In an interview with TechGraph, the Director of Versatilist Consulting India, and Former ISACA board director, RV Raghu talked about the adoption of cyber security space in India and more.
Read Excerpts:
TechGraph: What key role does a cyber security professional play in an organization?
RV Raghu: Today every company is a tech company especially with all the cutting-edge technology being adopted. Adding the fact that there is a rise in data breaches and other threats putting cybersecurity center stage, this means that cybersecurity professionals are going to be the key to success.
Cybersecurity by definition is the protection of all things cyber or computer-based which includes not just the identification of technical risks and putting in the right risk-based mitigations but also doing this in the organizational context.
TechGraph: Which are the key focus / key functions within the space of cybersecurity?
RV Raghu: With technology becoming ubiquitous, it is important to protect the enterprise at all times. This will require being a master at defense and offense, with the focus on always “keeping the lights on” and protecting what is most important for the enterprise and its customers at all times. Security and data protection will be critical in light of widespread data breaches apart from protecting other things such as fulfillment capabilities and reputation.
TechGraph: What are the skills needed to succeed in cybersecurity?
RV Raghu: In my opinion, two sets of skills will be key–pure technical skills complemented by managerial skills focused on understanding the business context, communication, and risk management.
The first skill is essential because if you don’t understand the technology, everything else is useless. The second set of skills is necessary because as a cybersecurity professional, you will not be operating in a vacuum but will need to understand the business and its context.
Communicating effectively about the business value organization-wide is important so that you have the necessary support to do what needs to be done in cybersecurity in the dynamic environment that enterprises face today.
TechGraph: Why does India have a large no. of unfilled vacancies in cybersecurity?
RV Raghu: In ISACA’s State of Cybersecurity 2021 Part 1 survey report, only 41% of the respondents in India felt that the HR department understands their organization’s cybersecurity hiring needs to properly pre-screen candidates which could explain the unfilled vacancies.
If the requirements are not understood clearly, it may be difficult to meet them. The same ISACA survey found that poor financial incentives stood out as the most visible reason that cybersecurity professionals are leaving their jobs in India, at 45%, followed by limited promotion and development opportunities at 44%.
These statistics call for a holistic approach to meeting the needs of the enterprise including the need for recognizing the importance of the cybersecurity professional, compensating them on par with other roles within the enterprise’s context, and also focusing on developing a career path for the cybersecurity professional that goes beyond a mere technical remit.
TechGraph: What can companies do to developing and retain cybersecurity professionals within a company?
RV Raghu: ISACA’s State of Cybersecurity 2021 Part 1 survey showed that organizations in India are addressing the problem through:
- Training non-security staff who are interested in moving to security roles (52%).
- Increasing use of reskilling programs (46%).
- Increasing use of performance-based training to attest to actual skill mastery (37%).
- Increasing usage of contract employees or outside consultants (35%).
- Increasing reliance on AI/automation (31%).
In the Indian context and considering the lag in hiring versus demand, companies would do well to use the first two options as these are within reach and have the greatest cost-benefit ratio in the long term.
TechGraph: How does one bridge the gap to meet the demand?
RV Raghu: I think companies need to take a two-pronged approach to meet the demand for cybersecurity professionals with an emphasis on moving non-security staff to security roles and increasing the use of re-skilling programs. Considering the time lag between identifying the need for skills and fulfilling them, the above two approaches can go a long way in not only meeting current demand but meeting some of the future demand as well.
It is critical to understand here that security is something that happens in the context of the organization and by moving, promoting, up-skilling/re-skilling current staff, the knowledge of the business and its nuances can be retained in-house, and this can prove to be very valuable in the long run.
TechGraph: What kind of training/upskilling do cyber security professionals need to effectively handle or identify cyber problems / to tackle the cyber security skill gap in India?
RV Raghu: Cybersecurity is a moving target that requires strong hands-on, skill-based training apart from theoretical knowledge. It is also to be emphasized that these skills are not static, which means the training also needs to be ongoing and must keep pace with the changes in the technology and related threats and risks.
It will also be important to identify training providers such as ISACA who are globally recognized so that the skills that security professionals garner are accepted by enterprise clients. ISACA offers both knowledge and skill-based training which is the need of the hour.
TechGraph: What are the top 5 reasons to take up cyber security positions/jobs?
RV Raghu: ISACA’s global surveys and according to estimates by the Data Security Council of India, India needs about 1 million cybersecurity professionals, The survey also indicated that 60% of organizations surveyed are fully staffed in-house to only “respond” to security threats and breaches, while nearly an equal number, 59%, are equipped to proactively “protect” cyberattacks.
Surveys by ISACA globally and also from the State of Cybersecurity 2021 Part 1 survey indicate
- 46% of respondents indicate that their cybersecurity teams are understaffed.
- 49% say they have unfilled cybersecurity positions.
- 53% say their cybersecurity applicants are not well qualified.
All this and more mean the time is now to take up cyber security positions. If that is not enough, here are five more reasons to consider:
- Over a million unfilled positions and expected to grow.
- Every green opportunity.
- Industry-wide applicability.
- Perennial opportunities to learn and excel.
- Tremendous growth potential.
