Growing demand for Cyber Security professionals

Statistics by different placement consultants and job portals reveal a growing demand for security professionals in the coming years. According to a recent Nasscom study, conducted by the research firm IDC, the demand for Cyber Security professionals is 18,000 and 60,000, in India and worldwide respectively. This is estimated to grow to over 77,000 in India and 188,000 worldwide by 2008. Thus, the requirement, which presently accounts for about 3 percent of overall IT workforce demand, will rise to around 5-6 percent in 2008.

Cyber Security market certainly has major potential in India. From a skill or function, which was regarded as a poor cousin of IT professionals, the IS talent pool today commands respect.

Prominent signs of this impending demand are already visible for past couple of years. Out of a total 5,00,000 IT jobs advertised, a large percentage of Cyber Security jobs have substantially risen in past one year.

A few information security services are having a higher demand. For example, the demand for professionals catering to software security services is expected to increase at a Compound Annual Growth Rate of 27 percent between 2001 and 2008, with security management services showing healthy growth at 33 percent. Besides, some other areas that are witnessing a higher demand for IS professionals are in—Cyber Security policy creation, firewall configuration, Operating System administration, IS audits and disaster recovery and planning.

Market drivers

The industries that have the greatest need for information security professionals are IT consulting, e-commerce, financial services, insurance and manufacturing.

This demand is more evident in the ITeS and BPO organisations, since they have realised that vulnerability to Net crimes and any misuse/loss of data may result into losing clients. Stringent privacy and security legislation in the US and EU and ballooning concerns on security issues in outsourcing are compelling Indian companies to implement information security. The demand is growing exponentially as there is almost a fanatical obsession for making the systems and process foolproof (compliant with the international security standards) from any hacking/virus attacks.

The growing concern about Cyber security vulnerabilities has also increased the demand for security-policy reviews and vulnerability assessments (VAs). As a result, services for Cyber security assessments and integration services have become a fast growing segment. “The need for information systems auditors for reviewing the security is witnessing a higher demand, particularly in the financial (banks and insurance companies), software services and the ITeS sector,”. The RBI Internet Banking Guidelines and consequent security services requirements of banks have made IS professionals much sought after.

Industry observers point out that all this has made security as one of the most sought after and best-paid career. In fact, in the US, an entry-level IS professional can command a salary of $75-80,000 per annum, with the one at the higher-end earning somewhere around $1,50,000. In India, an IS aware professional will earn close to $35-40,000, with the top rung earning around $1,20,000 per annum.

Demand and supply gap

The need for IS professionals will exponentially increase in the coming years as more overseas companies look to India to cater to their information processing needs. Unfortunately, this is not matched by a corresponding supply of skilled IS professionals. The Nasscom report says that less than 10,000 professionals have a working knowledge of IS. At this rate there will be an expected shortfall of over 1,00,000 IS professionals globally, by the year 2008.  

Training needs to gear up

With the changing IS scenario, companies can no longer look at IS as an extension of the IT department. IS requires skill sets in designing, implementing and monitoring the IT security infrastructure. The skill sets of IS professionals can be broadly grouped under two categories namely, the IS technical skill sets and business process controls skill sets. While technical skill sets are required in setting up and implementing the information security architecture and to review compliance to define IS policies and procedures; business process controls skills are required to ensure that business process happen in a controlled environment in compliance with regulatory requirements.

A lot however needs to be done in this area. Experts point out that there is a need for introducing concentration in IS in the academic programmes covering the following: cryptography, AAA framework, software safety and reliability, network security, secure operating systems, application security, design of security policies, disaster recovery, biometrics and security auditing.

Diploma in a Cyber Security program prepares students for a career in the field of network protection. There are more business transactions done over the web than every before. Organizations need people that have the necessary skills and knowledge, which will provide the level of security required to keep business networks safe. As the internet expands, so does the need for graduates in Cyber Security.

Students learn the required theories and skills in Cyber Security, to enable them to keep unauthorized people or hackers from invading a computer information system. The centre of the Cyber Security program focuses on management, evaluation and design of networking systems in government agencies, organizations and businesses. By modifying security systems and setting up secure, protected networks, students gain the necessary experience to meet the customer's requirements and needs. Students learn to evaluate and assess current technology, in both software programs and hardware devices.

JOBS

Computer Crimes Investigator
Investigate all cases of possession of child porn, all online investigations concerning the solicitation of a child via the Internet, forensics concerning computers, cell phones and PDA’s - anything that could be considered digital evidence and investigating cases of computer hacking.

Data Security Analyst
Maintains systems to protect data from unauthorized users. Identifies, reports and resolves security violations.  Has knowledge of commonly-used concepts, practices and procedures within a particular field. Relies on instructions and pre-established guidelines to perform the functions of the job.  

Data Security Manager/Supervisor
Manages professionals in the maintenance of systems to protect data from unauthorized users. Identifies, reports, and resolves security violations. Familiar with a variety of the field's concepts, practices and procedures. Relies on extensive experience and judgment to plan and accomplish goals. Performs a variety of tasks.  

Web Security Administrator
Develops, implements and maintains firewall technologies that secure an organization's website. Defines network security issues, develops plans and procedures and ensures safety and privacy of their newly developed Internet and intranet sites. Creates, modifies and deletes user profiles and other access controls. Reviews security logs and violation reports.

Information Systems Manager
This may involve setting up new networks, adding new users to existing networks, or monitoring or developing databases that will be used within the network. Since many companies have remote offices and locations the information system manager may be required to travel to these locations to help with problems or may simply be required to provide online or by phone support for assistance with technical issues.

IT Security Co-ordinator
IT security coordinators, sometimes known as information security analysts, plan and implement security measures to protect clients' information and data from unauthorized access, deliberate attack, theft and corruption. They also put in place controls to allow secure transfer of files and data across computer networks like the internet.Security coordinators deal with a range of threats to electronic information.

Sr. Network Information Security Consultant
This job is essentially a team lead for compliance management. It consists mainly to promote employee awareness, do threat modelling, and run investigations into breaches and the promotion of best practices at the BANK group.I work under the Information Systems Security Manager and with the IS Security team, proactively develops policies, processes, and procedures related to a comprehensive security program while assessing threats to the bank information assets. Also educates all employees, managers and stakeholders about the importance of IT Security and works to ensure workforce awareness of security policies and practices.
  
Senior Project Manager – Network Security
This is an incident response role, with a focus on phishing and malware takedown, as well as ongoing tactical and strategic threat analysis.Perform strategic analysis of new threats presented in the electronic channels arena. Perform operational activities to help mitigate the threat of phishing and malicious software targeting the client and their customers. Lead the development of processes and systems in order to improve our response capability to cybercrime threats. Advise and consult on security issues, control techniques and security requirements for new applications and software products. Demonstrate a broad understanding of legislative requirements governing.Information security, particularly in the cybercrime space.

Associate Director - Information Security Architecture
Ensure the strategic direction regarding network and application-level security, strategic and tactical direction application security, and technical acceptance of security architecture and documentation for major application initiatives. Direct the development and implementation of information security controls, standards, policies, and procedures to cost-effectively protect information systems assets, such as data systems and databases, from intentional or inadvertent modification, disclosure or destruction.Direct the security and connectivity initiatives of internal and external clients, domestically and internationally, and lead efforts to architect secure connectivity solutions. Direct the monitoring of existing and proposed security standard setting groups and State and Federal legislation and regulations pertaining to information security.

Ethical Hacker
Web Application Vulnerability TestingUtilises a customised process to conduct Ethical Hacking assessments of web-based applications VPN Vulnerability TestingApplies a three-phased approach in an attempt to discover, identify, and penetrate the VPN as well as identify weaknesses in the VPN configuration External Network VulnerabilityTestingAttempts to penetrate your Internet firewall infrastructures as well as surrounding network systems Internal Network Vulnerability Testing Provides you with a thorough understanding of how vulnerable your internal infrastructure is to threats such as disgruntled employees, hackers who gain access to the building, and former employees with “lingering”  access Wireless Vulnerability TestingUtilizes a three-phased approach to identify vulnerabilities within an 802.11 wireless network

Security Consultant
The Security Consultant must have extensive experience in the areas of security to provide clients with a balanced understanding of their technical security as well as the business drivers and processes required to ensure a successful implementation
Security Acumen

• Audit and assessment capability
• Risk analysis
• Policy and procedure
• Best practices of Security