q Is there a demand for skilled cybersecurity professionals in India?
The demand for trained cybersecurity professionals in India was more than five lakh as per the National Cyber Security Policy 2013 and it has increased over five times in the last 10 years. Last year, the central government introduced the Digital Data Protection Bill that aims to protect the privacy of individuals. The government has also brought about various regulations across sectors such as telecommunication and banking to prevent data breaches. Since digital safety is now an important issue, we need more people to protect all digital platforms.
Today, all sections of society and people across all age groups are using digital platforms for banking, shopping, socialising and so on. With the increase in digital presence, data breaches and cyber frauds have multiplied manifold. Every day, hundreds of cases of cyber frauds are lodged with the police. Ordinary citizens are swindled of crores of rupees. Nowadays, fraudsters are operating organised rackets to cheat people using novel methods.
Then there are international cybercriminal gangs that attack our nation’s critical infrastructure, such as power grids, and communications systems, and also the corporate sectors. To prevent the widening spectrum of digital crime, the country needs at least 10 lakh skilled professionals specifically trained to counter such attacks. Such professionals need to be alert 24/7. The worldwide demand for skilled cybersecurity experts is around 40 lakh.
q Do we have enough training institutes in the country?
The University Grants Commission has launched cybersecurity courses at the undergraduate and graduate levels. The Indian Institutes of Information Technology (IIITs) and the National Institute of Electronics and Information Technology (NIELITs) offer such courses. Private institutes too offer specialised courses. Gandhinagar’s Rashtriya Raksha University, a central university with five campuses, has a bevy of courses at the undergraduate, graduate and postgraduate levels tailor-
made for new generation learners. We need many more institutes to train individuals with adequate hands-on skills. Practice is more important than theory in this field.
q Will the rise of artificial intelligence, or AI, technologies reduce the demand for cybersecurity professionals?
AI technologies are certainly game changers that make tedious jobs easy. For instance, AI makes threat modelling — the process of identifying threats that may impact a particular system and suggesting corrective actions — easier. But if AI is not properly adopted at the workplace, it can become disruptive. An automated system can be fooled by intelligent cybercriminals. So, there will always be a demand for experienced and sincere individuals. Besides, too much dependence on AI can damage the basic intellect of workers who may misuse this new tool to accomplish a quick job.
q Are there job openings at the entry level? What are the skills required?
The industry needs thousands of workers at security operation centres (SOC) meant to detect, analyse and respond to incidents in real-time. Most corporate and government organisations are developing SOCs to prevent cyber attacks. Also, many companies outsource their security operations to independent SOCs that are just like BPOs (business process outsourcing units).
Now that servers, storage, databases, networking, software and analytics all stay in the cloud, there are many job openings in cloud security. Law and enforcement agencies also need personnel in digital forensics who focus on the investigation and recovery of material found on digital devices related to cybercrime.
There’s no single route into the industry — whether it’s a degree or certification. Graduates from any field can get into it if they understand basic logic. Before that, we screen and evaluate their problem-solving skills. For instance, we make job aspirants go through “Capture the Flag” competitions in which they are challenged to find and exploit vulnerabilities in a system.
qAre bug bounty programmes — that reward people for reporting bugs and vulnerabilities in software — good avenues to pick up hands-on skills?
Some organisations offer bug bounties to encourage people to report bugs, especially those that could be security exploits. For example, the Responsibility Vulnerability Disclosure Programme (RVDP) run by the Government of India encourages researchers and developers to report vulnerability in critical infrastructure.
But all bug bounty programmes may not satisfy regulatory compliance or legal requirements. Malicious forces can exploit vulnerabilities of organisations, misusing skills of a talented youngster. Unless there is proper guidance, students or jobless youth can get waylaid and lured by international cybercrime gangs.
