Hacker, Researcher and Author.

An Interview With The Founder Of elearnSecurity [Armando Romeo]

Armando Romeo is the founder of eLearnSecurity, responsible for day-to-day management as well as content creation and delivery of all company courses. Prior to founding eLearnSecurity, Armando served as administrator and head of security for the Hackers Center Research Group and IT Security Services Manager for the Italian Security Brigade. Armando's has extensive experience and expertise in the areas of network security, information security, secure coding and design, Web application security, penetration testing and security awareness. We are very glad that Armando took out some of his precious time and answer few common questions asked by newbies.

Mr Armando it is a great honour for me  to take your interview, Would you like to spend few minutes telling our readers on how you got started in the field of Ethical hacking and security? 

My pleasure to answer your questions. It all started with the interest and passion for technology in late 80's early 90's when PC's were not so spread and you only had some sporadic friends owning one.

From then I developed the virus of any hacker: curiosity.

I've seriously destroyed my first computer 4 times in the first month because of that. Breaking things is part of curiosity. If you don't break things you are not learning. When you have such a passion, security is the next step. You know the inner details of each component and you can use this knowledge for good or bad purposes. But there's no "hacking" without curiosity and there's no security without "hacking".

What advice would you like to give to the beginners who have just started in this field? 

Don't be afraid of frustration. Frustration is your fuel and is what keeps you awake the night figuring out things you don't understand. Be happy to be frustrated, because as long as you strive to understand things, you are on your right path to success.

According to you what is the most common mistake which beginners often make? 

Trying to do many things all at once. You cannot learn everything all at once. You have to follow a proper path which takes time and perseverance. Too often giving up is the result of frustration. 
One needs to be persistent with the path chosen and follow it until enough skills have been acquired in that area before moving on with new interesting study subjects.
Focus is key. Focus on one topic at a time, master it, then move on.

Why do you think that your courses stand out from the rest of the training and certification programs? 

Our courses stand out for two main reasons: the way student learn things, the way students put in practice learned things. The learning path I was talking about before, is the cornerstone of our courses and is proven by the success obtained by thousands of students worldwide. Our courses are not a collection of random articles on how to hack this or that. It's optimized to minimize frustration and maximize skills transferred.

Our virtual labs are the most advanced available today. This allows our students to practice their skills against real world networks before they do it in real life.
Finally our certification process is 100% practical. When you see an eCPPT professional it means that he can carry out a penetration test in depth and can provide you with an outstanding report. Simply as that.

Do you think are certifications really worth the knowledge/money? 

Multiple choices quizzes will never determine the possession of skills, at least in IT Security and especially into Penetration testing. Human Resources know this and just know that you are not proving any actual skills with those.
What is worth the money is skills you have acquired. Even better if you can prove these skills through a practical certification.

There is a opinion of some people that in order to become a good hacker you need to be a master programmer, do you agree with it?

I started programming since I was 12 and I kept learning new programming languages up to my last year of my Master in Computer Engineering. This has greatly helped me in any security matter.
I've yet to see a great Penetration tester who doesn't know a bit of programming.
But there are many Penetration testers who work and have a decent career even without that.
You should say thanks to Metasploit by the way. (Or actually not).

My advise is to learn programming. Nowadays Python or Ruby are really not that hard to deal with and can perform many tasks that a pentester needs to automate during his career.
If you are brave enough dive into C and ASM. They are pure fun once you understand them.

What according to you is more important essential to learn for a penetration tester first, programming or networking? 

There's no prescribed order for this. I personally learned programming first.
I'd say that writing a small socket program in Python with Wireshark running in the background and a good TCP/IP book on your desk might be fun and very educational!

What's the key difference between student penetration testing course and professional penetration testing course? 

The key difference is that the Student course covers basic knowledge such as networking and web applications which the Professional course doesn't.
The Student course is the perfect first step for a complete beginner.

The Professional course goes much much more in depth for every technique covered and also covers many more techniques compared to the Student course.
The Professional course is advised for someone who already has networking knowledge basics and has played at least a little bit with simple pentesting techniques and tools and wants to become a real Professional.

The Professional course prepares for a real job in the field.

What's the most important lesson you learned in your life? 

As an entrepreneur: you can't please anyone. As an Information security professional: don't trust anyone, let alone users' input.

Why do you think that most of the people quit learning in terms of becoming a hacker or penetration tester? 

Frustration is reason number one. 
With no guidance you end up giving up.
No real passion on the subject is number two. 
There's really nothing between you and becoming a pentester besides yourself.

With new tools being released on daily basis, Do you think penetration testing has became more difficult?

I would agree that it has become more difficult but not due to tools that generally make things easier.
It has become more difficult because as technology becomes more pervasive in our lives, so does security.
So you have to know how to pentest a network, a web application, a mobile phone a critical infrastructure and so on. Up to 4-5 years ago you only cared about the network.
Now critical infrastractures have a web app interface with an underlying network and maybe is even manageable from a mobile phone. A penetration tester should be able to keep up with these trends and should learn as much as possible, throughout his entire career.


  1. Hello. :)
    I also have an question to ask, i'm not hoping that Mr Armando is going to answer, but i would like to hear the opinion of the RHA readers.Most of us probably are knowing the answer already, but it's still an interesting subject to start a discussion on.I'll add my answer too, so it would be fair. :)

    1)Why is the population of "Teenager hackers" rapidly growing, why are all the forums full of script kiddies who're trying to hack Facebook accounts or websites they don't like?

    My answer : It's because of the media these days.Young people are hearing everyday that some site has been hacked, new malware has infected the goverment and that's only because of the media.Also "hacking" has become very popular all over the world and IT is the future.I think most of people has found a RAT from their computer and that makes them curious.Also i wouldn't call them "Teenager / kid hackers" or either "Script-kiddies".It's because i think it's not fair to say "Teenager" to a person who has hacked FBI, CIA or NASA, he has worked hard to earn the reputation to not be called as a "Kid".Also we can't say "script-kiddie" to a person who has just started his hacking journey.We've all been there once and they have to start from somewhere.People has become using too much computers and within few years "hacking" is a normal thing to learn and if someone is saying "Yeah, i'm going to take the CEH(Certified Ethnical Hacker) certification" then people aren't looking him like a ultimate geek.

    2)How are you seeing the future of the internet and World Wide Web in next 10 years?

    I think there's no future in the internet, even the prisoners has more freedom than we have it in the internet.Everything will be cencored and controlled/manipulated by the goverments.

    I'm staying at http://crackhackforum.com everyday if someone would like to come and chat.Also it's an amazing article. :)

  2. Great interview ...really good ....


© 2016 All Rights Reserved by RHA Info Sec. Top

Contact Form


Email *

Message *

Powered by Blogger.