Cyber security is a growing challenge for all kinds of organizations in India. And this is believed to mushroom further as the country does not have a good pool of cyber security professionals in India. ISACA is one of the organizations which is focused on training cyber security professionals globally and so in India. Dataquest spoke to Matt Loeb, Global CEO, ISACA in his recent visit to India.
What brings you to India and what is really the focus of ISACA?
ISACA is a global IT organisation, having around 140,000 professionals in 190 countries. We have focused on skills’ development, workforce development and many other things. Through some of our recent acquisition, we have strengthened our presence globally. We recently acquired the CMMI Institute. At ISACA, we don’t look at things just from the workforce development side. But we believe that people are instrumental, who help enterprises to accomplish their business objectives.
In India we see opportunities to deliver more value. We are a 47 year old organisation. And we feel that we don’t have as much visibility as we should have. We do have 10 local chapters in India which we have created with the help of volunteers.
Now we believe that we have reached a stage where we can play a key role in creating and training professionals for handling cyber security issues more effectively.
Our objectives are also in line with what Government of India is striving towards – Skill India. Hence our focus is to created skilled cyber security professionals in the country.
How does ISACA train professionals for cyber security challenges?
One of the most important things that ISACA has committed is the introduction of the methodologies of training. Our methodologies are not limited to reading a book, and taking a multiple choice test, but enabling the professionals with hands-on training and innovation. Our goal is to train people through real challenges.
In short, our focus remains at giving the training that will complement their career and be useful for any threat scenario. Our methodologies allow cyber experts to actually perform and demonstrate their capability. We give them scores based on their performance in the real scenario. Upgrading skills of security professionals on a regular basis is significant.
The approach we adopt is far more significant because the complexities in the IT are increasing day-by-day. There is going to be more demand for cyber security professionals as the adoption of IoT and artificial intelligence increases. There would be demand for real professionals who have got training in actuality.
What is the current state of cyber security professionals in organizations?
Most professionals who are supposed to handle cyber security issues in organizations can not handle cyber threats beyond a point. We discovered this in our annual research of organizations. Six out of ten respondents said that their workforce in cybersecurity were only able to handle simple tasks. It suggests that we need to step up the calibre of the professionals and their abilities to deal with these scenarios.
Another thing which is of great concern is that organizations do invest in regularly upgrading the skills of their cyber security experts. Practice makes a man perfect. If the skills are regularly upgraded, professionals would be able to handle challenges of any kind.
What does CMMI acquisition by ISACA mean? How do you plan to increase your presence in India?
We have a growing professional community of more than 7000 professionals in India. ISACA has identified India as a high priority geographic area. There’s no question that India is an incredible opportunity for ISACA as we can lend value to the professional community here.
Are you looking at the partnerships locally in order to increase your presence?
Ya, absolutely, we have signed an MoU with NASSCOM recently in order to develop cyber security professionals. I mentioned NASSCOM because that is tangible, but I would go farther than this and say that ISACA and CMMI institutes have a very rich partner network which we will leverage to enhance cooperation. We want to be partner in India’s quest for skilled professionals
What challenges do you see in India, in order to create a pool of skilled cyber security experts?
If we put this in a context of cyber security space, the number one challenge we see is of the weak foundations. The foundations are not in place to regularly train professionals. Our processes are really well defined in organisations and are comparative. Secondly we need to change the mindset in organizations which believe that cyber security is a technical issue. They need to understand that it is a strategic business issue. If organizations begin to change their mindset, they would keep their cyber experts always updated to manage security challenges effectively.