There’s Lack of Awareness on Cybersecurity as a Potential Career Option: CrowdStrike India MD

The post-pandemic workplace, mostly a hybrid one – with employees taking advantage of cloud-based technologies to work from anywhere, while also maintaining the ability to go into an office when needed – is leading to an unprecedented increase in cyber-crimes globally. The scenario has made cybersecurity more important than ever globally, and in India too, the sector has witnessed a robust growth amid pandemic. According to PwC estimates, the cybersecurity market in India is expected to grow from $1.97 billion in 2019 to $3.05 billion by 2022, at a compound annual growth rate (CAGR) of 15.6%, almost one and a half times the global rate.

As cyber threats will increase manifold in the coming years, it has given massive opportunities for professionals willing to enter the security domain. However, the industry requires trained professionals equipped with proper knowledge to drive the growth and match  the current and future requirements , something that can only be achieved through sourcing potential candidates and knowledge from academia, research as well as from the industry.

In an exclusive interaction with CXOToday.com, Jhilmil Kochar, Managing Director, CrowdStrike India, discusses the in-demand skills in cybersecurity, importance of cybersecurity training in a post-Covid world and what it takes to have more women in cybersecurity leadership roles. Excerpts.

What are the most in-demand skills in cybersecurity at present? What would be some of the most important job roles in this space in the next couple of years?

Every year, a lot of fresh graduates look to enter the workforce in India. It is important to improve the current skills and knowledge in order to be prepared for employment. Cybersecurity is a field that is constantly evolving and requires regular upskilling through advanced training programs. To sustain a promising career in cybersecurity, professionals need practical, hands-on technical skills for carrying out their tasks effectively. These can include:

• Ethical hacking skills: Knowledge of ethical hacking, and understanding the nature of attack helps find effective solutions and protect one’s organisation from cyber-attacks
• Programming skills: Strong hold on common programming languages, such as Java, C/C++, dis-assemblers, assembly languages, and scripting languages (PHP, Python, Perl, or shell). Knowledge of these skills increase the chances of detecting any attack on the system and to develop concrete counter-plans accordingly
• Application development security skills: Application security teams need proficiency in app development, adding and testing for security features and pen testing the applications.
• Cloud security skills: With organisations moving on to cloud platforms, there is a need for cloud-based skills. Professionals who have these skills can ensure that the data stored online via cloud computing platforms stays protected from deletion, leakage, or theft

Additionally, it is also crucial for aspirants to develop domain skills in areas of threat intelligence, risk assessment, incident response and identity management. In addition to technical skills, soft skills such as communication, critical thinking and problem solving are equally important. If one aspires to become an expert in the field, finishing industry certifications, keeping up to date with the latest developments, networking with other professionals, and gaining hands-on experience will help. Job roles such as Network Security Engineer, Cybersecurity Analyst, Penetration Tester, Cybersecurity Engineer, Security Architect and Chief Information Security Officer are in great demand and will continue to be in the next few years.

Apart from educational background and experience, what should companies look for when it comes to hiring cybersecurity professionals?

While hiring cybersecurity professionals, hiring managers look for knowledge of regulatory policies, industry certifications, training from the right institute and other legalities that might be associated with the industry which would be relevant in the future as well. Employers should look for creative problem-solvers who can navigate through upcoming problems and formulate unique solutions. Individuals who are reliable and trustworthy of working with sensitive information and possessing the same skills and mind-set of a black hat hacker will be highly valued. With rampant rise in cyber incidents, professionals from all backgrounds can make a career in cybersecurity. Aspirants need to have a clear understanding of the domain and have hands-on training along with the theoretical knowledge, in cybersecurity. They should have passion and eagerness to enhance their skills, high integrity and willingness to learn and evolve constantly. Security mindset and curiosity to learn the ever changing field would stand in good stead.

What is the importance of cybersecurity training? What can organisations do to engage their employees in security training programs?

Today, a lot of the data breaches are caused by human errors, reinforcing the need for continuous employee education on cybersecurity. The main purpose of the training program for employees is to create a sense of shared responsibility and accountability so that the company is safe from attacks due to human factor.A cybersecurity awareness training program helps employees to protect themselves and the company against cyber threats. A comprehensive cybersecurity training program not only lowers the risk of security threats, but it also frees up the IT department’s time by avoiding cybersecurity breaches. The IT team can then instead focus on devising a comprehensive strategy through penetration testing or other ways to decrease cybersecurity vulnerabilities and challenges.

To engage the employees of the organisation, leaders need to ensure the right training programs are in place covering relevant topics such as phishing attacks, importance of strong password security, cloud security, social media use, how to identify and report cyber threats etc. It is important to create custom training campaigns based on the risk profile and knowledge level of employees. Leaders need to explain employees how certain behaviours and best practices help them in both their personal and professional lives. To create a culture that puts security first, collaborate with other departments and decision makers such as C-Suite, legal and compliance, IT, people managers etc. and explain them how cyber attacks happen and why it’s crucial to build a cyber-secure culture. Collecting feedback from employees on the training and making adjustments would be a great idea. Lastly, the employees need to be empowered by making it clear that they have the power to stop cyber attacks and threats.

What are the key innovations and emerging technologies in the cybersecurity space especially in the post-Covid era?

The pandemic’s continued influence on various industries operating in the technological industry brings new challenges, opportunities, as well as paves way for innovations. Businesses continue to shift their strategies offering fully remote or hybrid work environments, increasing reliance on technology, and investing in digital transformation. As we go ahead with this fast-paced digital environment, we will witness a drastic rise in data volumes,and fuzzy organisational boundaries which will further lead to a requirement for a strong cyber breach defense framework.

As technology and security go hand in hand, some of the disruptive technologies such as Artificial Intelligence (AI), Machine learning (ML), Cloud security, Zero trust, endpoint protection, automation, data analytics etc. are transforming the cyber security landscape and will continue to do so in the post-Covid era. We need to implement a holistic security framework to identify, protect, detect, respond and recover from cybersecurity threats, and technologies can help only if they are used in the right manner.Unlike traditional security or network security solutions, endpoint security solution should combine the technologies required to successfully stop breaches, including true next-gen antivirus and endpoint detection and response (EDR), managed threat hunting, and threat intelligence automation, delivered via a single lightweight agent like that of CrowdStrike, so that organizations finally have the ability to get ahead of adversary activities, and stay ahead following the principle of innovation through inclusion.

Cybersecurity skill shortage is a key area of concern today. Can you explain the challenges in this area and what companies can do to close the cybersecurity skills gap?

 The world of cybersecurity is always changing. There are new threats, risks and vulnerabilities emerging every day. The evolving cyber threat environment needs highly agile and up-to-date cyber professionals to protect enterprises.Therefore, it is essential to hire skilled cybersecurity experts. According to the latest report by the World Economic Forum (WEF), there is a shortage of 3 million cybersecurity professionals worldwide. With a plethora of technologies and evolving domains, finding the right fit is a major challenge and there is a large demand versus supply gap in the talent market. Upskilling of existing cyber teams, in required areas, such as cloud and data security, in a structured and organised manner, can help organizations stay ahead of the curve. Organizations should take substantial efforts to reskill, upskill and retain the existing cybersecurity talent. Regular training, certifications, and appealing incentives can go a long way in attracting young and experienced talent and retaining them for longer periods of time. There is a lack of awareness of cyber-security as a potential career option. Holding conferences and seminars to raise the awareness is a good idea. There aren’t enough training facilities to accommodate the number of students who are slowly showing interest in this field. Awareness should be created and enterprises should take aggressive steps to tackle the gap by devising industry-focused cybersecurity training and career development programs. They should build a robust talent pipeline through partnerships and outreach programs working closely with educational institutes and peer companies. This knowledge sharing and collaboration will help develop future-focused cybersecurity talent and bridge the industry-academia gap in the long run.

What are the opportunities for women leaders in cybersecurity today? Has remote work created any impact on women in cybersecurity?

Today, the number of women leaders occupying top positions in technology companies has vastly improved from what it was a few years ago.  As per Nasscom estimates, the number of women in technology in the Indian workforce has risen by 10 per cent over the last decade. Cybersecurity has always been a male-dominated industry, but remote working has opened the doors to new employment opportunities and encouraged more women into this field, addressing the skills gap in the process. It has created a better work life balance and provided the flexibility that women need to balance the various roles that they play in their lives. With physical locations becoming irrelevant today, I think it’s an exciting time for women to chase their dreams, break the glass ceiling and emerge as truly powerful leaders.

 What does it take to have more women in cybersecurity leadership roles?

Cybersecurity is a very important field that one could master, and probably is the least known. Girls who are in the field of STEM should also be taught about why cybersecurity is one of the most interesting and challenging fields in technology and what a career path in cybersecurity looks like. Several women take a break when they reach middle and senior management levels to prioritise personal commitments. However, with pandemic coming in, things have changed and created more opportunities for women.

Hiring women for key roles should stop being a tick box and should be proactively encouraged by the leaders at organizations. Providing a environment conducive for women to contribute, learn and grow is crucial. Providing additional training opportunities and conducting guidance workshops to apprise women who want to switch over to cybersecurity can be priority for organizations. By doing this, we can see more women cybersecurity leaders in the boardroom. There are various skilling programs and certifications available online as well for women who want to upskill.

Many progressive organisations are now realizing the value of diversity and inclusion, and are implementing work policies and rewards that will encourage women to continue their careers. It is gratifying to see several women take leadership roles today. There is still a lot of work to be done though and many who have an intention to bring women into the workforce should invest in efforts to make that happen. If we can collectively shift our mindset towards bringing more women into work, we can reap outstanding benefits for our industry and for society. My advice for women is to empower themselves by constantly upskilling, staying updated with technology and cybersecurity trends, and taking control of their own career growth.