For the cybersecurity industry, the year 2018 was anything but good as a series of large-scale cybersecurity incidents took place across the globe. These incidents include the infamous Facebook security breach that affected more than 50 million users, Quora breach that affected more than 100 million users, and the massive Marriott International breach that compromised sensitive information of up to 500 million Marriott hotel guests.

Today, the size and scale of global cyber attacks have increased as we have stepped into a novel age of cybercrime with a blend of cyber espionage and cyber warfare. Cybercriminals are targeting our dynamic IT infrastructure with more evasive and advanced technologies as well as unique TTPs (Tactics, Techniques, and Procedures) and attack vectors. This is making the demand for avant-garde cybersecurity procedures and forward-thinking cybersecurity professionals overbearing within the industry. Estimates suggest that our global economy will lose $6 trillion annually by 2021 as it will face an acute shortage of 3.5 million skilled cybersecurity professionals. To give you a picture, this economic loss is more than the total GDP target that India – the world’s fifth largest economy – has set for itself in the coming 5 years. This explains the gravity of the situation that we are facing at present.

However, every challenge is an opportunity. In our context, the current cybersecurity skill shortage opens up avenues for our young and dynamic IT students as the market is offering them superlative career growth trajectory, but only if they are equipped with the right skills. Let us quickly have a look at the scenario and how we can ensure that their academic training is a good market-fit.

Cybersecurity paradigm is changing, and so must the academic training

At present, the global IT infrastructure is growing exponentially as more digital services and novel technologies surface in the market. A number of these embryonic technologies, including IoT (used in smart appliances), and the subsequent network perimeter created using them, directly increase the attack surface of an organization.

Technically, any digital enterprise is vulnerable to wide-ranging threats. Such threats could be an IoT-based endpoint attack, malicious insider threat, or even a zero-day attack, wherein the specific vulnerability and its remediation are not known to anyone until the attack takes place. The fresh talent entering the field, even most mid-career security experts, have never experienced a real-life breach themselves and less than 30 percent of analysts have experienced a ransomware attack. They will therefore not be completely prepared when a cybersecurity breach eventually takes place.

We can now somewhat understand the exact nature of the challenge. The industry, on the other hand, tries to address them via cybersecurity frameworks, industry certifications, OEM product certifications, and ‘Baptism by Fire’ approach (making an individual learn while being on the job). None of these approaches can deliver optimal results given the sheer dynamism within the industry. It is also hard for analysts to cope up with the intense complexity of security tools as a company could be using 25+ of them on an average. So, we have to train our budding information security professionals in real-life environments, thereby improving their adeptness in handling such situations even before they enter the job market.

Many Indian and global institutes have launched courses in cybersecurity. But most of these courses don’t expose candidates to practical real-world aspects of cybersecurity and the underlying dynamics – which could radically differ from one to another. At times, cyberattackers can be seen using slightly different TTPs or attack vectors to achieve their means. So, if it is not included in the training, and a professional does not completely understand the nature and depth of the attack, the training by itself becomes redundant. Being aware of the real-time developments and how exactly various attacks work, no one could be in a better position to train our budding cybersecurity professionals than major IT and service providers.

Obviously, such training will have to be extended via their collaborations with universities and use of approaches such as Cyber Range simulations. As an added benefit, it will help them to generate an additional revenue stream, gain insight and access to the finest industry talent, and win more clients across the globe. Indian universities, however, will have to learn from universities like Miami Dade College, Regent University, Ariel University, University of Maine, Metropolitan State University, and others that have been disrupting the cyber defense industry with their world-class training modules that feature state-of-the-art cyberattack simulations.

According to IBM, our nation requires at least 3 million cybersecurity professionals at present, while its cybersecurity workforce strength continues to be less than 0.1 million. This is still the national demand. Imagine the global opportunities that will open up for our young and dynamic youth if such collaborations begin taking place in volume – especially as India continues to gain the centre stage in the global market. Perhaps, it will also add to the magnificence of our Skill India campaign and unlock avenues for global career trajectory for more than 3 million Indians.

The Curious Case Of Cybersecurity: Unlocking 3 Million Jobs Via Simple Course Correction