security demand within Pakistan and the human resource available for its implementation, therefore there is a need to train more IT personnel in the art of IT security, he says. He talks to Blue Chip about his initial struggles in setting up the company and his rise to success.
How did you develop an interest in the field of IT security and when did you decide to pursue it as a career?
Zubair Khan: I come from a family with a strong military background and following that tradition I was enrolled at the Military College of Jhelum. However, I always knew military would not be the place for me because of my issues with authority. I had been interested in the world of hacking and computing since I was 12 years old. At the age of 15 I met a group of hackers in Philippines, where my father was deployed as a diplomat and my journey as a hacker began. I remember I saved my pocket money for three months before I could buy a CD that would teach me how to hack. By the age of 16 I wrote a 1600 page book called Hacking Portals. With abysmal marks in my matriculation and FSC exams, my future in the armed forces was obsolete and I set out to display and take advantage of my skill. I decided to monetize my skill by arranging training workshops in Islamabad. Some of them were hugely successful, however for some I had to urge my own relatives to attend. So the initial struggle was not without hardships and failures.
At the age of 18 I arranged to meet Chairman Nadra and offered to check and assess their security details. I scanned and evaluated their IT vulnerabilities and prepared a formal report, however I was not paid anything at the time. A few days later I contacted General Manager Nadra and inquired about the payment details and he asked me to send an invoice. Unsure about the amount to quote I made an invoice of Rs. 50 000 and received a cheque just a few days later. With Rs. 50 000 in hand I tried to think of ways to utilise that money and double my income. Other IT security companies were not willing to hire freelance consultants, therefore on 16thFebruary 2006 I registered my own IT security consultancy firm – Tranchulas.
At the beginning we were a bunch of kids without business maturity, however the company grew and developed into a 30 member team within two years. Tranchulas came into the market when their existed a gap between the IT security demand within the industry and its implementation. Therefore, we became the pioneers of penetration testing in Islamabad.
Tranchulas has offices operational in UK as well as US. How did that expansion come about?
ZK: Being an entrepreneur my vision was always to expand the company. To raise funds that would enable international expansion we initiated online Ethical Hacking and Certified Penetration Testing Professionals trainings. The online trainings were conducted live through CISCO WebEx and several other technologies. However, many of our trainees were from foreign countries and were apprehensive over training that was conducted from servers in Pakistan. We were approached by a Middle Eastern and an Australian company who offered us to carry out the training using their name to overcome this problem. However, the patriot within me refused to do so.
I remember I was a speaker at one of the largest hacker conferences in Europe and I said, “We are looking for partners, people who can help us sell our programme.” That single line changed my life. A Finland based and a U.S. based company approached us and showed investment interests. By September 2010 we had enough funds to initiate global expansion of the company. By early 2011 we had set up offices in UK and U.S. All the operations are centralised and both the US and UK offices are under the Pakistani office.
What is the current standing of the IT security industry in Pakistan and what is the potential for growth?
ZK: The industries of Pakistan are aware of the security threat to their businesses and IT resources. There is a rising trend in the Pakistan where the implementation of appropriate security measures and the testing of vulnerabilities have become imperative for many companies. However, the industry suffers severely from the lack of human resource equipped with the necessary expertise to implement these security measures. Pakistan at the moment has only a handful of experts who fully understand and have acquired the skills needed to be a security expert. This has created a large gap in the demand for the service and its supply. Therefore, there is a need to introduce trainings and courses at the higher education level that trains individuals who can tap the vast pool of demand available for this skill.
You were recently awarded the Asia-Pacific Information Security Leadership Achievement Award. How has this award impacted your career?
ZK: I was nominated for the award by my company secretary in UK in light of my contribution towards IT security. I felt a great sense of achievement when my work was acknowledged by such a large orgnisation that is working towards educating and certifying security professionals. Such awards reinforce your will to be better at what you do and to keep on striving for greater breakthroughs.
How competitive is the IT security industry in Pakistan and what sets Tranchulas apart from its competitors?
ZK: Tranchuals is currently the major player in Pakistan in Penetration Testing and Vulnerability Assessment. What sets us apart is our strong belief in continued research and a conducive environment that promotes and values innovation. Expertise in security is not the same as expertise in a programming language, because security is a dynamic field – constantly changing and diversifying. Your current knowledge of the field might be redundant a year later, therefore constant research and innovation is of utmost importance at the company. This is the only IT security company in Pakistan that has set up a research center at NUST School of Electrical Engineering and Computer Science – Pakistan’s largest Engineering university and among the top 300 universities in the world. Researchers at the center are constantly working towards keeping up to date about the rapidly evolving security threats and devising methods to protect our systems from them.
What external projects and collaborations have Tranchulas currently undertaken and what IT security services and trainings is it providing at present?
ZK: We provide a variety of training courses including the Hands-on Penetration Testing Training Course, Web Application Security Workshops, PCI-Data Security Standard Training, ISO/IEC 27001 – ISMS Implementation. These training courses are conducted in a live environment with online certified instructors to give the trainees hands-on training and experience. The trainings are tailored to suits the needs of an organisation or an individual. We also provide Certified Penetration Testing Professional (CPTP) certification through an online test in a live network where the examinee is required to test the network for vulnerabilities.
Other than that we established the Tranchulas – Center for Cyber Security at NUST School of Electrical Engineering and Computer Science. The Center is the umbrella under which Tranchulas will coordinate and perform its research and development activities. Tranchulas will provide funding and design the center to enhance the security and integrity of information systems, technologies, and content by facilitating research and education, enabling us to remain one step ahead of malicious hackers threatening cyber security. The center is an effort to pursue an aggressive research and development agenda.
