There are lakhs of cybersecurity jobs waiting. And they need more than just experts

By Explorer -
Articles about cybersecurity often bring bad news (this column is no exception). If it’s not a website being defaced, it’s a company leaking personal information. If it’s not a rant about the archaic policies of the government, it is about the Supreme Court’s lack of concern for our privacy.
However, let’s look at the brighter side of things — all these cybersecurity threats have created a demand for a huge number of professionals to prevent and manage cyberattacks, thereby generating a large number of jobs. And these are interesting, well-paying jobs requiring different skill sets. From engineers to lawyers, project managers to auditors, everyone has a role to play in growing this industry.
We need to embark on a massive mission to sharpen our cybersecurity skills. Not only will this help us meet local demand, it will also enable us to provide services and supply professionals to help bridge the global skill gap   
But where are the cybersecurity professionals? Like the rest of the world, India is staring at a severe shortage of such professionals. According to a 2013 estimate by the Ministry of Information Technology, India was to need five lakh professionals by 2015 (there are no newer estimates available). But Nasscom president R Chandrasekhar had said in 2015, “The estimate is that we have just about 50,000; we will need at least one million skilled people by 2020.” We can only guess what that number stands at now, given that the digital space is growing rapidly.
We need to embark on a massive mission to sharpen our cybersecurity skills. Not only will this help us meet local demand, it will also enable us to provide services and supply professionals to help bridge the global skill gap. It is estimated that the world will need six million cybersecurity professionals by 2019.
When we think of cybersecurity professionals, we tend to think of specialists — experts with years of on-job experience, or hackers in hoodies in a dark room (blame the movies) furiously typing on odd-looking keyboards, or men in suits belting out policy documents. While these are all valid descriptions, they only represent a subset of professionals who require cybersecurity skills to do their jobs.
We can break down professionals who require cybersecurity skills into three distinct “profiles”. While some of them need to be experts, just basic working knowledge may suffice for others   
In reality, we can break down professionals who require cybersecurity skills into three distinct “profiles”. While some of them need to be experts, just basic working knowledge may suffice for others.

Cybersecurity experts

These are professionals who work full-time in the core areas of cybersecurity — forensics, incident response, software security etc. The Data Security Council of India has done a good job of listing the kind of opportunities available for such experts.
Universities and research institutes are best suited to provide this kind of skill development. Based on the recommendation of the HRD ministry in 2013, many universities (public and private) now offer graduate-level programs in specific areas of cybersecurity. However, as any recruiter who has tried to hire such experts will tell you, the quality of training at these institutes needs to be improved. There is also an urgent need to increase capacity.
Finding resources to build a curriculum and train experts is a challenge as the instructors need to have hands-on experience. It also requires investments in infrastructure such as labs, industry standard tools etc.
Given the massive shortage of such experts in India, we would do well to leverage industry experts and global resources for training 
Given the massive shortage of such experts in India, we would do well to leverage industry experts and global resources. For instance, ransomwares are causing havoc in many parts of India, but we have few or no academicians working on them. In order to skill students in this area, we could build partnerships with universities that conduct indepth research in this area. In addition, many companies work with clients to deal with ransomware attacks. Our universities could leverage their expertise as well.

Generalists, with a deep understanding of cybersecurity

The nature of cybersecurity is such that there is bound to be interface with other domains. Network security requires an interface with IT experts, Critical infrastructure security requires skills in the relevant industry (say power) and so on.
Hence, curricula designed to train generalists must include generic concepts of cybersecurity as well as specific industry knowledge. A crucial subset of generalists also functions as organisational leaders. CXOs in corporations, editors in newsrooms, bureaucrats in government departments, all need relevant cybersecurity training.
Curricula designed to train generalists must include generic concepts of cybersecurity as well as specific industry knowledge   
Training generalists doesn’t have to be as intense as training experts. However, the training entity has to be well-versed in not just cybersecurity, but also the workings of the relevant industry. For example, a retail/e-commerce professional learning about cybersecurity has to understand the basic concepts of information security, and also have an understanding how account takeover attacks threaten e-commerce companies.
Keeping that in mind, industry bodies such as CII, NASSCOM, IBA etc are best suited to lead the effort. They could deliver the training using their own infrastructure or piggyback on the infrastructure built by other entities such as universities, edtech startups, security consulting firms etc.

Cyber-aware professionals

India should strive to reach a stage where every skilled professional in every domain has a basic level of cybersecurity awareness. Such awareness includes topics such as maintaining password hygiene, understanding data sensitivity, etc.
The aim would be to help them become professionals who can protect themselves and their organisations using best practices on a day-to-day basis. While the curricula for this audience needs to be developed by experts, good trainers with a working knowledge of cybersecurity can deliver such trainings. The delivery can also be carried out through e-learning portals such as Byjus, EkStep etc.

Who’s responsible for this skilling?

Skill development in India is largely a government-led operation. In cybersecurity training as well, the central government is taking a lead. The Information Security Education and Awareness (ISEA) project under the Department of Electronics and Information Technology takes on the crucial role of capacity building. The ISEA website lists dozens of courses aimed at creating “experts”, but not enough emphasis is given to other cybersecurity areas. Private universities such as Amity and Amrita also have similar courses.
Cybersecurity throws up new challenges every minute and to keep up with them, curricula need to be refreshed often. This is where nimble edtech startups can make a mark. It’s all in a day’s work for them to churn out new courses and update existing ones at speed.
Cybersecurity throws up new challenges every minute and to keep up with them, curricula need to be refreshed often. This is where nimble edtech startups can make a mark   
In the US, edtech companies such as Coursera and Khan Academy offer multiple courses related to cybersecurity. In fact, Cryptography 101 is listed in the top 20 most popular courses on Coursera. A great example of creating content for cyber-aware professionals is the series of modules on cybersecurity by The Khan Academy. They are fun, engaging and relevant. Indian edtech startups can take a leaf out of their book.
We’re not the only ones lagging behind in skilling for cybersecurity. Most countries, including the US and Australia are struggling. If we can pull up our socks and use India’s demographic dividend to our advantage, we can help bridge the world’s cybersecurity skill gap.


Source: http://factordaily.com/opinions/cybersecurity-skills-upgrade-jobs/

Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD

By Explorer -
Image
In fact, no ideology has been as genocidal as Islam… Islam has killed more than 5 times the number of people killed by communism. In the total numbers we have updated over 80 million Christians killed by Muslims in 500 years in the Balkan states, Hungary, Ukraine, Russia. Then we have India. The official estimate number of Muslim slaughters of Hindus is 80 million. However, Muslim historian Firistha (b. 1570) wrote (in either Tarikh-i Firishta or  the Gulshan-i Ibrahim) that Muslims slaughtered over 400 million Hindus up to the peak of Islamic rule of India, bringing the Hindu population down from 600 mil to 200 million at the time. With these new additions the Muslim genocide of non-Muslims since the birth of Mohammed would be  over 669 million murders. Islam: The Religion of Genocide Perspective:   Think the Spanish inquisition was bad? More people are killed by Islamists each year than in all 350 years of the Spanish Inquisition* combined. The Spanish inquisition ( Tribunal del Sant
Read more