Need for a bridge to bridge. Network Security. skills gap. The. Network Security. Academy academy.cyberoam.com

Transcription

1 White paper Need for a bridge to bridge Network Security skills gap A collaborative vision on network security education and cyber-security workforce development Academy Learning The Network Security Academy academy.cyberoam.com

2 Foreword The challenge of averting network threats and cyber attacks in order to safeguard the availability and integrity of key information systems & assets has grown exceedingly difficult. Juxtaposing this situation, while the sophistication of attackers and number of such cyber threats has grown rapidly in recent years, the world has not been able to produce capable talent with the right skills in network security and cyber threats management. This becomes clearly evident from the following statements. = A recent study from Booz Allen on the U.S. federal cyber security reveals significant skills shortage = Identity theft complaints topped the list of US consumer complaints for the 12th year in a row, = Identify theft costs the Canadian economy approximately $2.5 billion p.a. (-the Canadian Council of Best Business Bureaus) = A Digital Government Institute Cyber Security Conference held in mid 2012 in US foresees that within the next two years about 4.5 million security professionals will be needed worldwide; the current available pool stands at about 2.5 million only = UK could face a significant skills shortage in IT security - UK government = Australia announces federal assistance of $1.46 billion for cyber security = Italian government announces fresh measures to beef up cyber security = The Global Information Security Survey 2012 from Ernst & Young shares a wake-up call for global businesses to recognize the strategic importance of information security = India needs nearly half a million cyber security professionals by 2015 In the light of these studies and findings, the role of a cyber security professional has indeed experienced a major transformation, leading to a sharp rise in the need for a larger and more dynamic network security workforce It s about time academia and industry comes together to demonstrate the spirit of collaborative efforts and produce young and ambitious talent pool of information and network security professionals, leading to creation of rewarding career opportunities for many and a capable cyber security workforce as required by global institutions.

3 Academic establishments such as universities, colleges and other training bodies can come to the rescue of governments and businesses in making available the right kind of cyber security workforce. By providing in-depth and industry focused learning in network security, academia can help alleviate the challenge of skills gap. Moreover, by integrating programs in network security as a part of their academic prospectus, educational institutions can provide holistic exposure to cyber security, which shall offer enhanced awareness into other related concepts in information assurance, next generation network security, digital forensics, cryptography, risk assessment and mitigation, disaster recovery and management, security regulations and compliance, and information security management. With this, academia can present rewarding career avenues and reach out to thousands of career aspirants seeking a meaningful program / certification capable of assuring hands-on learning using advanced technologies. Academia as the ultimate catalyst Growing awareness towards network security and cyber threats signifies a huge opportunity and not only business and government establishments but institutions in research and education too shall gain immensely from it. In fact, against ever evolving cyber threats the need to mentor more graduate students skilled in the concepts and technologies of network security is turning into a significant onus of academic institutions, in order to help defend invaluable information assets for governments and business enterprises. Academia thus has a unique chance to emerge as the catalyst of change with this shift. With substantial investments and efforts being pledged in building new cyber safeguard measures, it is going to be the right people with the right understanding, skills, and capabilities to determine success for such initiatives. However, both government and private sector is struggling with inadequate supply of network security professionals to implement various plans and secure critical information assets. On the other hand, there is a clear absence of effectively established and well defined ecosystem for shaping careers and education in network security. Training and capacity building programs being offered at present in network security, while available aplenty, suffer from poor focus and lack collaborative vision to unify the needs of academia, students and industry. A cohesive approach towards imparting industry focused network security education requires academic institutions to optimize their campus wide resources to blend knowledge, intellectual capacity, and practical skills in an unprecedented way. This indeed calls for a partnership with a technology partner that brings proven expertise and innovation capability in serving cutting-edge network security capabilities to a wide range of clientele, thereby providing industry oriented insights in developing a suitable curriculum and teaching methodology. The National Initiative for Cybersecurity Education (NICE), a unique and comprehensive National Cybersecurity Initiative from US federal government identifies a special role for academia in fortifying industry needs and students career prospects. The following illustration provides useful insights into the way educational institutions can make a big difference by becoming a part of collaborative missions for promoting network security education. For students educate career aspirants with industry needs and various employment opportunities to help broaden the pool of capable network securiy workforce For industry cultivate a globally competitive cyber security workforce by imparting pertinent learning focusing on all key aspects of network security and cyber threats management; forge collaborative partnerships with technology, corporate and government organizations to identify skills requirements For society promote broader awareness about risks in network security and cyber threats ; facilitate easier understanding into industry best practices and other initiaves addressing similar concerns

4 Even as the domain of network security and cyber risk management is opening up new career avenues, career aspirants seeking rewarding opportunities are struggling with some fundamental issues, which largely relate to their limited perception of the industry needs and career planning. For example, many students do not understand the difference between a career program in network / cyber security and a run-of-the-mill course in hardware and networking offered by so many network equipment vendors. Also they lack good understanding into key skills and how to go about acquiring those marketable skills. Aspirant cyber warriors yearning for the right guidance Professional identities such as 'Information Security Professional', 'Cyber Security Professional' and 'Network Security Engineer' have emerged as highly sought after prominent career avenues for the global community of students and aspirant network security professionals. In the rapidly evolving Information Technology industry, one of the fastest growing sectors is network / cyber security. With the numerous cyber threats existing today, businesses and other organizations are having a high demand for expert talent in cyber security. Expansion in IT ecosystem has led to emergence of several new segments such as Big Data, Cloud Computing, Social Media and Mobile Services (apps etc). This paradigm shift in IT and mobile ecosystem has created several new opportunities for career aspirants in network security. Figure indicating involvement of information security professionals in various new responsibilities Source: A study from Frost and Sullivan Frost & Sullivan estimates the number of information security professionals worldwide in 2010 to have been approximately 2.28 million. This figure is expected to increase to almost 4.24 million by 2015, displaying a Compound Annual Growth Rate (CAGR) of 13.2% from 2010 to As more and more students turn to a career in cyber security, there's an increased need to address following fundamental aspects! Need for facilitating broad awareness into the readiness required to pursue a fruitful career in cyber security

5 Information security and allied areas have drawn significant attention over the past several years for global businesses and other organizations. This in a way also demonstrates their raised awareness into how information security has become integral with integrity of customer, client and internal data. Putting forth this understanding, attention to network security awareness, proactive steps and processes are quickly becoming a central part of the organizational culture at the vast majority of businesses, because concerned decision makers such as CIOs & CISOs realize that cyber security is fundamental to how they conduct business and manage their business relationships. Yet a spate of recent findings reveals they still face significant challenges in acquiring the right talent and skills for information risk management.! Need to clarify a huge difference between run-of-the-mill courses offered by various network equipment vendors Vs. career programs and certifications in network / cyber security. Many students fall prey to this illusion and perceive course offerings from network equipment vendors as a career in network security. Little do they realize that such courses are built around specific proprietary technologies and lack the depth and breadth of career programs in network security! Need to explain how each unique career opportunity in cyber security domain demands a specific set of skills! Need to share adequate guidance on acquiring marketable skills and industry recognized certifications! Need to encourage students to adopt a 'novice-to-professional' learning curve in order to develop thorough grasp into key concepts that include Networking Essentials, Network Security Essentials, Unified Threat Management, Ethical Hacking, Penetration Testing and Network Forensics! Need to establish a simple yet a very important thought that a career in cyber security, just like other technical disciplines is also about the business of problem solving and connecting the dots, thereby laying more emphasis on analytical skills and importance of developing business centric view on information risk management A career program that can help them see Network Security the way industry perceives it is the need of the hour. This shall offer them insightful understanding into different types of available jobs and corresponding roles and responsibilities. Industry and government remain wary Information and communication technologies have emerged a key enabler in inspiring business innovation across a wide array of all sectors of the global economy. Be it a private business entity or a government organization, it comes to depend heavily on internet driven technologies to run their routine business processes. We certainly cannot imagine infrastructure such as power grids, air transportation systems, financial markets, banks telecommunications and public utilities to remain functional and effective without internet enabled information backbone. While the rise of digitally connected economy augurs well for international trade prosperity and global competitiveness for many nations, governments and business organizations at the same time remain wary of potential risks arising from this paradigm for their information networks and assets. While security is increasingly becoming a key concern, inadequate supply of human capital with critical skills in network security is emerging as a high risk for various organizations, making their networks and digital information ecosystem more vulnerable to emerging cyber threats. Deloitte research recommends the following action points to businesses as top priorities for cyber risk management in 2013

6 Information security and allied areas have drawn significant attention over the past several years for global businesses and other organizations. This in a way also demonstrates their raised awareness into how information security has become integral with integrity of customer, client and internal data. Putting forth this understanding, attention to network security awareness, proactive steps and processes are quickly becoming a central part of the organizational culture at the vast majority of businesses, because concerned decision makers such as CIOs & CISOs realize that cyber security is fundamental to how they conduct business and manage their business relationships. Yet a spate of recent findings reveals they still face significant challenges in acquiring the right talent and skills for information risk management. You can mass produce antivirus software but until we can clone cyber security professionals, the security skills shortage will have an increasing impact on the state of cyber security. So many enterprises are experiencing network security skills deficit as they are not able to find manpower equipped with desired skills. Also as their existing security staff lacks the necessary level of security skills, they have a hard time in adopting new emerging technologies, thereby limiting their opportunity to innovate and venture into profitable avenues of digital economy. Adding more truth to this, a new 2012 trends report from IBM identifies security as the number one barrier of adoption for mobile, cloud and social business technologies. Situation is no different in government sector too. A recent study by Deloitte and the National Association of State Chief Information Officers (US government) reveal lack of sufficient skilled staff as one among the top CISO concerns. (see below picture) Top five barriers faced in addressing cybersecurity by US government CISOs Given the increasingly dangerous threat landscape, highly effective network security skills are becoming mission-critical for both private businesses and government establishments. Collaborating to build a bridge to bridge skills gap The network security and cyber risk management workforce is fast becoming scarce with existing human capital also lagging behind in keeping abreast of changing threats landscape, thus failing to meet the demands of a global economy that heavily relies on information technology. The cure lies in the education system. It becomes an imperative for academia to shoulder this onus to identify the requirements of this career field as seen and experienced by government and private businesses. They can achieve this by creating a collaborative approach with an organization having proven technology expertise in network security.

7 The situation is dismal because we are not producing, from an education standpoint, the people with the right skills sets to just have the primary skills needed in order to make desired progress in network security and cyber defenses. Benefits of bringing technology leadership (vendor) enabled career programs to varsities / academia! Helps develop better understanding of industry and government needs for network / cybersecurity skills so that industry and academia can work together to meet the demand (thereby also meeting government mandate on industry-academia collaboration)! Helps facilitate much needed collaboration between network-security and cyber skills workforce customers (industry, businesses, government etc) and providers (academia, training institutions etc) so that supply quality better meets demand expectations! Helps keep abreast of emerging trends in network security and likely change in the nature of workforce demand so that training programs can be suitably enhanced to provide latest skills, new capabilities etc! Facilitates a collaborative framework for shared research and suitable actions in the future Cyberoam Network Security Academy A collaborative endeavor to address human capital crisis in network security The Cyberoam Network Security Academy initiative aims at partnering colleges, universities and other independent training organizations in developing human capital with mission-critical skills in network-security and cyber-threats management to meet both current and future challenges. The academy brings holistic focus on imparting industry and cyber economy mandated network-security cyber risk mitigation skills. In doing so, it uses research-validated industry data and key insights from real-life security challenges being faced by today's information networks to structure its syllabus and training methodology. The academy program is committed to A B C Collectively develop a more inclusive learning platform to address demand-supply gap for network-security skills by creating industryready network-security workforce. Inspire education establishments such as colleges, universities and other similar institutions around the world to include networksecurity training and certification programs as part of their prospectus. Enable systematic novice to professional learning curve; enrollment eligibility of the course is set to only basic knowledge of fundamental computing skills, so that competitive learning reaches to every aspirant. The program aims at cementing students' knowhow in fundamental concepts of Networking Essentials, Network Security Essentials, Unified Threat Management, Ethical Hacking, Penetration Testing and Network Forensics before taking them into other comprehensive learning areas.

8 Cyberoam is a multi-award winning global IT security vendor that brings in-depth experience in the domain of network security. Having partnered a wide range of businesses and customers in more than 125 countries, Cyberoam has helped resolve a multitude of pain points in network and cyber security challenges. With this, it has created admirable thought-leadership for excellence in product innovation and customer service, thereby earning a patronage of some of the world's leading brands such as LG, Honda, Emirates, Hitachi and Tata to name a few. Career Program in Network Security from Cyberoam Academy To help narrow the skills gaps, Cyberoam Academy has developed a rigorous career program. The academic offering brings industry-focused curriculum providing in-depth learning into various key concepts of network security, cyber threats, risk mitigation technologies and methods. The initiative leaves no stone unturned in imparting pertinent learning using distinguishing features such as 1) Marketable skills in network and cyber security 2) Highest number of practical labs 3) hands-on exposure using real-world network security appliances and 4) On-demand mentoring from online 'Live-instructor'. It also ensures that onlytrained and certified classroom instructors impart courseware training. By enabling novice-to-professional learning curve, it allows students to cement their understanding into key concepts in a step-by-step manner. Upon completing the program, students can explore the opportunity for a globally recognized certification and are provided with a FREE exam voucher. Finally, meritorious students exhibiting outstanding performance also have the opportunity to get placed with Cyberoam's worldwide network of business partners. Cyberoam Product Portfolio Toll Free Numbers USA : India : APAC/MEA : Europe : Copyright Cyberoam Technologies Private Ltd. All rights reserved. Cyberoam, Cyberoam logo are trademark of Cyberoam Technologies Pvt. Ltd. Cyberoam assumes no responsibility for accuracy or completeness of information. Neither is this a legally binding representation. Cyberoam has the right to change, modify, transfer or otherwise revise the publication without notice.