The NASSCOM – DSCI conference concluded on 15th December, put forward an ambitious target for themselves to achieve close to 1 Million cyber security professionals in India and close to Cyber Security product based startups in next 8 years.
If we assume that the current number of cyber security professionals in our country is 1 Lakh, (a modest yet believable number) then by simple mathematics, we need to add almost 1.2 Lakh cyber security professionals per year to the workforce. Speaking about the security product companies, adding 125 security startups every year is nothing short of an impossible task.
To achieve this feat, DSCI constituted the Cyber Security Task Force (CTF). Ironically, they have partnered with the one of the most expensive cyber security course in the world to offer cyber security training to a nation where the per capita income is roughly a quarter of its prices. When you talk about cyber security professionals, it includes everyone: from a fresher with an M.Tech IT security degree to seasoned professionals with over 20 years of experience. The estimates do not differentiate between various competency levels of IT professionals. From a professional standpoint, this is a blunder. We need entry level IT security professionals as much as risk assessment officers and CISOs. There is a need to divide the multitude of 1 million into various categories and target skill development programs accordingly, to meet the existing workforce shortage. You cannot start training newbies into IT security and expect them to act as the CISO or Risk Assessment Officer of an E-Commerce giant.
Considering the negligence of cyber security in India, DSCI is not the only one to blame. Various technical institutes have been running legacy courses on cyber security from a long time. Despite this, there is a critical lack of cyber security awareness in the country and even amongst the technocrats of the country. They merely see cyber security as yet another discipline of Computer Science, yet another course in their academic curriculum. We are yet to talk about cyber awareness of the 462 Million (35%) people of our country who use internet and internet based services. Kratikal has worked tirelessly to spread awareness about cyber security and trained close to 10,000 people, not just the technocrats, but also other stakeholders like bureaucrats, government organisations, law enforcement agencies and academicians.
Coming back to where we started the discussion, the requirement of cyber security professionals cannot be met unless the industry and academic stakeholders play active part in it. There is also a need for creating a customised version of cyber security training module catering to Indian scenario. As has been our experience during the Kargil War, indigenous solutions are our best hope. At Kratikal, are working to achieve the same. We are dedicated to creating a skilled and efficient workforce in IT security. We also offer services like Web App Testing, Mobile App testing and Infrastructure testing for various vendors to test the security of their services. The rate of cybercrime has risen more 300% in the past 5 years, CERT-In itself registered about 50,000 cybercrime incidents in the past year. Cybercrime is a problem which will increase manifold unless we decide to act upon it. Currently, there is a need for increased participation of stakeholders in developing standards, norms, and regulations that are our own and thereby ensure a free and fair market to domestic players. We have an urgent need to shield ourselves against espionage from foreign countries and companies. If the recent news about backdoor in WhatsApp encryption is any indication, we can no longer depend on foreign players to protect our data. It is simply not possible to trust foreign vendors with our confidentiality and privacy.
Lastly, we should also praise our professionals at C-DAC for developing BOSS, a Linux based OS customised to Indian environment. The fact that India is the biggest contributor to the bug bounty program of Bugcrowd shows the potential India has. We have dominated the IT market and we can dominate the Cyber Security Domain. We just need to provide more focus on the same. Even the government has launched projects in the form of CERT-In and ISEA to promote skill development in this sector. Together, we can scale the mountain and achieve the target.