Yes, the topic at hand reads the sorry state of affairs of just one nation in the cybersecurity space, but there is a bigger picture to look at. A shortage of nearly 1.5 million cybersecurity professionals in India is a big reason to worry. But the realisation of this problem makes sense only at some levels. If we dig deeper into some of the surveys conducted globally, we have a sense of outreach to the problem at hand.
According to a survey conducted by Indeed, Israel has the highest skill deficit of cybersecurity professionals. The next few names in this list can allow India to take a sigh of relief, as these are first-world countries: Ireland, the UK, and the US.
So, if it is a global problem, why are we knit-picking singularly in India?
Well, here’s the reason for that; India is the home to some of the biggest IT companies that have quite some global reckoning. Now, most recently, some of these IT giants like Wipro, TCS, and Capgemini suffered cyber attacks. There is no question whatsoever that such cyber attacks deter the global credibility of this company.
India and the US have been fierce competitors to top the list of countries with the most cyber attacks. According to a report, the US and India occupy the top two spots on the list. Countries like the UK, Spain, Nigeria are also on the list.
On evaluating both the above factors, it only makes sense that India takes a giant stride in supplying skilled cybersecurity professionals. It is quite intriguing to note that a country that supplies IT professionals, both for home and abroad, has a shortage of cybersecurity professionals. Where does the problem lie? And who is at fault here?
Let us see some of the problems which stifle the growth of cybersecurity professionals.
A government-led model of imparting skills
India is a country where providing skills at a reasonable cost lies on the shoulder of the Government. In a country with a majority of middle-class families with meagre incomes, it naturally becomes tough to invest anywhere around Rs. 3-11 lakh for cybersecurity training.
The governments’ role in bridging the demand-supply gaps is equivocally undeniable. There is a silver lining amidst royal chaos in the form of the 8000 crores set aside for developing the scope of Quantum technologies and application. If put into practice the non-Indian way, this initiative can be a game-changer in the field of cybersecurity.
Corporate Insecurity and hesitancy to invest
If there is a problem of execution on the government’s part, corporates have their issues too. The ethic of which is up for discussion, but some other day. Right now, let us see what the problem is.
Consider a scenario where a company X has provided the cybersecurity training program, and you have signed a two-year contract. Naturally, you will stay on for two years, but what after that. Say, if your foreign company is paying dollars to a rupee. Naturally, you will prefer the Dollar or Pound.
This cycle irks corporate employers, so many do not provide the advanced training required for cyber forensics. On some levels, their argument can be deemed as valid as they are putting in time and resources to train a candidate, hoping they would stay on and not abandon them mid-way.
Lack of awareness of cyber-security as a potential career option
Suppose you are a student in India who wishes to be a cybersecurity professional. Either of the two factors might have influenced you to consider this profession.
First, you might have seen your friends or relatives earning Pounds or Dollars, so the idea might draw you to this course too. Secondly, you must have been inspired by a movie.
There is no real awareness of the cybersecurity training program from authentic sources. The students are unaware of the salary that cybersecurity professionals get in India. This is also a part of the reason why aspiring students move abroad for cyber training for a better ROI, even in a situation where the Indian companies are willing to pay 2-to-10X of the standard salary.
If India needs to meet the demand for cyber professionals, the changes need to come from the grassroots level.
Cycle of outsourcing
The cycle of outsourcing cybersecurity professionals from other countries is a double-edged sword. However, it can be one way to meet the demand for cybersecurity professionals. It can also consume a large portion of the companies budget, which otherwise could have been spent on training employees. It would help if you viewed this factor from a macro level.
There is one other form of outsourcing, which, in a way, allows the organization to shrug off its responsibility of providing training facilities. Lately, companies have been collaborating with foreign clients in acquiring cybersecurity talents on a project basis.
Again this can only be one of the ways to handle short-term resource deficit. Hence, no effort is made to build the Indian repository of cybersecurity professionals to fill the one million or so vacant jobs.
Lack of educational space of cybersecurity
The educational ecosystem is yet to create a considerable space for the cybersecurity section. The problem here is two-fold, at one level, there aren’t enough training facilities to accommodate the number of students who are slowly showing interest in such a course.
Secondly, cybersecurity is a dynamic field of study. It needs learning and relearning. So, the curriculum needs to be regularly updated, which is not just happening. As a result, students who are passing out and getting into the real world fail to deliver.
Some of the private universities like AMITY have started providing cybersecurity courses. But the real change can come from the edtech startups and universities in combination with the likes of industry bodies like CII and NASSCOM.
Lack of Edtech Startup focus on providing programs for cybersecurity
As mentioned before, edtech startups can change the landscape of cyber-security training. Two of the prominent names in edtech startups in the US, Coursera and Khan Academy, have played a key role in US 7% growth in skilled cybersecurity professionals.
In India, Byjus and a handful of other tech startups are focusing on proving the cybersecurity training program. The numbers have to increase; otherwise, we will be reeling in improvements, while other countries like the UK and the US will make improvements.
The government allocation of 99,300 crores on the education, of which 3000 crores would go into skill development, is a promising sign of change that we can see soon. Also, the ISEA (Information Security education and Awareness) website, which is run by the Department of Electronics and Information Technology, has listed some training courses on their website. But that hardly meets the scale of solution which is needed right now. The call now is for big moves and bold changes.
If you want to get started on your upskilling journey you can join our Stanford Advanced Computer Security Program. Check it out to understand more about the domain.0