Over the last few months, Hamed Al-Khabaz has become famous for that rare breed of initiative that can land you dozens of job offers before you even graduate.
Although in his case, it could also mean losing out on the opportunity to graduate.
Last fall, Hamed, a 20-year-old computer science student at Dawson College in Montreal, discovered a security flaw in the computer system at his school. Since then it’s been a wild ride.
“Not everyone should hack a system to get noticed. I broke the rules, but I knew what I did was ethical.” —Hamed Al-Khabaz, former computer science student, Dawson College
He’s been expelled, twice had his appeals turned down, and received scores of job offers from IT employers anxious to hire a student who single-handedly outwitted a software company.
The job offers span everything from web development and mobile apps to (of course) IT security. Laying aside the issue of being kicked out of school, it’s a computer science student’s dream come true—or any student’s for that matter.
“Right now, I can safely say I’ve had about 30 offers,” says Hamed, who comes across as both modest and gracious. “Most of them are in security, but a few simply say that we want to use your potential and we’ll train you in what we do.”
Some of the offers are from companies in Montreal. Others are from the United States and overseas. What they all seem to share is disagreement with the decision of Dawson College to expel Hamed after he figured out that the portal system used to host students’ personal and academic info was insecure, alerted IT to this fact, then double checked to see if the problem had been fixed.
At the time, Hamed was working on an app with his classmates that would give students easier access to their records via the school’s portal. That’s when he realized that the portal—an Omnivox software program—was wide open to intrusion. He contacted IT right away, who thanked him and told him that they would fix the problem with help from the makers of Omnivox, Skytech.
“Two days later I ran a vulnerability scan to see if the information was protected,” says Hamed. “I received a message from IT saying their data was under attack from me. I was told I needed permission to test their server.”
Despite many attempts to explain his good intentions, Hamed was told he could serve up to a year in jail for what he had done. Thankfully, it didn’t come to that, after he agreed to sign a non-disclosure agreement with Skytech. But his college was less forgiving. After his cyber “attack” was reported, Hamed was expelled and given zeros in all his classes.
Now, the tables have turned, somewhat. Since the media got wind of Hamed’s plight—thanks in part to a campaign run by the Dawson Student Union to have him reinstated—the job offers have started pouring in. So, while his academic career is seriously marred, maybe permanently, he won’t actually need to finish his program to get his first job.
One of the most interesting offers is from Skytech, the company whose software Hamed ‘cracked’. It also comes with a scholarship to a private CEGEP of Hamed’s choice, where he can finish his studies while working at the same time.
When asked how he’ll choose between so many offers, Hamed says that the chance to continue his education may be the deciding factor:
“My parents want me to go back to school; that’s the number one issue. If they [Skytech] can get me back into school this semester, so I can continue where I left off, that would be ideal.”
For someone who’s been given the short end of the stick from his school, and embraced with open arms by his industry, Hamed still speaks highly of formal education. While at Dawson he was happy devoting all his time to school, enjoying the challenge of “trying to absorb as much info as possible.”
At the same time, the experience has given him insight into the difference between learning at school and learning on your own—through trial, error and just plain old messing around.
“What they teach you in school is sometimes an outdated version of what’s going on out there,” he says. “You may never use it, but it’s still useful, especially if you can add on it. You always have to mix training with self-teaching.”
His advice for other students and job seekers? Be bold, even competitive. But don’t follow his example if you don’t have to.
“Not everyone should hack a system to get noticed,” he says, then laughs. “I broke the rules, but I knew what I did was ethical.”
Eventually Hamed hopes to run a startup with his friends. Right now he’s happy to keep learning and finding new ways to become excited about what he does: “Once you grab your field and become passionate about it—that’s the best. Also, keeping up with new trends and staying competitive—aim for that.”
Do you think Hamed should have been expelled? Do you see “hacking” as a way to gain experience? Share your thoughts in the comments section below!
Photo courtesy Martin Reisch