Cyber Security Blog

What is the biggest skill gap among cyber professionals today?

Written by Aditi Uberoi | 7 February 2020

Gathering insights, opinions and expertise from top cyber professionals in the world is one of the key objectives behind Cyber Management Alliance’s Wisdom of Crowds events.

At the Mumbai WoC event held in May at the Maximum City’s stylish Sofitel BKC hotel, we got the chance to get top CISOs and cyber experts in India to share their views and valuable inputs on a variety of subjects. One such topic that was deliberated over was the skill gap amongst cyber professionals today. 


Below is a quick snapshot of what these doyens of IT and cybersecurity in India believe are the most pressing gaps in the industry from a human resource perspective:- 

  • A dearth in the number of skilled cybersecurity professionals in the market
  • CISOs and security execs who aren’t adequately trained on new and emerging technologies 
  • A lack of truly excellent domain knowledge
  • The inability to learn and unlearn quickly and in tandem with the pace of the industry
  • Lack of time to keep oneself updated with new and emerging threat scenarios
  • Too much focus on dashboard and screen monitoring
  • Lack of practical training & exposure to simulated scenarios
  • Lack of trust between organisations and third-party vendors
  • The inability to look at security from a holistic perspective

Listen to the full interview below:

 

Here’s a detailed look at what the experts said at our Mumbai Wisdom of Crowds event said on the subject: 

Anoop Das, Enterprise Manager, Middle East & India, Mimecast, “Most organisations lack confidence in their own solutions in terms of cyber resilience. If there is a breach happening to an organisation, the confidence levels of CISOs goes down and affects their productivity. So, it’s very important to raise the morale of the organisation by securing it. If you ask me if there is a gap, I would say there is definitely a gap in CISOs and security. If you get a good CISO, they don’t stay for long. So, you really have to ensure that you invest in good security and have good technologies in place which will eventually lead to a strong cyber resilience strategy.” 

Aman Malhotra, Senior Manager, Cybersecurity and Data Protection, TUV, SUD, “I still feel that in India there is a huge skill gap. When I interview a lot of people, I see that they have ventured into the cybersecurity space. But most people lack that high level of skill that adds value and allows them to align the testing objective with the vision that the management may have for 3 or 5 years from the present day.”  

Mandar Kulkarni, CISO, Grasim Industries, “In terms of cyber professionals, every enterprise feels that it is short-staffed. There is always a challenge because the number of technologies today and the number of vendors is growing every day. So, it’s really difficult to get people who understand so many technologies at the same time. Another trait that is needed in all of us is the ability to quickly learn and unlearn the nuances within cybersecurity.” 

Sunil Dhaka, COO, Arcon, “When it comes to skills, a security professional gets so busy in meeting day-to-day operations that the time for him to prepare himself and update his skill set with the emerging risk scenarios is not really there. An organisation needs to provide time to their security professionals in which they can upgrade their skills so that they are totally current in meeting any threats that the organisation is exposed to.”    

Naresh Kumar, Assistant Vice President, Cybersecurity, DBS Bank, “A lot of tools and technologies are coming up but people are missing the basic skills in cybersecurity; they are not trained for these tools and technologies that should be used for incident response. They are unable to understand incident management, triage activity and they aren’t aware of how organisations are delivering these services through their IT infrastructure. This is because they are more focused on the dashboard and monitoring the screens and are actually unaware of the company infrastructure.” 

Mayank Mehta, Head- Information Security, Axis Financial Limited, “As new technologies emerge, their implementation and review should be timed properly. Even the resources need to be given the right bandwidth of skills to work with these tools and do well in their organisations.”

Sudhir Kanvinde, Executive Director, IT, IPA, Ministry of Shipping, GOI, “A lot of CISOs are available in the market but at the same time the skillsets and technologies have been changing. So, it’s very difficult to identify the correct resources for all requirements. Sometimes, our biggest decision is choosing between hiring a resource or giving a contract.”  

Amol Desai, CISO, Reliance Nippon Life Insurance, “The biggest skill gap is not related to technologies or the implementation of tools. The skill gap lies in implementing ideas in governance. It is at a very macro level, but security has to be looked at from a holistic view.” 

Shreyas Vyas, Head of IT, Compuage Infocom Ltd, “A lot of companies don’t have the mindset or budget to appoint a CISO. Then there is the concern of exposing your entire network to an outsourced vendor. There is a greater need for trust between the company and the external vendor in the industry today.” 

Hitesh Vora, Vice President, IT- Waree Group, “People are aware of cyber issues or threats. However, they have not seen practical scenarios. You can read about it but unless the security team participates in a simulated drill etc., bridging that gap will be difficult.”

Subscribe to the Cyber Management Alliance YouTube channel for more insights and interviews from leading cybersecurity executives across the world: https://www.youtube.com/channel/UCm-r7aanAKPc8bu-FqaTVy