At the Mumbai WoC event held in May at the Maximum City’s stylish Sofitel BKC hotel, we got the chance to get top CISOs and cyber experts in India to share their views and valuable inputs on a variety of subjects. One such topic that was deliberated over was the skill gap amongst cyber professionals today.
Below is a quick snapshot of what these doyens of IT and cybersecurity in India believe are the most pressing gaps in the industry from a human resource perspective:-
A dearth in the number of skilled cybersecurity professionals in the market
CISOs and security execs who aren’t adequately trained on new and emerging technologies
A lack of truly excellent domain knowledge
The inability to learn and unlearn quickly and in tandem with the pace of the industry
Lack of time to keep oneself updated with new and emerging threat scenarios
Too much focus on dashboard and screen monitoring
Lack of practical training & exposure to simulated scenarios
Lack of trust between organisations and third-party vendors
The inability to look at security from a holistic perspective
Here’s a detailed look at what the experts said at our Mumbai Wisdom of Crowds event said on the subject:
Anoop Das, Enterprise Manager, Middle East & India, Mimecast, “Most organisations lack confidence in their own solutions in terms of cyber resilience. If there is a breach happening to an organisation, the confidence levels of CISOs goes down and affects their productivity. So, it’s very important to raise the morale of the organisation by securing it. If you ask me if there is a gap, I would say there is definitely a gap in CISOs and security. If you get a good CISO, they don’t stay for long. So, you really have to ensure that you invest in good security and have good technologies in place which will eventually lead to a strong cyber resilience strategy.”
Aman Malhotra, Senior Manager, Cybersecurity and Data Protection, TUV, SUD, “I still feel that in India there is a huge skill gap. When I interview a lot of people, I see that they have ventured into the cybersecurity space. But most people lack that high level of skill that adds value and allows them to align the testing objective with the vision that the management may have for 3 or 5 years from the present day.”
Mandar Kulkarni, CISO, Grasim Industries, “In terms of cyber professionals, every enterprise feels that it is short-staffed. There is always a challenge because the number of technologies today and the number of vendors is growing every day. So, it’s really difficult to get people who understand so many technologies at the same time. Another trait that is needed in all of us is the ability to quickly learn and unlearn the nuances within cybersecurity.”
Sunil Dhaka, COO, Arcon, “When it comes to skills, a security professional gets so busy in meeting day-to-day operations that the time for him to prepare himself and update his skill set with the emerging risk scenarios is not really there. An organisation needs to provide time to their security professionals in which they can upgrade their skills so that they are totally current in meeting any threats that the organisation is exposed to.”
Naresh Kumar, Assistant Vice President, Cybersecurity, DBS Bank, “A lot of tools and technologies are coming up but people are missing the basic skills in cybersecurity; they are not trained for these tools and technologies that should be used for incident response. They are unable to understand incident management, triage activity and they aren’t aware of how organisations are delivering these services through their IT infrastructure. This is because they are more focused on the dashboard and monitoring the screens and are actually unaware of the company infrastructure.”
Mayank Mehta, Head- Information Security, Axis Financial Limited, “As new technologies emerge, their implementation and review should be timed properly. Even the resources need to be given the right bandwidth of skills to work with these tools and do well in their organisations.”
Sudhir Kanvinde, Executive Director, IT, IPA, Ministry of Shipping, GOI, “A lot of CISOs are available in the market but at the same time the skillsets and technologies have been changing. So, it’s very difficult to identify the correct resources for all requirements. Sometimes, our biggest decision is choosing between hiring a resource or giving a contract.”
Amol Desai, CISO, Reliance Nippon Life Insurance, “The biggest skill gap is not related to technologies or the implementation of tools. The skill gap lies in implementing ideas in governance. It is at a very macro level, but security has to be looked at from a holistic view.”
0 Comments