As the world is learning to come to terms with the COVID-19 situation, acclimating to remote working, remote meetings, and new challenges in a fully remote era, organizations and individuals find themselves battling cyber threats and challenges more than ever before.
The Workforce Gap
Even prior to the current situation, there had been a shortage of qualified cybersecurity professionals in the workforce across the world and even more so in India. In the field of cybersecurity, the workforce gap requires not only a large number of new cybersecurity professionals, but also to upgrade the skills of existing SOC Team members, ensuring that organizations are prepared for the current cybersecurity threat landscape. As reported in Dataquest there is a shortage of over one million cybersecurity professionals in India as per Data Security Council of India (DSCI) as of today. This shortage exists even though there has been a surge in cybersecurity program enrolment in universities, private institutions and various industry training partnerships have sprung up across India.
In order to understand the key reasons for the cybersecurity skill shortage, one needs to look at the structure of cybersecurity education in India which is primarily focused on educating trainees on the theoretical aspects of cybersecurity along with limited practical exposure to practical application. These students, when exposed to various real-world attacks and threat flows through entry-level jobs, need to undergo more real-world hands-on training. This real-world training, which takes not days but months of on the job training, is the only way for cybersecurity professionals to acquire the required technical and soft skills. Such a long training timeline, from an organizational perspective, is employee productivity loss, and can be exceedingly expensive as more real-world threat exposure is required by these entrants to keep up with new attack vectors and types.
Also, to further compound the problem, cybersecurity students are not trained on real-world networks, but on a single or a few virtualized images of OS & Software combinations along with open source or few commercial-grade tools. When compared to the full array of commercial-grade tools & solutions that they would experience in their jobs, these smaller networks fall woefully short. Additionally, finding a scalable educational methodology to train the large number of students or trainees required to solve the skills shortage presents its own challenges.
Replicating a Real-World Experience
The need of the hour is to provide students and cybersecurity professionals with an experience as close as possible to the same environment, the attacks, and tools that they would have to face in the real world. Replicating this real-world experience can be broadly defined as Experiential Learning which is learning through one’s experiences. Experiential Learning is all about hands-on learning with an environment as close to real-world cyberspace as possible. The environment incorporates the core concept of training cybersecurity professionals by making them accomplish, hands-on, the activities required to mitigate or perform an attack, giving trainees precious experience of what they would experience while working in a SOC team of any organization.
Under experiential learning, the real-world environment is simulated with a replica of network architectures, tools and solutions similar to what an organization IT setup would be like. Add to this the advanced level attack scenario’s which are modelled on real cyber threats and attacks experienced by an actual organization. Experiential learning adds similar complexity and pressures that would be faced by a SOC team member in the real world.
Many experiential learning platforms even address the remote training requirements brought about by the lockdown and work from home requirements due to the coronavirus pandemic. Instructors can manage and deliver an entire training remotely while providing personalized guidance to students in case they hit a wall. Trainees can securely access the platform remotely and train on relevant scenarios all while experiencing the unpredictable cyber threats occurring on a simulated IT infrastructure.
Thus, if India is going to be a leader in the cybersecurity space, the education sector is going to play a major role in transforming cybersecurity hopefuls into battle-trained cyber warriors to secure the Indian Cyber Space now and in the future.