The National Cyber Security Policy released by Indian government last year aims to create a workforce of 500,000 cybersecurity professionals in the next five years and build a training infrastructure through the public-private-partnership (PPP) model. Malaysia-based Jay Bavisi, President, EC-Council, a company that is involved in training and certification of cybersecurity professionals, says that the situation is worrisome for India as far as cybersecurity is concerned. The US-based EC-Council came into the limelight last year when reports emerged that Edward Snowden, the man who turned whistleblower against the National Security Agency and revealed its global spying programme, was trained at one of its training institute in New Delhi in 2010. Edited excerpts:
Q. How prepared is India against growing cybersecurity threats?
A. The problem that we are facing with hacking actually stems from the inability of coders to actually code securely. In India, we ran a competition where we partnered with more than 100 colleges, NASSCOM, HCL and several other large corporations. The results showed that almost 99 per cent of the future IT workforce in India does not understand the basic concepts of secure coding.
We think that a better model is that every single developer, before he/she touches a code, has to be security-conscious. In India, the financial sector is extremely vulnerable because of the sheer risk associated with the sector. Then come defence, IT and telecom. But I think the risk is sector-agnostic. There's a major risk for India simply because it's a leading exporter of software in the world.
Q. You are working with various government departments in India. What has your experience been?
A. We are working with at least 15 government departments. We have trained law enforcement agencies, defence communities and peripheral agencies. Our engagement with government agencies is something we would not like to discuss due to confidentiality issues.
Q. What kind of presence do you have in India?
A. Our training and certifications has been marketed in India for more than seven years now. Last year, we decided to set up an office in Hyderabad. India is a major growing market for us outside of the US. We thought we need to have direct control of the market so that we can shape it. We are talking to colleges and corporates so to bring what we did in the US into India. We are training people through our network of training partners. There are 100 training centres through which we certify people in ethical hacking, computer forensics, penetration testing and security analysis.