http://businesstoday.intoday.in/story/secure-coding-jay-bavisi-ec-council-nasscom-hcl/1/203605.html
By Manu Kaushik
Business Today
February 22, 2014
The National Cyber Security Policy released by Indian government last year
aims to create a workforce of 500,000 cybersecurity professionals in the
next five years and build a training infrastructure through the
public-private-partnership (PPP) model. Malaysia-based Jay Bavisi,
President, EC-Council, a company that is involved in training and
certification of cybersecurity professionals, says that the situation is
worrisome for India as far as cybersecurity is concerned. The US-based
EC-Council came into the limelight last year when reports emerged that
Edward Snowden, the man who turned whistleblower against the National
Security Agency and revealed its global spying programme, was trained at
one of its training institute in New Delhi in 2010. Edited excerpts:
Q. How prepared is India against growing cybersecurity threats?
A. The problem that we are facing with hacking actually stems from the
inability of coders to actually code securely. In India, we ran a competition
where we partnered with more than 100 colleges, NASSCOM, HCL and several other
large corporations. The results showed that almost 99 per cent of the future IT
workforce in India does not understand the basic concepts of secure coding.
We think that a better model is that every single developer, before he/she
touches a code, has to be security-conscious. In India, the financial sector is
extremely vulnerable because of the sheer risk associated with the sector. Then
come defence, IT and telecom. But I think the risk is sector-agnostic. There's
a major risk for India simply because it's a leading exporter of software in
the world.
Q. You are working with various government departments in India. What has your
experience been?
A. We are working with at least 15 government departments. We have trained law
enforcement agencies, defence communities and peripheral agencies. Our
engagement with government agencies is something we would not like to discuss
due to confidentiality issues.
[...]
--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
