Director’s vlog series: Modern-day Robin Hoods

24 January 2019
atpco harman kapoor headshot

Insights on hacking and how to innovate securely in the aviation industry from ATPCO’s cybersecurity expert, Harman Kapoor

Welcome to the first in our director's vlog series, where we interview some of the top people at ATPCO for insights on industry topics we’re all thinking about.

This interview with Harman Kapoor, the Director of Information Security, explores unique challenges for cybersecurity in the travel and aviation industry. He talks about how to balance innovation with safety and what we might learn from modern-day Robin Hoods.



Welcome! I am Julie Yi with ATPCO. Today we'll be kicking off a director's vlog series with an interview with Harman Kapoor, the Director of Information Security, and we are excited to have him here today to provide valuable industry insight. 

So tell us about your background and experience and why you decided to join ATPCO. 

Thank you, Julie. So I was born in India and I did my computer science engineering degree at the Indian Institute of Technology Delhi and I also later studied at MIT for cyber security. And since the last 20 years, I've been in the infrastructure field, and when I started my career those were interesting times. '98, '99, the dot com era, and also the open source revolution was happening. And I knew right then that I was going to be in this field. And throughout these 20 years I've worked for multiple sectors, financial services, health care, and of course technology firms. I was involved with when they were entering the Indian market. 

What are some of the current focus areas of security researchers and professionals?  

So, as you know, security and privacy is in the news every day and I would say these days some of the research areas are artificial intelligence since people are having multiple kinds of devices--mobile devices, tablets, even their sometimes home appliances are connected to the Internet. So researchers are focused on those complicated threat models and the I would say the third focus area is monitoring and prevention of security breaches. And it's in, it's the virtual arms race. The same tools that the researchers used are also available to the hackers, and it's, like, constantly the technology and the tools are getting, they're evolving. 

Are there any unique challenges facing the travel and aviation industry, in your opinion? 

In terms of information security, I think there are certain unique challenges. So the travel industry is built for convenience, and, but it also has to be very reliable. So those two things, when they interplay, we want ease-of-use for the end customer--we don't want them to go through hoops just to book a ticket, but we also want to protect them and their data. So that is one challenge. 

The second challenge is that it's just like a utility company, nothing can go wrong. People expect a very high degree of reliability from this industry and any failure or any hitch is all over the news and usually affects people when they are outside their home. So we have to be much more on our guard against any disruption. We have to be ready for any kind of disaster so there are multiple layers of redundancy and security built into our systems. So those I would say are some unique things about this industry. 

How do hackers benefit from information breaches? 

I mean, obviously there are many kinds of hackers. Organized hacking usually has the backing of either a government or a big entity like a business conglomerate and they might be interested in intellectual property, sabotaging their competitor, or just a political reason, like they want to destabilize or affect another government. 

But there are also these unorganized hackers and they do the bad work for many reasons of their own. They can either sell the data to the highest bidder—Social Security numbers sell for around three dollars a pop--they can sell the credit card information to people who then misuse it, and there are also hackers who target websites and organizations which they think have questionable practices. Just, they consider themselves as modern-day Robin Hoods. And so if they know that a company doesn't treat its employees well, just for bragging rights and for saying they took revenge on the company, they will hack that company.  

And then there are other hackers who just do it for fun. They like to find loopholes in a system. And just, you know, sitting in their basement they would like to be able to, you know, have this medal that I hacked this website. 

How can ATPCO continue to innovate while making sure that all of our data and systems are secure? 

As you know, these days it's whoever gets to the market first with the product. So many companies sometimes don't do enough to make their product secure before putting it out for users to use. And we are in an industry which has higher standards. 

I think what we would like to do is maybe have a limited beta test of something which is still getting more secure and strengthened through our application testing program, through the various security safeguards that we have. So that means we shouldn't slow down innovation, but before we put something in production, we have to be very careful that the whole slew of tests has been performed, our penetration testing has been done and that we are confident that the data that will be in the system, we can feel confident that we can take custody of it, we can secure it, and it will not get into the wrong hands. 

Well, thank you so much for joining us today. We definitely learned a lot of valuable information, and don't forget to join us next time for the next episode in our director's vlog series. 

Thank you, Julie, it was a pleasure.   



By Harman Kapoor

Harman Kapoor heads Information Security at ATPCO. With more than 20 years of experience in the management of IT, he has earlier led infrastructure and security at Amazon, GlobalLogic Inc., the D E Shaw Group and hCentive Inc. His special interests include cryptography, number theory and geopolitics. He graduated from the Indian Institute of Technology Delhi.