#Interview: Bridging the Gap: Empower the Next Generation of Cybersecurity Professionals

Divya has an overall experience of 11+ years out of which 8 years of IT project management and Cyber Security operations and governance experience in BFSI (Banking) and 3 years in teaching. She is a qualified Independent Director from Indian Institute of Corporate Affairs. She holds many global certifications such as CISSP, PMP, ITILv4, ISO 27001 LA, ISO 27701 LI, CC etc. She has pursued the prestigious National Cyber Security Scholar Program jointly conducted by IIT Gandhinagar and ISAC. She has also done her Post Graduation Certification in Cyber Security from IIT Palakkad. Currently, Divya is responsible for managing 24×7 CSOC (Cyber Security Operation Center) of the Bank.

Divya is also responsible for vendor relationship management including preparation of RFPs, SOPs, negotiating contractual terms, contract execution, oversight of vendor fulfilment of contractual responsibilities, evaluation of policy and procedural adherence and monitoring SLA performance. She is also instrumental in imparting cyber security awareness to various stakeholders and mentor the freshers/college students in cyber security career path. Divya is passionate about women empowerment. Divya is the Bangalore Chapter Leader of World-Wide Women in Cybersecurity (W3-CS) which is an affiliate to Security Bsides Bangalore. She is an active volunteer for (ISC)2 Bangalore Chapter and Information Sharing and Analysis Center (ISAC). She is a member of various prestigious communities like CyberFrat Gold, FDPPI, DPO Club, PMI Bangalore Chapter, Cloud Security Alliance Bangalore Chapter, CXO Cywayz, Google Women Tech Ambassador… Divya is a speaker at various forums and has given many interviews which has been published in digital media and YouTube channels. She has also been a jury for hackathons and currently serving as Department Advisory Board Member of Cybersecurity at RNSIT. She also promotes cybersecurity awareness through webinars and workshops to various segments of the society. Awards: – Best Volunteer Cyber Security Excellence Awards 2023 (Bsides Bangalore) – Runner Up in Wonder Women CTF – Women Influencer in Cloud Security Award 2023 – Aspiring CXOs Award 2024 under the category “Cybersecurity Awareness and Education Champion” – Young Achiever of the Year in Cybersecurity Award 2024 – Security Accelerator Award 2024 for BFSI – Women Influencer in Cybersecurity 2024 Award – CF100 Top Influencer Titan in Cybersecurity – 2024.

The Interview :

Introduction

1. Personal Introduction: Could you please introduce yourself and share your background in cybersecurity and education?
   My name is Divya K and I am currently working for CISO Office of an Indian Public Sector Bank. I am the Bangalore Chapter Leader for World Wide Women in Cybersecurity (W3-CS) community. I had started my career as a trainer for 2-3 years and then joined the Banking sector as an Information Technology Specialist. My entry to cybersecurity was quite accidental due to regulatory guidelines but then I slowly started getting passionate about the cybersecurity domain and continued to explore it further more with the help of online resources and global certifications such as CISSP. I have further pursued my Post Graduation Certification in CyberSecurity from IIT Palakkad and National Cybersecurity Scholar Program from ISAC-IIT Gandhinagar. I have handled 24×7 SOC, Application Security and Governance domains in cybersecurity in last few years at a techno-managerial role. Voluntarily, I am also training some college students and currently the Cybersecurity Department Advisory Board member of RNS Institute of Technology, Bengaluru.

Addressing the Cybersecurity Skills Gap

2. Understanding the Gap: The cybersecurity industry is facing a significant skills gap, which is expected to worsen in the coming years. From your perspective, what are the primary factors contributing to this shortage of skilled professionals?
3. The cybersecurity landscape is constantly changing, with new threats and technologies emerging at a rapid pace. This makes it challenging for educational programs and professionals to keep up-to-date with the latest developments and skills required to combat evolving threats effectively.
4. Many potential candidates are still unaware of the diverse career opportunities within cybersecurity. The field can appear daunting due to its complexity, which might discourage individuals from pursuing it as a career. Raising awareness about the various roles, career paths, and the impact of cybersecurity on different sectors is crucial to attract new talent.
5. There is often a disconnect between the skills taught in academic programs and the practical skills needed in the industry. Many educational institutions may not offer comprehensive cybersecurity programs or hands-on experience with real-world tools and scenarios. As a result, graduates may find themselves lacking the specific skills needed for current job roles.
6. The growing frequency and sophistication of cyber-attacks have increased the demand for skilled professionals. This heightened demand creates intense competition for talent, making it difficult for organizations to attract and retain qualified individuals.
7. The cybersecurity field encompasses a wide range of roles and specializations, and there is no standardized career pathway. This can create confusion for individuals trying to enter the field and for those already in the field who may struggle to advance their careers without clear guidance.
8. Retaining skilled professionals is another significant challenge. High turnover rates can be driven by factors such as burnout, insufficient career advancement opportunities, and competitive offers from other organizations. Creating supportive work environments and offering opportunities for professional growth are essential for retaining talent.

3. Industry Needs: What specific skills and competencies are most in demand in the cybersecurity industry today? How can educational institutions tailor their curricula to meet these needs?

The specific skills and competencies are most in demand in the cybersecurity industry today are :

1. Proficiency in various cybersecurity tools and technologies is crucial. This includes knowledge of SIEM systems, SOAR, CTEM, ASPM, Cloud security, deception technology, endpoint security, intrusion detection systems (IDS), firewalls, and various vulnerability management tools.
2. Incident Response and Threat Hunting involves knowledge of incident response procedures, forensic analysis, and threat hunting techniques to proactively identify and mitigate threats. An understanding of the latest threat landscapes, including advanced persistent threats (APTs), ransomware, and zero-day vulnerabilities, is vital.
3. Governance – Competency in navigating and ensuring compliance with various regulatory frameworks (such as NIST, GDPR, HIPAA, PCI-DSS and ISO 27001) is important
4. Soft Skills: Effective communication, problem-solving, and critical thinking skills are essential. Cybersecurity professionals must be able to clearly articulate technical issues to non-technical stakeholders and work collaboratively in a team environment.

As a member of the Cybersecurity Department Advisory Board at RNS Institute of Technology, Bengaluru, here are a few recommendations on how educational institutions can tailor their curricula to meet these needs:

1. Integrate practical labs and simulations into the curriculum to provide students with real-world experience using current cybersecurity tools and technologies to bridge the gap between theoretical knowledge and practical application.
2. Ensure that course content is regularly updated to reflect the latest threats and technological advancements which includes topics such as cloud security, artificial intelligence in cybersecurity, OSINT, and advanced persistent threats.
3. Encourage students to pursue industry-recognized certifications such as ISC2 Certified in Cybersecurity (CC), ISAC India courses, EC-Council courses, Comptia courses as part of their education. These certifications are often prerequisites for many cybersecurity roles and provide a strong foundation in essential skills.
4. Include modules that focus on communication, teamwork, and problem-solving skills. Role-playing scenarios and group projects can help students develop these critical soft skills.
5. Collaborate with industry leaders, cybersecurity communities like ISC2 chapters, Bsides chapters and organizations to provide students with internships, workshops, and guest lectures. These partnerships can offer valuable insights into industry practices and help students build professional networks.
6. Ensure that students are well-versed in regulatory requirements and compliance standards. This knowledge is crucial for roles that involve managing sensitive data and ensuring adherence to legal and industry standards.

4. Role of Training Programs: How effective do you think specialized training programs for engineering students are in addressing this skills gap? Can you share any success stories or examples?

Detailed Success Story

Creating a Pathway to Careers in Cybersecurity

5. Awareness and Exposure: Many engineering students may not be fully aware of the career opportunities available in cybersecurity. How can we better educate students about these opportunities and the various career paths within the field?

I would like to mention the below mentioned Community collaboration to better educate students about various career paths in cybersecurity.

1. ISC2 (International Information System Security Certification Consortium): ISC2 offers a wealth of resources and networking opportunities for students. Hosting webinars, workshops, and certification preparation sessions through ISC2 can provide students with insights into industry standards and career paths. ISC2’s mentorship programs can also connect students with experienced professionals.
2. BSides (Security BSides): BSides events are grassroots, community-organized infosec conferences that provide a platform for students to engage with industry experts and learn about various cybersecurity roles. Participation in cybersecurity competitions, such as Capture The Flag (CTF) and Hackathon events, can stimulate interest and provide a platform for students to apply their skills.
3. W3-CS (World Wide Women in Cybersecurity): W3-CS focuses on empowering women in cybersecurity. By participating in W3-CS events, students can learn about diverse roles within cybersecurity and gain inspiration from successful women leaders in the field. W3-CS’s initiatives can help bridge the gender gap and promote inclusivity. It also contains panel discussions on career tracks.
4. ISAC (Information Sharing and Analysis Centers): ISACs facilitate the sharing of threat intelligence and best practices. Engaging with ISAC events and resources can provide students with a deeper understanding of industry challenges and career opportunities in threat intelligence and incident response. These events can help students learn about diverse roles within cybersecurity, including SOC analysts, threat hunters, ethical hackers, and more.
5. CXO Cywayz: CXO Cywayz is a platform that connects cybersecurity professionals and executives. By involving students in CXO Cywayz events, they can gain insights into strategic roles and leadership positions within cybersecurity, broadening their understanding of career advancement. Helps to develop partnerships with cybersecurity companies and organizations to create guest lectures, workshops, and mentorship programs.
6. Internships and Mini-Projects: How important are internships and mini-projects in helping students gain practical experience in cybersecurity? What role do these opportunities play in bridging the gap between academic knowledge and real-world application?

Internships and mini-projects are crucial for students to gain practical experience in cybersecurity, as they bridge the gap between academic knowledge and real-world application. These opportunities allow students to apply theoretical concepts in real-world scenarios, develop hands-on skills with industry tools and technologies, and gain exposure to the complexities of cybersecurity operations.

MNCs and Big 4 firms address the need for practical experience in cybersecurity by offering structured internship programs, sponsoring cybersecurity competitions, and collaborating with educational institutions on project-based learning. These initiatives provide students with hands-on experience, exposure to real-world challenges, and opportunities to work on cutting-edge projects. Additionally, companies often support certification programs and offer mentorship, helping students bridge the gap between academic knowledge and industry requirements while building valuable skills and connections for their future careers.

7. Skills Development: What are the key skills that students should focus on developing during their education and internships to successfully enter the cybersecurity field?

Students aiming to enter the cybersecurity field should focus on developing a blend of technical and soft skills. Key technical skills include proficiency in cloud security, familiarity with threat intelligence platforms, and expertise in security automation and orchestration. Understanding emerging technologies like AI and machine learning for cybersecurity applications is also crucial. Additionally, students should cultivate strong problem-solving abilities, enhance their knowledge of regulatory compliance, and develop effective communication and collaboration skills. Emphasizing hands-on experience with real-world scenarios and maintaining a continuous learning mindset will ensure they stay abreast of evolving threats and technologies.

Contributing to the Community

8. Community Building: How can training and internship opportunities for engineering students contribute to building a stronger cybersecurity community?

Training and internship opportunities for engineering students contribute to building a stronger cybersecurity community by equipping them with practical skills and real-world experience, which enhances their ability to address evolving threats. These experiences also foster a pipeline of skilled professionals who can contribute innovative solutions and collaborate effectively within the cybersecurity ecosystem.

9. Social Responsibility: In what ways can students use their skills and knowledge to give back to the community and help protect organizations and individuals from cyber threats?

Students can leverage their skills and knowledge by actively participating in cybersecurity communities like ISC2, BSides, W3-CS, ISAC, and CXO Cywayz, where they can contribute to knowledge sharing, mentorship, and collaborative projects. By engaging in these communities, students can help educate others, offer support through volunteering, and work on initiatives that enhance security awareness and defenses for organizations and individuals.

10. Long-Term Impact: How do you envision the long-term impact of empowering the next generation of cybersecurity professionals on the overall safety and security of our digital landscape?

Empowering the next generation of cybersecurity professionals is crucial in addressing the global shortage of skilled experts and ensuring a safer digital landscape. By introducing cybersecurity awareness curricula from the school level and equipping future professionals with the necessary skills, we can build a stronger, more resilient defense against emerging threats, fostering a secure digital future for organizations and individuals alike.

Future Directions

11. Evolving Threat Landscape: As the threat landscape continues to evolve, how do you think educational institutions and the cybersecurity industry can collaborate to ensure that the next generation of professionals is prepared to meet these challenges?

Educational institutions and the cybersecurity industry can collaborate by developing dynamic curricula that integrate the latest threat intelligence and industry best practices, supported by active involvement from communities like ISC2, BSides, W3-CS, ISAC, and CXO Cywayz. These communities bridge the gap by offering industry-led workshops, real-world case studies, internships, and mentorship programs. By engaging industry experts and leveraging the resources and networks of these communities, educational institutions can ensure that students are well-prepared to tackle evolving cyber threats and transition seamlessly into the workforce.

12. Innovation in Education: What innovative approaches or technologies do you think could be integrated into cybersecurity education to better prepare students for the demands of the industry?

Integrating innovative approaches such as cyber-phygital labs into cybersecurity education can significantly enhance students’ preparedness for industry demands. These labs combine physical and digital environments, allowing students to engage in hands-on, simulated cyberattack scenarios that mirror real-world challenges. By incorporating cutting-edge technologies like AI-driven threat detection, blockchain for secure data management, and advanced penetration testing tools, educational institutions can provide immersive learning experiences that equip students with practical skills and a deeper understanding of the evolving cyber landscape.

13. Mentorship and Support: How important is mentorship in the development of young cybersecurity professionals? What role should industry leaders play in supporting the growth of new talent?

Mentorship is vital in the development of young cybersecurity professionals, offering guidance, knowledge sharing, and real-world insights that accelerate their growth. Industry leaders play a crucial role by actively mentoring, providing networking opportunities, and creating pathways for new talent. Communities like ISC2, BSides, W3-CS, ISAC, and CXO Cywayz also contribute by fostering connections, offering platforms for mentorship, and promoting collaborative learning, ensuring that emerging professionals are well-supported as they enter the field.

Conclusion

14. Advice for Aspiring Professionals: What advice would you give to engineering students who are interested in pursuing a career in cybersecurity?

I would advise them to start building a strong foundation in both technical and soft skills. Focus on mastering the basics of networking, programming, and cybersecurity fundamentals, and take advantage of internships and hands-on projects to gain practical experience. Engage with cybersecurity communities like ISC2, BSides, W3-CS, ISAC, and CXO Cywayz to network with professionals, stay updated on industry trends, and learn from real-world challenges. Additionally, pursue relevant certifications, stay curious, and continuously update your knowledge to keep pace with the rapidly evolving cyber threat landscape.

15. Final Thoughts: Is there anything else you would like to share about the importance of bridging the gap and empowering the next generation of cybersecurity professionals?

Bridging the gap and empowering the next generation of cybersecurity professionals is not just about filling current vacancies—it’s about ensuring the resilience of our digital infrastructure for the future. The growing complexity of cyber threats demands fresh perspectives and innovative solutions, which can only be achieved by nurturing a diverse and well-prepared workforce. This means investing in education, mentorship, and community engagement from the ground up, starting as early as school level, and continuing through higher education and professional development. By fostering a culture of continuous learning and collaboration, we can build a cybersecurity community that is adaptable, inclusive, and equipped to safeguard our digital world.

Conclusion:

Thank you for taking the time to share your expertise with our readers. Your insights will greatly contribute to the understanding and advancement of “Bridging the Gap: Empower the Next Generation of Cybersecurity Professionals“. We look forward to finalizing your interview and publishing it on Cybercory.com.