Society for Electronic Transactions and Security (SETS) is a niche organization working towards ensuring that all our data and systems are efficiently protected. SETS believes that security should be integrated right from the design stage of every product or solution. To delve more on cyber security, we are delighted to feature a Skill Talk with Dr. N. Sarat Chandra Babu, Executive Director, SETS, Chennai. Let’s read on to get a comprehensive view of the importance of cyber security and the need for trained professionals to take up emerging job roles.
The importance of cyber security
Today, Digital India is one of the popular initiative of government of India. Every activity such as banking, digital payments, travelling, medical, commerce, education, shopping, learning is becoming digital. Individuals, enterprises and the nation all are connected. The concept of smart city is fast becoming a reality. Technologies like, Artificial Intelligence, Big Data, Cloud, and IoT are also entering into our lives to make everything digital.
While we are enjoying the use of digital technology, especially use of Smart phones, Internet, Social Media, IOT, Cloud – the security of the systems is at risk, because of growing threat canvass and cyber-attacks. The growth of cyber crime in the form of security breaches, financial frauds, data leakages is affecting the individuals, enterprises and the Nation. This requires special attention from all of us since protection from such crime is a high priority. While it is inevitable for us to use the internet, smart phones, social media, we are always at the risk of phishing attacks, ransomware, malware, and web service attacks.
The threat is more intense at the national level where you will find much more higher level of attacks like cyber terrorism, attacks on critical infrastructure, defacing of web sites, fake news and so on. The attackers are always looking at the possibilities of sabotaging the systems that leads to financial loss, and invasion of privacy. This brings in the need to have a robust cyber security infrastructure at our disposal.
As per the latest NASSCOM Report, by 2020, we need 1 million cyber security professionals in India. Our requirement is huge but only a fraction of people are trained to handle the attacks. As suggested by IBM, if we can train more people in this area, then we can meet securing cyber systems in our country as well as providing the requisite manpower to meet the needs globally. So, skilling, re-skilling and up-skilling is required to meet our demands.
Training in cyber security knowledge and skills
There are certain government and private programs available which will help the students learn cyber security skills after their graduation or post graduation. Information security Education and awareness program of MeitY, Government of India is one of them under which Post graduate level programs in information security, 6-months diploma courses in securing systems and networks, research fellowships, certification courses in Ethical Hacking etc. are being provided. This program is implemented by C-DAC with large number of institutes including IITs, IISc participating. This program also addresses creation of awareness amongst the masses in safely using the Internet.
There are many training companies and institutes such as Networkers Home, Institution of Information Security, Simplilearn, Great Learning offering courses in cyber security. Their certification courses include Ethical Hacking, Information security, Information Systems Auditing, Information security manager, Network Security, cyber forensics and Web Application Security.
Though we have many online certification courses, the need for practical, hands on learning is essential to solve the real world problems. SETS Certificate Course on Advanced Cyber security (SCACS) is one such 4-week course designed with an equal emphasis on Theory and practical. There is also need for providing training on securing critical infrastructures like nuclear systems, power systems, transportation systems. SETS is proposing short term training in this area jointly with C-DAC.
There is an urgent need for us to look more closely at the national level cyber security requirements for both government and private sectors. Most of the enterprises have the technology to ensure the security, but they don’t have the professionals, who can handle the tools effectively and safeguard the systems. So, the lack of experts to handle cyber security is making the enterprises vulnerable to wide ranging attacks like malware attacks, website defacement, phishing, ransomware, insider attacks or even zero day attacks.
Examples on how the data would be affected
For instance, in e-governance, where government is using technology for all applications, data becomes crucial. In the Indian context, Aadhar is an important data and so the government is making sure that it is secure. If data is not secure, government, individuals and organizations – all will get affected. It may be health records or it could be data pertaining to education or any other sector. The big question is: how do we account for securing the data and data privacy losses. The security systems implemented need to retrieve the attackers’ information.
Employment potential and careers in cyber security
Cyber security has a huge potential for employment. There is a need for cyber security professionals in every domain. Besides, there is a push from the government to support and encourage startups in this area. In fact, cyber security task force under NASSCOM is encouraging a large number of startups in the area of cyber security to develop solutions, products and also to provide services including skills development.
We need a wide range of professionals in cyber security to meet the challenges. For example, Network Systems Administrator, Chief Information Security Officer, Network Security analyst, and other experts are required to avoid these attacks. For national security, there is a need of developing indigenous solutions/ products and this requires developers who understand operating systems like Windows, Linux, Android, iOS, and develop appropriate systems, right from end system security to web application security to IOT security.
Training has an important role to play in equipping cyber security professionals with right knowledge and skills. Cyber security is a complex domain where besides technology development in software/ hardware, it involves dealing with people and processes. In other words, people, process and technology have to work together to secure systems.
A wide range of tools are available to implement security at various levels such as link layer, network layer, application layer: We call it as Defence in Depth (DID). It is a standard practice to follow either white listing or black listing of applications to secure the systems. White listing the application means you are allowing the application to run as they are secure and you want them to run and black listing the application means you don’t want them to run. Hence, they will be blocked. So, there are lots of processes to be followed while securing a system.
Related article: Society for Electronic Transactions and Security (SETS) Certificate course on Advanced Cyber Security (SCACS) Read more: https://www.nationalskillsnetwork.in/society-for-electronic-transactions-and-security-sets-certificate-course-on-advanced-cyber-security-scacs/
Technical knowledge and skills a person needs to build a career in cyber security
The person should be strong in at least one of the programming languages and one of the scripting languages. They have to be good at handling the operating systems. Knowledge of using tools like Wireshark, which is a popular packet sniffer; penetration testing framework like Metasploit; Netcat tool for debugging is necessary. It would be an added advantage if they also have an understanding of Big Data analytics tools.
In short, knowledge of OS platform, Computer networks, one programming language, and one scripting language will be good enough to start a career in cyber security. A career in cyber security is an interesting career and it will pay you well. It’s a very rewarding and challenging field. It is time for everyone of us to promote the area and emphasise on the importance of learning new skills, as Peter Drucker very aptly said, “the only skill that will be important in the 21st century is the skill of learning new skills. Everything else will become obsolete over time.”