New Strategy Needed to Address Skills GapISACA's Kadam Details New Program to Develop Security Pros
Over the past decade, the focus in India has been on IT service delivery, with insufficient attention paid to development of information security skills. As a result, there is now a pressing need to ensure that India focuses on creating a new generation of security professionals, says Avinash Kadam, adviser, India Task Force, at ISACA. A detailed strategy is required for imparting security skills from an entry level to an advanced research level, he says. But this will take time.
"With the ever increasing cybersecurity threats, the need for security has hit very hard," Kadam says. "India is now expected to keep its lead as an IT superpower, at the same time delivering, designing and operating these services and software in a secure manner - for both domestic and international IT activities."
With the government planning ambitious multistakeholder IT initiatives on a scale never before attempted in India, the security aspect of such models - including Digital India, Make in India and the Smart City initiative - is a major concern. The lack of an available pool of skilled professionals to address these security needs may hamper these plans, Kadam says (see: Digital India Raises Security Challenges).
Many government and industry initiatives are focusing on skills development today, but Kadam says the scope of these is limited if India truly wants to address all its security needs. The focus needs to not only be on the elementary level - securing networks, infrastructure, software, etc. - but also needs to look at more advanced tasks, such as research into communication systems/embedded chip security.
"On the one hand, we are talking about the Internet of Things where we imagine that every device is going to be connected," he says. "On the other hand, we have no idea how securely these embedded chips and devices are going to be designed."
In this exclusive interview with Information Security Media Group (audio link below photo), Kadam addresses ISACA's latest certification program - the Cybersecurity Nexus, or CSX program, and what practitioners can expect. He discusses:
- India's security skills gap (see: Staffing Crisis: What Can India Do?);
- Details on ISACA's foray into cybersecurity certification (see: Why an InfoSec Pro is Like a Doctor);
- The relevance and inner workings of the CSX program and key takeaways.
Kadam is a past international vice president of ISACA and an adviser to ISACA's India Task Force. He is a leading authority on information technology in India, and has more than 40 years of information technology and information security experience. He is a recipient of ISACA's Harold Weiss Award for 2005, which recognizes dedication to the IS audit, control and security profession. Previously, Kadam was the director and COO at MIEL e-Security Pvt. Ltd. He is also a trainer for information security and audit who has trained more than 5,000 professionals, conducted training for more than 400 corporations and given many public seminars worldwide. Kadam is a lead Instructor with (ISC)Â² and for ISO 27001 and conducts ISO 27001 lead auditor courses. He is the designer of the ISO 27001 lead auditor course, which has been approved by the International Register for Certified Auditors.