Hands-On CyberSec Skills NeededNIELIT MD Dr. Ashwini Sharma On Bridging the Infosec Skill Gap
There are various estimates in the industry today as to the number of cybersecurity professionals required by India. This ranges anywhere from 500,000 to 1.2 million, depending on the source. But the core fact is that skilled people are needed in security today. And badly.
But more, the need is for relevant, professional, hands-on skills, says Dr. Ashwini Sharma, managing director of the National Institute of Electronics and Information Technology, the HRD arm of the Department of Electronics and Information Technology.
"The country as a whole produces 40k or fewer professionals each year in this field, while the demand is somewhere in the region of 500k per year," he says.
Everybody needs to pitch in to bridge these gaps, because this area is set to boom, believes Sharma. And it is not enough to just certify people. There is a need to ensure that the skills are practical and hands-on. And there is a need for constant training to keep this up-to-date. (Also See: NIELIT, Maharashtra Police Team up to Build Staff)
In this exclusive interview with ISMG, Dr. Sharma speaks about the plans at NIELIT to address the security gap and the efforts and intention at large in the Indian establishment. He speaks about:
- NIELITS plans for cybersecurity training;
- Approach to syllabi and expertise;
- Traction for professional courses in India.
Sharma is the Chief Executive Officer and Managing Director, National Institute of Electronics and Information Technology (NIELIT), New Delhi, a DEITY organization. He has over 29 years of experience in government and industry. He has worked with organizations such as ISRO, Bhabha Atomic Research Center, and Toshiba corporation. He has an M. Tech. in Computer Science from BIT Ranchi and a Ph.D from Rajasthan University
Edited excerpts follow:
On Awareness Training, Course Planning
VARUN HARAN: What are the current activities happening at NIELIT to address the cybersecurity demand gap?
DR. ASHWINI SHARMA: The government of India has a vision of transforming itself through digitization and automation using technology. Technology expertise therefore becomes a must. This is one of the reasons we are saying time and again that in the future, there will not be physicals wars, but rather cyber wars.
Looking at these things, we have designed some courses which have been running for the last three years. Our officers have gone to the United States for training with the US CERT, and we also have a directive from the government to look into the gap between supply and demand.
If you look at the country as a whole, we are able to produce 40,000 or less cybersecurity professionals, whereas the demand is in the region of 500k per year. Everybody needs to pitch in to bridge these gaps, because this area is set to boom like anything. If you see, the maximum threats today in this domain are in the developed countries where sectors like government, finance, defense and industry are being targeted. But slowly this has also started happening in developing countries like India.(Also See: Wanted: 800,000 Security Pros)
When it comes to the individual awareness, it is the financial sector which most affects the common man. That's the reason we have decided to run different types of courses - one for technocrats, one for the technology users, and the third for the common citizen. We are trying to work on the course curricula for these. We are already running a few where we have capsule courses for awareness, ranging from three days to a month, for different categories of professionals including police, defense and government. For the long term, we are planning to start a one-year diploma on cybercrime and cybersecurity. This will be a part of the digital literacy initiative. (Also See: Skills Building: Mainstream Awareness Needed)
HARAN: Are there any professional courses/certifications that are being planned? What about at NIELIT?
SHARMA: We certainly are looking at instituting courses dealing with cybercrimes, malware and other threats, with the aim of imparting hands-on training. We are trying to create a virtual training labs where we can train people online by simulating a real attack environment. This activity is happening at a single center right now, which we plan to replicate to all 32 centers throughout the country.
As far as the demand gap is concerned, definitely a number of institutions are coming forward, including the IITs and other technical institutes - in my experience, many institutions are aware that there is a demand in these areas, and they are planning a course.
On Staying Current
HARAN: What is the process for planning the course syllabus at NIELIT? Do you rely on in-house expertise or get external help? In many countries, existing professional courses are being accredited. What are your thoughts on similar moves here?
SHARMA: There are two mechanisms: one is using our own experts who have worked, or are working in this field, to understand what the landscape is at the moment. These are some of the low-end courses. For the high-end courses, we are trying to take the help of CERT-In. We are also attempting to tie up with a number of institutions abroad - to take the course curricula from them, and try to roll it out further into the country.
It is a known fact that somewhere we will need to go for the accreditation of the courses, because whatever training one looks at, this needs to be linked to employment or entrepreneurship. We definitely need to go for assessment by a third-party agency. But for now we are concentrating on instituting courses in cybersecurity in-line with industry requirements. (Also See: New Strategy Needed to Address Skills Gap)
HARAN: In a field like cybersecurity, the changes are so fast that there is a constant need to retrain and reskill. So what is the mechanism for keeping the course material up-to-date and retraining, reskilling? What is the traction that NIELIT courses are getting in the market?
SHARMA: The problem today is that courses which run under formal colleges that are under the control of universities and/or AICTE. Modification and upgradation of courses is a tough job. But NIELIT runs formal and non-formal course both. We are open to update curricula as per industry demand and requirement without the need for approvals.
This is the reason that NIELIT courses like 'O' Level & 'A' Level have become popular in the market, because we try to keep them current to the professional's needs. But we have reached a stage today that even the IITs are looking at running full time BTech programs in cybersecurity, because specialization is a necessity today.
The primary challenge for the market is the non-availability of skilled, hands-on manpower. I believe that with cybersecurity, a strong emphasis needs to be practical drills and training, and this is what we plan to do.
We are trying to match the course curricula and keep it updated and in-line with the industry's requirements, which is a constant process. Second is that being a government agency, our certification is based purely on merit. These are two parameters that the market values: transparent, demonstrable skills; and updated knowledge
These courses are presently being pursued by two categories of people: those who are working in an occupation where there could be a possibility of cybercrime. The other are students who take these courses to supplement their existing skillsets because this increases their employability, given the current level of demand in this domain.