July 2023 | 1501 words | 6-minute read
Sofiya Shaikh did not just break the glass ceiling; she took a sledgehammer to it. The 22-year-old resident of Markapur, a town in Andhra Pradesh’s Prakasam district, is the first woman engineer in her extended family, and in her neighbourhood as well.
“I'm in this position because of my parents,” says Ms Shaikh. “In our family girls are not encouraged to take up jobs or go for office work. But my parents gave me a lot of support; first, to do my engineering, and then to become a software professional.”
Ms Shaikh was fortunate in that her father backed her all the way. He himself could not afford an education because of his family’s financial situation, but he insisted that Sofiya and her two younger sisters study as much as they could. “When it came to my engineering course and, later, my employment, he convinced the elders in our family. He went to a lot of trouble.”
The effort was validated recently when Ms Shaikh landed a job with a leading IT company. The springboard for this was a four-month cybersecurity course she enrolled in. CyberShikshaa+, as the initiative is called, is a collaboration between Tata STRIVE, Microsoft India, Data Security Council of India (DSCI), Tata Communications and Tata Consultancy Services.
Launched in April 2022, CyberShikshaa+ builds on the CyberShikshaa programme designed by Microsoft India (through its philanthropies in 2018) and DSCI and it is being implemented as a nationwide skilling initiative by Tata STRIVE, which operates under the umbrella of the Tata Trusts. The programme’s objective is to provide advanced training in cybersecurity and augment a talent pool of data- and privacy-protection professionals, much needed in these times when online fraud, spying and attacks are becoming common.
CyberShikshaa concentrates on young women and men. While Microsoft aims to skill more than 45,000 learners and provide employment to about 10,000 of them in the next three years, Tata STRIVE — with CyberShikshaa+ and other initiatives designed in collaboration with Microsoft — can cover a significant portion of this target. With an expanded portfolio of offerings, it will train more than 10,000 youth in cybersecurity in the next two years.
“As the digital world expands, the risk of cyberattacks increases,” says Rajarshi Mukherjee, principal lead, partnerships, at Tata STRIVE. “Despite governments across the world putting in plenty of effort, we still see serious cybercrime taking place. That explains the growing need for people trained in cybersecurity.”
The demand for such people is huge. A recent report by IBM states that the Asia-Pacific region saw the highest number of cyberattacks in the world in 2022 (for a second successive year). In 31% of the attacks, hackers used backdoor malware — harder to detect and neutralise — to gain access to systems.
Ransomware, where hackers steal data and demand a ransom for it, comprised 13% of cases, added the report, which also pointed out that cybercriminals have become better and faster at infiltrating systems, with the time taken to carry out a ransomware attack decreasing from an average of two months to four days.
There aren’t enough trained and qualified professionals to counter the cybercrime wave. In 2018, shortly before enacting its Global Data Protection Regulation — the legislation many countries have modelled their privacy guidelines on — the European Union had said at least 75,000 data-protection professionals were needed worldwide. That number is much higher now.
“Everyone today, whether individuals, institutions, companies or countries, faces cybersecurity threats,” says Gunjan Patel, director and head of philanthropy and community engagement at Microsoft India. “If one looks at the business requirement for cybersecurity experts, it is enormous. But there is a dearth of such experts. Worse, women's participation in the cybersecurity domain is absymally low.”
Mr Patel adds that opportunities in the field are increasing to an extent where IT professionals are switching careers to become cybersecurity staff. “We are able to not just create a skilling ecosystem for trained professionals in cybersecurity, but also ensure access and opportunities for learning for a more diverse workforce, which is why we felt the need to introduce a cybersecurity programme. By design, our initiative provides equitable opportunities for young women.”
A bigger pool is the goal
Tata STRIVE has built on the existing CyberShikshaa programme and taken it further in two ways. Says Mr Mukherjee: “Our goal is to increase the pool of cybersecurity-trained personnel in India, and also to democratise job opportunities for youth who come from disadvantaged backgrounds and may not be able to access higher levels of education.”
One of the criteria for selecting learners is that their family income must be less than Rs 700,000 per annum. Shruti Srivastava’s family, residents of Bareilly in Uttar Pradesh, made the cut. “I come from a humble background,” says the 21-year-old. “Were it not for the CyberShikshaa programme, I wouldn’t have got the chance to work where I do now [at a Delhi-based software security company].”
Ms Srivastava earns Rs 1.1 million a year, a lot more than what her father, the principal of a government college, does. It helped that she had somebody to lend her a hand. “If our trainers from CyberShikshaa hadn’t found us placements or referred us to companies, it would not have been easy to find a job.”
“Our goal is to increase the pool of cybersecurity-trained personnel in India, and also to democratise job opportunities for youth who come from disadvantaged backgrounds and may not be able to access higher levels of education.”—Rajarshi Mukherjee, principal lead, partnerships, Tata STRIVE
Having Microsoft on their side has been an advantage for the learners. “When we started speaking to Microsoft and DSCI about running a cybersecurity programme with content curated by them, it automatically provided weightage to the fact that our learners would receive a Microsoft-endorsed certification,” says Mr Mukherjee.
The Tata STRIVE programme has proved to be a boon for many, particularly women. “While cybersecurity has been significantly gaining prominence across the globe, the percentage of women in this space has remained dismally low, even though many IT companies have moved to having an inclusive workforce,” says Mr Mukherjee. “In cybersecurity, the number of women today is only 10-15%.”
One of these women is Vaibhavi Patange, who enrolled for the course to future-proof her career. “Whether it be artificial intelligence, machine learning or blockchain, the success of your venture will always depend on how secure your operations are,” she says. “I opted for something in an area that does not have too many people in it yet.”
Ms Patange, a 23-year-old who hails from Mumbai, works with a company that provides cybersecurity solutions to corporate entities. Her job entails preventing data loss and looking for breaches. “We are also getting trained in cloud security, so we can work on other projects if we get the chance,” she adds.
Setting the course
CyberShikshaa has seven modules: system fundamentals, introduction to cybersecurity, cryptography, network security and counter measures, web server and applications security, cyber forensics, and security audit.
The programme trains learners to potentially build a career as:
- Security engineers: Use knowledge of threats and vulnerabilities to build and implement defence systems. This is a stepping stone to becoming a security architect, responsible for the organisation’s entire security infrastructure.
- Incident responders: Monitor the company’s network, work to fix vulnerabilities and minimise losses when a breach occurs.
- Digital forensic investigators: Work with law enforcement departments to investigate cybercrimes and retrieve data from digital devices.
- Penetration testers: Identify system weaknesses to help companies build more secure systems. Even ethical hackers need a background in cybersecurity, as they try out ‘attack vectors’ to uncover security weaknesses.
Ms Srivastava says the course has provided her with much-needed practical experience. “As a teenager, I gained knowledge about hacking from YouTube, but I lacked the guidance to do anything more. When I joined CyberShikshaa I asked our trainer if it was going to be more than just classroom learning. He laughed; 15 days later I discovered why.”
The software company Ms Srivastava is with provides supply-chain solutions. Her responsibilities include finding bugs in the system (by doing penetration testing, which means hacking into the company’s database to check if it is secure). CyberShikshaa has given Ms Srivastava the confidence to think big and to think ahead. In five years, she says, she hopes to become an information security officer heading a crack team.
Race for pace
Varshita Bedi, Ms Srivastava’s mate from the CyberShikshaa programme and now also her colleague, loves the blistering pace of her new job. “With cybersecurity, you get to learn new things every day,” says the 23-year-old from Najibabad, about 240 km from Delhi. “Attacks are taking place hard and fast today, so you have to keep updating your skills.”
Ms Bedi nurtures a desire to give back. “Cybersecurity is still a male-dominated field,” she says. “In my team of 12 members, there are only two women. We’re both doing well, so why not bring others into this?” Ms Bedi says that sometime in the next 10 years, when she has acquired enough expertise and experience, she will set up a community of women cybersecurity professionals.
“I will teach them everything I’ve learned,” she says. “More importantly, I will create awareness about cybersecurity and help them understand that they, too, can have a flourishing career in this field.”
Source: Tata Trusts' Horizons, April 2023 issue