(ISC)Â², Schools Team Up on TrainingGAP Program to Develop Pros in India, Japan and Australia
The Hong Kong regional headquarters of the International Information System Security Certification Consortium, better known as (ISC)Â², is collaborating with universities across Asia through its Global Academic Program to deliver essential skills to help grow the information security workforce.
The objective is to bridge the gap between the large demand for qualified cybersecurity professionals and the number of truly skilled professionals prepared to step into these roles.
"The region faces an acute shortage of InfoSec skilled professionals," says Clayton Jones, managing director, Asia Pacific, (ISC)Â². "The existing gap is widening due to increased security risk with emerging threats. Most organizations cannot face a security incident due to the skills shortage."
(ISC)Â² chose to collaborate with academic institutions across India, Australia and Japan because the strain of understaffing is felt immensely in these countries.
The challenge, says Jones, is fueled by three factors:
- Business executives not fully understanding the need;
- Inability to locate appropriate information security professionals,
- Lack of funds for staffing.
Responding to the Challenge
(ISC)Â² is a global, not-for-profit organization focused on educating and certifying information security professionals throughout their careers. The organization provides vendor-neutral education products, career services and standard credentials to professionals in more than 160 countries.
The reason behind supporting this GAP initiative, according to Jones, is to offer deeper insights into the needs of the information security community in each respective region and drive professional development.
Jones believes it is important to build security practices that meet the organization's risk and management objectives, which directly contribute to the strategic business initiatives.
After collaborating with 14 universities in the U.S., (ISC)Â² has aligned with one academic institution each in Japan and Australia, plus three universities in India. The aim with each of these partnerships is to:
- Provide education and training incorporated into an overall approach for academic curriculum development;
- Create "just in time" joint academic and industry content;
- Emphasize the importance of education, certification and continual learning, increasing workplace value among enterprises.
"The emphasis is to help young information security professionals to translate their risk management expertise into organization-wide leadership, when they take up a job," Jones says.
Jones and team have collaborated on specific skill areas, going by the demand in that region. Some courses are imparted on security monitoring, incident response techniques, risk response and recovery methods, dealing with malicious codes, data privacy and proactive identification of cyber-attacks.
Some courses are delivered as a stand-alone subject, and some are embedded into the institutions' existing curriculum for B.Tech and M.Tech courses.
(ISC)Â² is backed by 100,000 security professionals, its members, supporting the academic groups in designing industry-relevant course material.
According to Jones, the consortium runs a "Train the Trainer" program with universities. The faculty is trained and certified on the courses they intend to prescribe for students. The education imparted is hands-on to prepare students for real-time challenges.
The faculty within the chosen universities see GAP as a career-building opportunity for students.
Ahmedabad-based Gujarat Technological University has partnered with(ISC)Â² to address some of its challenges, namely:
- Lack of subject matter experts in information security;
- Lack of industry participation in formulating courses;
- Very little assistance from the government to promote courses on information security.
Assistant Professor B G Gohil, at the department of Computer Engineering of GTU, says, "We have collaborated with (ISC)Â² as we find its content meets industry requirements and adds significant value to those who aspire for a career in infosec."
Gohil says the specific demand for skills he sees are in the areas of forensics, incident response management, security architecture, malware analysis, penetration testing, intrusion analysis and vulnerability analysis.
Since GTU is closely working with defence entities such as the Defence Research & Development Organization and others, Gohil sees good opportunities for students to make information security a career in these organizations.
In Australia, Melbourne-based Boxhill Institute has collaborated with (ISC)Â² to lay emphasis on network security, along with system and application security applicable to master's and bachelor's degree programs. This is a new course that will be launching in July, says Dr. Jan Newmarch, head of higher education (ICT) at Boxhill.
"It's heavily focused on hands-on practical work to complement theory," Newmarch says. "It's targeted toward the needs of the security industry, developed in consultation with it. Many subjects are aligned with industry certifications such as (ISC)Â² SSCP, CCNA Security and CCNP security certifications."
Newmarch is confident student graduates will find employment in key senior roles, such as ICT security manager, network security engineer or security and risk analyst - jobs that are in major demand in the country.
Boxhill offers a full-time, two-year course for local students at $16,000 per year and part-time at a pro-rata rate, under the government loan scheme at a much discounted rate.
In Japan, Tokyo-based Kokusai Denshi Business College is the first institution to have introduced GAP, and it wants to prepare skilled professionals for the Tokyo Olympics 2020, which has a huge demand for professionals to manage security aspects.
According to Shin-ichi Fuchigami, general manager of Kokusai Denshi Business College, the program, which also gets rolled out in July, incorporates "Introduction to Information Security" for second-year students of the four-year information specialist course.
Fuchigami sees a big demand for professionals in risk management, risk analysis and assessment. "Having a quality program as part of our curriculum was very important, and developing necessary skills sets is to challenge the evolving threats facing organizations," Fuchigami says.
Jones says it has been less than a year since (ISC)Â² rolled out the GAP program, and it has tested the waters by associating with various universities in the U.S. "Being part of the GAP initiative, they get to be part of our programs, activities and opportunities and make introductions to influential organizations, bodies, institutions within government and industry with which we engage," he says.
The goal, ultimately, is to produce information security pros who are prepared to step right into challenging roles with their new employers.
"We encourage the staff to take a practical approach to teaching information security so students can take up real-time challenges as soon as they get to work," Jones says.