How India Can generate more than1 million jobs by tweaking cyber security curriculum
The global market bore the brunt of several cyber breaches in 2019. A number of them particularly targeted India as it witnesses rapid digital adoption across the length and breadth of the country. Last year’s attacks included malware attacks (ATMDtrack) on Indian banking institutions and ATMs, iXigo and JustDial’s data leaks, and cybersecurity breaches of fintech startups Chqbook and Credit Fair alongside others.According to a report by ISC2, globally there is a shortfall of 4 million skilled cybersecurity professionals and 65% of the organizationsare grappling with a shortage of cybersecurity professionals. We can understand the gravity of the situation from this basic insight.
Well, every challenge is also an opportunity in itself. The global shortage of cybersecurity professionals has unlocked avenues for Indian IT students to experience a remarkable career trajectory. However, this can only happen if they are equipped with the right skills and proper training. The academic curriculum – especially vis-à-vis cybersecurity – needs to change to make students more market-fit.
Real-world threats, theoretical knowledge: Why going beyond books is need of the hour?
Currently, the global IT infrastructure rapidly burgeoning as new technologies and tech tools surface in the market. A majority of such budding technologies, including IoT (which is used in smart appliances), and the network design created by them increase the attack surface of a business enterprise.A business entity is typically exposed to wide-ranging threats. They could be IoT-driven endpoint attacks, a slow-moving APT,
a zero-day attack, and even a malicious insider.
A majority of these threats are understood with the bookish knowledge by a young professional and even mid-career security experts. For instance, less than 30% of security analysts have ever experienced a ransomware attack. So, during a security event, they are naturally ill-prepared to handle it.
The conventional practice of the industry for addressing the security issues is using cybersecurity frameworks, industry certifications, OEM product certifications, and ‘Baptism by Fire’, wherein a professional learns about the cyberattack by experiencing it in real-life. The sheer dynamism within the digital infrastructure makes it impossible to realize optimal results with these approaches. The complexity of security tools (which are usually over 60 on average) also makes it impossible to manage an event. The need of the hour is to train our budding professionals in realistic environmentswith the in-house tools and infrastructure of a typical organization, thus equipping them with the right skills as they join the workforce.
Here, we also need to understand that cyberattackers generally don’t go by a rulebook. They tend to change attack vectors and TTPs quite frequently, making a similar-looking attack radically different from the other. So, if comprehensive training is not offered, a professional will not be able to comprehend the true nature and depth of the attack. Such trainings have to be offered while incorporating up-to-date cybersecurity standards and frameworks.
Indian universities must take a course correction by incorporating avant-garde training methodologies such as Cyber Range simulations. It will also enable them to create an additional revenue stream by conducting advanced apprenticeship courses and advanced certifications. Numerous global universities including Regent University, Miami Dade College, Ariel University, and Metropolitan State University have already incorporated such techniques with military-grade training modules. If Indian varsities also adopt such approaches, they can bring about a remarkable difference in India’s cybersecurity landscape.
According to a market report, over 1 million cybersecurity professionals are needed in India at present. Realizing the growing need, the Hon’ble FM has even included a provision for a specialized cyber forensics university in this year’s budget. Perhaps, the inclusion of such novel techniques will impart experiential learning and prepare young professionals to deal with worst-case situations using the “muscle memory” they developwith regular practice.
Ultimately, this not just addresses the shortage of cybersecurity professionals.It also addresses the gap between what the current cybersecurity professionals learn at these universities and have to apply on the job.
A majority of these threats are understood with the bookish knowledge by a young professional and even mid-career security experts. For instance, less than 30% of security analysts have ever experienced a ransomware attack. So, during a security event, they are naturally ill-prepared to handle it.
The conventional practice of the industry for addressing the security issues is using cybersecurity frameworks, industry certifications, OEM product certifications, and ‘Baptism by Fire’, wherein a professional learns about the cyberattack by experiencing it in real-life. The sheer dynamism within the digital infrastructure makes it impossible to realize optimal results with these approaches. The complexity of security tools (which are usually over 60 on average) also makes it impossible to manage an event. The need of the hour is to train our budding professionals in realistic environmentswith the in-house tools and infrastructure of a typical organization, thus equipping them with the right skills as they join the workforce.
Here, we also need to understand that cyberattackers generally don’t go by a rulebook. They tend to change attack vectors and TTPs quite frequently, making a similar-looking attack radically different from the other. So, if comprehensive training is not offered, a professional will not be able to comprehend the true nature and depth of the attack. Such trainings have to be offered while incorporating up-to-date cybersecurity standards and frameworks.
Indian universities must take a course correction by incorporating avant-garde training methodologies such as Cyber Range simulations. It will also enable them to create an additional revenue stream by conducting advanced apprenticeship courses and advanced certifications. Numerous global universities including Regent University, Miami Dade College, Ariel University, and Metropolitan State University have already incorporated such techniques with military-grade training modules. If Indian varsities also adopt such approaches, they can bring about a remarkable difference in India’s cybersecurity landscape.
According to a market report, over 1 million cybersecurity professionals are needed in India at present. Realizing the growing need, the Hon’ble FM has even included a provision for a specialized cyber forensics university in this year’s budget. Perhaps, the inclusion of such novel techniques will impart experiential learning and prepare young professionals to deal with worst-case situations using the “muscle memory” they developwith regular practice.
Ultimately, this not just addresses the shortage of cybersecurity professionals.It also addresses the gap between what the current cybersecurity professionals learn at these universities and have to apply on the job.
