At a time when teenagers are more likely to be noted for cracking networks than defending them, a computer prodigy in South Bombay, India shattered some stereotypes this month when he became the youngest person ever to be credentialed as a "Certified Information Systems Security Professional", or "CISSP," after acing the lengthy certification exam and clearing a special investigation triggered by his young age.
Namit Merchant was sixteen when he sat for the six-hour, 250-question CISSP test in Mumbai in November -- he turned seventeen later that month. While there"s no official minimum age for obtaining the certification -- which is widely recognized in the industry -- aspirants are required to have at least three years of full-time professional computer security experience under their belt when they take the test.
Perhaps understandably, the CISSP test proctor became skeptical of Merchant"s qualifications when the teenager checked in for the exam using his high school I.D. card. "He saw my birth date on there, and he asked me how old I was," says Merchant. "I told him I was sixteen, and that was why I didn"t have a driver"s license."
The proctor needn"t have worried. The son of a software engineer, Mechant grew up with computers in the home, and took to them naturally. According to his resume, he landed his first IT job when he was 13, architecting security controls into payroll and accounting software for Bombay-based Compuware, then later went on to perform security work at several more Indian technology companies. Today he works for consulting firm Network Intelligence India, while finishing up his senior year in high school.
"Security is the most challenging part of computers," says Merchant. "That"s why I got into it."