CSCD Event July27

Home / CSCD / CSCD Event July27
live-webinar

Held on July 27, 2020 @ 6:00 PM

Ask me Anything:
Cyber Security Program
By IIT Kanpur and TalentSprint

Aritro Bhattacharyya
Sr. Director
TalentSprint

The threat landscape today has expanded extensively, with companies and individuals more digitally connected than ever before. However, given the recent crisis, nurturing a culture that recognizes cybersecurity as a top priority is critical. In this webinar, you will explore and exploit the latest trends in Cyber Security Technologies and also understand how the Advanced Certification Program in Cyber Security and Cyber Defense can help you master in-demand skills and build world-class expertise in cyber security.

Watch Webinar Recording

About Advanced Certification Program in Cyber Security and Cyber Defense

Advanced Certification Program in Cyber Security and Cyber Defense by IIT Kanpur is ideal for current and aspiring professionals interested in exploring and exploiting the latest trends in Cyber Security. A program with deep academic rigor and intense practical approach will allow participants to master in-demand skills and build world-class expertise in cyber security technologies.

Event Transcript

1.5 Million Cyber Security Professionals needed by 2020. How to build expertise?

Hi, good evening, everyone, professor. I can see your video. Hi srini Hello, hello. Hi, thank you so much for joining us today. It's wonderful to have you here. We are starting off.at 6pm. We expect a lot of people to be huge registrations for the webinar. We will be going along they'll join I have a couple of slides that we would want to show. And then, you know, we'll head over to Professor Strickler and Sweeney in terms of an interaction with them. So that's that's the agenda for the webinar today. We have very interesting topics and I'm it's my honor to actually have Professor Shukla join us today. My name is Aditya Bhattacharya, I'm the Senior Director for sales and marketing at talentsprint. All my life I have been helping professionals as well as individuals upskill themselves to be Before I joined talentsprint, I was with the Indian School of Business where I headed the admissions for their flagship two year MBA program. And before that, I was with Pearson where I looked after professional upskilling programs for corporates. So that's me and you know, so I it's lovely to have all of both of you here we are going to do a small introduction about Professor Shukla for the people who don't know him. So Professor Shukla, he's an IEEE fellow, an ACM distinguished scientist and a subject matter expert in cyber security and of blockchain technology and blockchain technology as well. He currently heads under cyber security. He can be heads the computer science and engineering department at IIT Kanpur. And he's a resident of various prestigious honors and he serves as a joint coordinator for dcps Center and the National blockchain project at IIT Kanpur, Professor, thank you for joining us today. It's a pleasure having you here. I'm also joined by srini. sheeny is a freshly minted alum of the cyber security program at IIT Kanpur. You've been taught by Professor Shukla sheeny, requested to do a small introduction about yourself. And then we'll get started with the rest of the presentation that I have. Sure

yes to just one correction, I might hit head of the computer science and engineering department. Tenure has ended so I am just a professor now.

My bad professor but

last time I saw your your introduction was still there by bad.

Yeah, yeah. So just a new thing.

So CD over to you

right? I'm Shalini windigo, can you hear me first began, right? Okay. So I'm shiny I just finished the the first batch at at IIT Kanpur for this program, but I have been in the IT industry for quite a long time around 25 years. So, while I started with as a technical guy with an MTech in computer science, but over the years, I have been quite involved in different parts of it from programming and then developing and that sort of thing to actually managing projects and finally, into business development strategy, a lot of outsourcing strategy and that kind of thing. So, quite, quite heavily involved in in companies in a strategy and how they work, how they function, how they make money, and, and so on. From an industry perspective, I have worked in different industries banking in in with government and finally I was with automotive For the last seven, eight years with Volvo and misson as an automotive company, so that's a bit about myself. But thank you and thank you for inviting me. I'm happy to be here.

Absolutely. Thank you so much uni it's lovely having you here. So we get both Professor Shapira and streaming on VB have I have some questions which I think a majority of people would have in terms of what they would want to do before that just to set up context of what you're going to do. You know, we I just have a very small presentation you can use it's gonna be over before it starts. Because, you know, it's not every day that we get Professor Shapira in for one of our webinars. So I thought I, you know, we'll make most of the time that we have with him today, though, and we want to have a question and answer session as a part of the webinar. So I would request all of you to hold on to your questions till then we will give you all an opportunity to ask Your questions, you can even send your questions in the chat window. So without further ado, it's just I'll talk a little bit about talentsprint because, you know, that's that's where this is where everything happens. So we are an academic year we are a tech startup, but we work primarily with a lot of top academic institutions IIT Kanpur code, I am Calcutta Indian Institute of Science to play the hydrobath in delivering top and deep tech programs. So, we die in Calcutta. We are a developing and delivering a program on FinTech and financial blockchain, a program on iPod marketing with triple it Hyderabad we deliver a program on blockchain as well as a program on AI ml. Similarly, with IAC, we've just launched a program on digital health and imaging. Similarly, with IIT Kanpur, obviously, we have already delivered the first cohort of the cybersecurity program and it works incredibly well. So that's who we are. We also have also a lot of companies look to us for providing solutions to augment the supply of talent for them in in the market. We work with leading organizations like Google pega, blue prism automation anywhere to deliver industry leading programs, which actually helped them recruit people in their companies and these are usually delivered in colleges so that fresh graduates who graduate out of colleges immediately are up skilled and they are able to find the job, which is which which, which helps the students as well as well as the companies that partner with us. So diving immediately into cybersecurity will be evolving hearing about cybersecurity and how it's there. And I'm sure many people we would all be interested we have more than 100 people who are already Joining us now would be interested in that form and I in cybersecurity as a domain. But what I thought was that I'm going to start to talk a little bit about the gap that's there, because this is one sector where there is a huge skill gap. It's perhaps the largest skill gap that is there, there are studies that are going with that. So you know, so this is this is the first quote is from the World Economic Forum, where, you know, they said that, and this was a research that they had done, I believe, sometime last year. This was in conjunction with water, aware they had done this research, and it had come out that cybersecurity as a domain globally, had the largest skill gap of any professional domains in the world. And what are we talking about? We're talking about 3.5 million unfulfilled jobs by 2021. That's an article This is a quote which is an article that had come out in New York Times sometime last year. So that's, you know, that's that's the opportunity that's there for professionals like you for students to make a career of themselves, you may say a retro good 3.5 million globally. Let's talk closer home India. So, in India we've had amongst had the largest growth in terms of opportunities for cybersecurity professionals from the year 2017.

Some some studies show this is, again, a study by cyber security ventures which shows that we will need 1 million professionals in cybersecurity by the end of this year or by early next year, and with the advent of Coronavirus, COVID of all the issues that are coming around that to people working from home organizations needing to you know, radically change the way in which they look at security or new ways of albear coming in, you know, I'm going to be talking to the show clown that will get his take on this as well. It's it's a market that needs people but does not have people and and it becomes very crucial at this stage where we are in the midst of a lockdown, tiny lockdown, lockdown, job losses are happening here is one sector, where if companies are desperately looking for people, but they don't have qualified professionals available. So so this is a huge opportunity. And if and if you should understand this thing, everybody these days is needs to be cyber, knowledgeable, security knowledgeable. We are all working we we all have so much data to protect. And it becomes even more important when we look at it from a company perspective. So it's not something where you know, if you were to upskill yourself, you would be there would be enough Two days for you which are available. So in a situation where, you know, most sectors are looking at job losses in slate, here is one opportunity, which is a huge opportunity which we are still not preparing for. And that's something that led us to launch any we had launched it before. There were enough I mean, lots of studies which were there which which spoke about, you know, the need for cybersecurity professionals. And it's just increased. So we launched this six month program. We started off the first cohort in February this year. The first cohort just graduated out date yesterday actually was the last day she and the entire cohort day we're making the final presentations. guest today we're going to talk to Professor about that as well. So we launched this program with the objective of helping professionals who want to get into cybersecurity upskill themselves with the necessary skills so that they can make the most of the opportunity from at a personal level. And also it helps you overall market have better, more knowledgeable personnel who could kind of reduce the skill gap. So this is something so this is one of the one of the biggest reasons why we have this program. It's a six month long program. We are actually in the midst of recruiting for the second cohort, which is going to start at the end of August. And I have some contacts for you in terms of you know, who you could reach out to, but that was one of the core reasons why we launched the program. This is something that, you know, we thought that we will talk about this over here for the people who are aware of what happens in in the cyber security domain of who are knowledgeable about it. They may know about these things, but assuming you know you don't know this is the national initiative for cybersecurity education. And ice, as it's called, is an initiative of the United States government. So they came up with this nice framework that we call, it's a framework for upskilling people in cybersecurity in the domain of cybersecurity. Now, if you look at it, and most people ask you to what are the opportunities that are there for us. So this is a very nice table that explains what you can do. So if you were to look at it, you know, from provisioning, security, operating and maintaining from data administration under that, so you can look at that and every column has various job, offer job positions that are there, which you could be a part of, if you were to build up skills in cybersecurity, if you look at it, it's a whole set of gamut of jobs that open up to you if you have the requisite skills. So companies organizations, they use this as a framework to optimize People, and you can go here the URL is given at the bottom, you could go over here and you will be able to figure out where is it that your competencies lie? And where and how is it that you could go there. So this is just the start of it. So I just thought, you know, a lot of people have questions about, you know, the Ask the team about, you know, what are the competencies that are there that I need, what would be the job opportunities, this is just a very, you know, very high level, a 10,000 feet kind of view of what you could do if you have these competencies. Now, so, I am, I don't, I'm not gonna be sharing taking up too much more time. It's already 615. What I'm going to do is, I'm going to move over and you know, and we will have a small conversation with Professor Shukla in terms of I just spoke about the fact that, you know, the bV completed the first cohort Yesterday. So Professor just starting off from that, how was your experience? You know, teaching this first cohort that we had that we finished yesterday?

Well, you know, for for, for a teacher

The most rewarding experiences when the students do well. So, so it has been quite difficult with covid 19 lockdown work, you know, teaching from home every Saturday, Sunday at two hours each and then setting up with setting up projects. So it has been quite difficult. But last three days from Friday to Sunday, we had the presentations by the teams about the capstone project presentations and demos and has been extremely rewarding. So I would say that, you know, for getting all the lockdown and weed related pains that we had to all undergo during this time. This course actually started in February, I think 10 or 11? Yes, when when the students came on to their campus for three days, and we started by, you know, helping them set up their laptops for the proper software configuration for the projects and activities that we plan to undertake to 22 weeks of every week, every Saturday, Sunday, interaction, also offline interaction over various channels and one to one interactions every Thursday for an hour, in the evenings. All that stuff, you know, takes tack amen pizza, you know, A lot of effort on our part. But in the end, when we looked at all these presentations and all the demos, and the knowledge gained at these students of this program has showed showed us was tremendous. So just to give you an example, there has been very professional quality presentations as well as professional quality reports that were generated. Some of these reports have been 100 pages long or more, and they have been excellent work. And we encouraged many of the teams to actually go and start a startup on what they have done and you know, hone their skills in not only creating more cybersecurity products and services in the Indian market, but also to actually create more employment in this sector. And also the amount of threat intelligence that we have collected in terms of who attacks our infrastructure, who attacks our systems. That has been phenomenal and in fact really has volunteered to actually collect all the threat intelligence that the different teams have collected and create a study that will be very useful for the Indian government. Because it will tell you, which countries are attacking us the most and what are the what are their modus operandi what kind of protocols and systems they actually target more, and various types of malware they try to push into our system. So all this intelligence that has been gathered by the students of this program has been beyond expectation. We also plan to create a book out of this projects Which has to hit you have chapters based on the student work that have been that have been presented, they have done you know, so the capstone project probably most people did it from the beginning but most, you know, extensive and intensive work probably was done in the last two months by them, but a lot of work they have done can be easily and all with open source tools. So now tool was actually purchased. And and they have done this projects and and i think that it will help others with to get lessons on how to use open source tools to create the cybersecurity services and products. So we are planning to do a book out of this overall, I think that this has been a very, very rewarding experience for us.

Absolutely. I mean, I I did, I did come I'm privy to all of BBB you know, the The messages that you've been sending us. So yeah, I do. I completely know. I mean, it's been a wonderful cohort, the first cohort, I believe, would have would have exceeded most of your expectations. Would that be a correct assessment? Indeed. Absolutely. So just wanted to kind of go back a little bit you were talking about, you know, IIT Kanpur, we all know IIT Kanpur has CTI for the people who don't know about it. Can you just talk a little bit about how IIT Kanpur is helping the entire cybersecurity ecosystem in India through its various initiatives?

Sure, so, I had to confer. So, in 2015, we started our journey, when I joined IIT Kanpur. I had experience with power system cybersecurity cybersecurity that have problems that affect the power grid and other critical infrastructures including industrial control and scalar so when I came to India I realized that there has not been any Academic Center of Excellence for this and we started I started to actually create a proposal for the government and it took us two years to convince them but in 2017 we were funded for about 15 crores to create this center and what you see in behind me all the it's a virtual image This is what our labs mean pocket looks like this is where we actually see on this walls with you know real time intelligence right way who is attacking our websites and with attacking our honey pots and and various kinds of industrial control systems that we have in our lab as test beds to actually create a you know, cybersecurity research and and services. Knowledge So, in this So, so, what we have done like we have actually developed numb capabilities in penetration testing and vulnerability assessment in industrial control systems. And so far we have actually disclosed and responsibly disclosed as very serious vulnerabilities that were not known to vendors which are of international repute ation you know, German vendors, French vendors, you know, US vendors, companies like Schneider, Rockwell waggle companies like Indian companies, we like synergy and many of them have been now you know, verified so 15 of our vulnerability disclosures have been verified by proof of concept that we have sent them and they have now entered into the national Vulnerability Database in the US Some of these vulnerabilities are of the of the significance score of 9.8, which is very severe. We also have developed a number of tools for, for example, web application firewall, malware analysis, honeypot technology and also industrial control, intrusion detection and various other things, which

are published in international conferences as well as we actually work with the government agencies to, you know, transfer some of this, but our main goal is to actually create the research, you know, knowledge, the knowledge base, disseminate the knowledge in terms of creating educational programs, and also in terms of, you know, creating startups in India in the cybersecurity domain because one of the major problem in India is that we have a cyber supply chain security The problem, most of our cybersecurity tools and technologies are coming from other countries, which I feel is that is very, very risky. We are securing the country's infrastructure, especially things like power system and things like water treatment plants, things like oil and gas sector, transportation sector, these are sectors during a war. These would be, you know, target of cyber offensive by foreign forces. Therefore, we need to be very careful, and that's what we are focusing on that, you know, we have to have enough knowledge workforce and indigenous products that would be actually very useful, you know, for national security, and that's what we have been doing for for last three years now. And then recently, the government, the GST has sumption de almost 200 crore project to us Which is going to create strong security center to secure hub, which would be a hub for cybersecurity for cyber physical systems in India, and will be actually having various mandates one of the mandate is to create at least 30 startups in next five years from the technology developed here, and also technology that others have developed and have been vetted by us. We also have a mandate to obviously advance the research in this field, especially in three fields of cybersecurity. One is cyber physical system, which is basically industrial manufacturing to power system to water treatment to oil and gas to transportation, various things, but also it will be working on to other verticals. One is the UAE the unmanned aerial vehicles, security, which is becoming more important as more you will be supplying in the sky and they After you pose various problems, if they are cyber controlled by other entities and also automotive security, that is also becoming very important because automotives are nowadays having huge amount of electronics and software in it. So, therefore, cybersecurity of those have become very, very crucial and we are also working with it for IC and Indian and keep like the alaba as a cohort in this effort, so, IoT security as well. So, so, overall I think that in India, if you ask where cybersecurity academic and research activities are going on and translatable research research that can go into products and services, then it is the destination where we are and I'm not saying this because I am here, because it is

absolutely i mean DMR work that's going on. Most people don't know of the kind of work that I can pull is doing. But and so for everybody who's been joining us today, so this you will probably not be finding an institution that offers a cybersecurity program that is so deeply involved in such critical areas in terms of research in terms of helping the ecosystem. And that's one of the biggest you kind of probably answered one of my questions, but then I'll still throw that at you will probably be the last question that I wrote during this interaction. But if for the audience over here, if people were to really understand this matters a lot when you're choosing a program, the kind of expertise that is there the kind of opportunities that people that that your program will be able to provide you. The professor just spoke about Roshini is going to populate all of the threats that are there will be going to come out with a book The last things that are very unique for this program so to speak. So, that's one day. That's the that's a, you know, that's one of the biggest takeaways for me, at least, as somebody who would be looking for a program would, you know, this would be a very important thing for me. We spoke about you know, Coronavirus COVID times and and the impact that it's having on all sectors. cybersecurity, it's been in the news, you know, there are reports that Indian cities a couple of weeks back, you know, are amongst the highest ones which are under attack. You know, there's this thread of apps apps being banged out privacy data and all of that, Professor as an expert in this field, one of the foremost experts in the country. What is your take on the ad opportunities that are coming up for budding professionals and and the kind of, you know, evolution of threats that have happened over the past six, seven one's ever since this pandemic hit the world.

Yes, so one of the thing that is happening in past six, seven months and I think even after the vaccine comes in cobit kind of we live with in the past, I think certain things will not change back. One of them is that key balance of working from home, as you might have seen in the news that many companies are now saying that will not maintain real estate for companies people can work from home. Absolutely. I myself don't like to work from home, but I think for a lot of people, this is the choice This is a choice that they will make, because it makes gives them flexibility and, and and also work life balance as well as a work. So I think that as you work from home, we the attack surface for attackers increases because now he will be if you see earlier we were working in a very senior, you know, you can Do perimeter security of your enterprise and once people are in there inside the perimeter and that's it, you know, so, as long as the perimeter is secured and and various other measures are taken inside the inside the perimeter, you know, more security but now our you know thousands of workers are connecting to your internal network from outside even though through encrypted channels to vpls and all that stuff. But we are seeing that lots of different attack surfaces are propping up and therefore the way that technology is going towards zero trust technology that we have to embrace him and that gives you a lot of opportunity in terms of innovation. Ah, the other issue is that online and online platforms that we are using so in the beginning when zoom started when the zoom started to be become very popular in the in march from time to time, the cybersecurity industry They have found a number of cybersecurity vulnerabilities in this in zoom, especially on the client side. And therefore, there was a lot of discussion and a lot of misinformation that also were spread, spread around. And therefore a lot of companies started banning zoom and so on. But as a cybersecurity researcher, I actually looked at this very carefully. And I found that zoom has from promptly fixed most of all of the all of the client side problems, so your computer cannot be compromised, provided you do certain settings, that zoom has commanded, if you don't do it correctly, then you can be affected, right. So so this is very important to know that you have to learn those things that that was, especially in terms of settings and so on. In terms of also what came out is that the zoom is not doing input security into an encryption, actually, whatever we are now speaking both to ourselves. We're in one of those zooms, facilities, data centers, and then there it is getting re encrypted to go to the place that people are we're seeing this program. So so people started demanding end to end encryption, but it depends on the application, you don't do an end to end encryption when you are taking a class classes not us very sensitive, you know, privacy related thing. When the government ministries discuss things, they cannot use zoom as such, because it's not encrypted. So, there are various issues that have come up. So So therefore, there is a whole new,

you know, gamut of things that are cropping up because of the way we work. And we we actually manage security as enterprises as organizations as Institute's and also with the help of this pandemic related fears people have been sent messages and and phishing what we call phishing emails and phishing messages, which they, if they click on, they might actually get, you know, ransomware can be malware may come into their system. So awareness has become very, very important, even for common people that, that they have to be very, very careful about what they click on indicated email, or what they click on when you get when you get when they get an SMS or WhatsApp message or, you know, Facebook Messenger message, this kind of stuff. And also for platforms like LinkedIn, to Facebook to any other platform where we share information. The platform's also have to be more careful about in terms of what they're allowing to be posted on their, on their on them, on their platforms and so on. They have to have proper security check on what what is being allowed, though, so So, I think that this has increased the need for cybersecurity professionals to a new level, I mean, there is a lot more demand for cybersecurity professionals, both for creating products and services. And as you saw that, you know, the government has recently promulgated this that you know, well equipment that are coming from the from abroad, especially from certain countries have to undergo security checks before they are deployed in our power grid and, and and other kinds of a nuclear installations and so on. And this was this guy. This is a long overdue, but this has been done in the, in the context of what be the water related skirmishes. And I think that these these are another opportunity to build, you know, of indigenous products for cybersecurity check and so on because if you buy a tool from another country to check their products, the tool may be particularly designed to avoid telling you What the, what the vulnerabilities are in that product and so on. So you have to depend on yourself and create those tools and services within the country. So there is an immense amount of opportunity in terms of cybersecurity and jobs and so on.

Absolutely. And, you know, very accurately put in terms of the opportunities that are there. So, I'm now going to move a little bit over to Sydney, in terms of you know, we've been hearing the guru talking, maybe loudness into the shishi, also, so to speak. So, what's your experience been, like, having just graduated out of the cybersecurity program? So yeah, run us through, you know, how the entire, you know, 22 weeks have been for you. Right.

Happy to do that. So,

in short, it has been a wonderful experience. So I would say that on the outset, because In a while we looked at while I looked at many different cybersecurity courses and was not sure where to go and what to do. And when this when the course Mighty kantoor came on, and I researched it and I decided to take it up. So we were in in the campus in February, like, like Professor mentioned, around 40 to 50 of us was great meeting, they're actually seeing the campus, going to the labs and me personally, I was quite impressed with the work that's being done in the lab. For me coming from a corporate environment. cybersecurity always been in a cybersecurity of our companies of our corporations did not really realize the you know, the impact cyber security has on national security on critical infrastructure, operational technology, factories, and so on. So, in the CCI lab, we were exposed to test beds that professor and his team has set up that mimic the actual power grid systems, water treatment plants, and so on. You could actually see how an attacker could gain access into the systems and how it could compromise, you know, security of the nation as a whole. So that was a great experience being at the campus meeting all the people there. We had classes for like professors at 22 weeks online, on the weekends, and Professor mentioned in the beginning that we need to really commit to it because this would not be like a course where you come you you listen to some lectures, you learn some buzzwords, and you go write a few emails. So your professor is very clear that this is going to be deep. We will need to roll up our sleeves, get our hands dirty, get into the program and actually learn how to hack how to defend you know how to write exploits, and actually do the things that that that based on the concepts that we were learning, so from a learning perspective, that was really great for us because we know remember what we have done, because we actually did it and we did not read about it and The peer group was also great because we shared our our knowledge and some of the learning curve was quite steep. So there we collaborated, so we could learn better. And through the 22 weeks, while the lectures lasted around two hours each day, there was a lot of work to be done after that. So we used to go back to the recorded lectures, try out the exploits that were taught, try out the different tools that were taught during the class. And so there was always stuff to do and stuff to learn. And until the until the last week, where which was just the week before where we presented our capstone project, and like professor said that, that he, he felt that it was about expectations. We were surprised at what we could do. So in the beginning, when we start the course, many of us did not know so much about cybersecurity, so, so we were really surprised at what we could achieve and what tools we could use them and how it turned out. So in addition to that, The regular course and the the many weeks of online classes and the the, the face to face interaction to the campus. The course also had the capture the flags, projects that went along the way quizzes every week capture the flags were were were in a particularly exciting many of us were awake in the middle of the night, it was like being back in college again. So, middle of the night trying to solve very tough challenges. You know, we had to write programs to to get reverse shells on the on the on the different systems we add write SQL injections and, you know, debug code in assembly. So great learning experience. So in, in my view, what we have learned is going to stay with us a long time. The course itself is quite deep, it is technical, and you know professor and his team they are I would say without any any doubt that the best in the field. Because the depth of knowledge that a professor brings is great, you could ask any question and professor would be able to answer it. So, and the team that works with him ncti a really great expert. So we learned a lot. We practiced a lot. And I think that has made us a lot more proficient cybersecurity professionals. And not just by knowing text and and things, but being actually able to get into the, into the environment and do things. Absolutely.

And that's a very aspect, you know, that you spoke about is the ability to do things is to learn the basics. And not just exploiting the professor has been talking about it, you know, we always have this thing that you will x product x is available in the market, it could probably do the same thing. Why do I need to learn that, but the fact of the matter is that if you don't get your hands dirty, you'll probably never be able to become a true cyber security professional. So that's, that's a very You know, valid point, we face these questions a lot of times and for everybody who's attending, you know, this is this is one of the aspects that you should really focus on. I'll just take you back to you spoke about the fact that you know, many, many chose the program. So what drew you to the cybersecurity program? And you know, at IIT Kanpur,

I'm sorry, can you repeat that I missed?

You spoke about the fact that, you know, you were looking for other programs when you were deciding to enroll for this program. What is it that the one thing one or two things that you could talk about? We share with us that you that drew you to AdWords the program?

Okay. Yeah, I think the first thing was the brand it can pay for itself. So, I mean, there is no doubt that it said the best education in the country so that part was a given. But again, since I was looking at many programs, I went online and did my research. So I came across the material on what c three I was doing research papers that were written, I came across some lectures that professor had given, which were in the public media. And that kind of gave me a lot of confidence that, that the the center actually knows the, in what they're doing and that they are the experts in the field. That was one of the things and the second thing was that the the peer group that that we work with, right, so, as in many of these, these programs, where we are industry professionals coming together for a course like this, peer groups come from different industries. So people have unique perspective of their the business that they work in and and some of them come with different levels of knowledge, right. So in the class when when professor is explaining a concept, people are able to relate it to in different ways. And when they share that insight, then you actually gain into the experience of that that peer group. So that's one of the other things that was very helpful. Third thing if I have to mention is the curriculum because many curriculums looked at were quite well, I think I mentioned before it's quite on the surface. So it was not deep. And this was quite deep. And I had a call with, I don't remember but somebody from talentsprint, who actually asked me what programming and no one will know what languages I can code in. And so and so then I realized that this was going to be quite intensive from from that perspective. So those were some two three things that that made me choose this program.

Yes. So yeah, the person who's spoken mostly would have been harshita. Yeah. And yeah, so so she's around, she's in this college. In case you don't want to get in touch with her in terms of, let's just talk about, you know, your takeaways, what would be the one key takeaway for you, post completion of this program? Okay.

That would be a bit difficult to summarize on one take away so much You have a different perspective. And so the one of the big takeaway, of course, is the knowledge that you've gained and the practice that you've done, right. So that's going to stay with you, and you will be able to apply it in whatever that you do. And the and the relationships and the and the, in the the teams that are built as part of the peer group. But But for me, the biggest takeaway is the fact that that, that I can continue to learn, because in working with, with Professor and his team is that they're always willing to listen and to be connected. I mean, even after the course is over now. So for me, one of the biggest takeaways, the fact that I can continue to interact with Professor I can ask questions, and this is this is kind of, you know, ignited a passion in me. So, I want to keep doing more of this to learn more. And the big takeaway for me is the fact that I can continue to do that and have support I can reach out and have a larger community of experts that have And go back

to absolutely well put, again, not to put you on the spot plans now that you have completed the program if you can share what you've managed to do.

Sure. And I think I'm one of the few people who have actually taken a break from work to do this course because I wanted to dedicate myself to this. So I have the it's it's a bit undecided for me now, but it's not undecided because there are no option. So I'm undecided because too many options No. There are in of course there are there are industry options from a perspective of being involved in cybersecurity for corporations. There is a lot of like Professor mentioned in the project, we have covered collected a lot of threat intelligence that I'm trying to collect. And there is there is no insights that we can draw that can be of interest to the government. And there are innovative products that you can build around that space Professor also mentioned about startups and the CTI And then setting up the kind of incubation center. That's and that is an option. So currently, I'm looking at different things. And I'm researching some of this evaluating some of the some of my project team members to figure out what is the right path forward. I'm very interested in automotive security, I come from that field. So connected cars, you know, self driving cars, you need a lot of security products there. I mean, you cannot compromise real time operation of these vehicles, because you want to put security inside, right? So you need to you need to have both, it's good. We need some innovative solutions there. So looking at a lot of different things now.

The timing, great way to put it, you know, there's so many opportunities that are available and it's true. So, okay, so one last question. This one again, from my side, and then we'll open up the questions for the audience. In terms of this, this is a you know, to the professor presser Shukla one thing that he would say that sets the program apart from the other programs that are there. And again, I'm sorry if I'm particularly this part.

So, so what is your question? Again, I

want one thing that would set this program that sets this program apart from you know, other programs that are their key USP of the IIT Kanpur cybersecurity program.

So, I always say that to be a successful cybersecurity professional, you have to become skilled, which means that you have to be in not in the mental disease sense, but in the sense of your profession, that you have to be both defending and attacking. So, you have to know how to attack and you have to know how to defend and if you cannot be an attacker you cannot defend in this program, my main objective and I was telling my students You know, if I if you if we want to know whether or not we succeeded in converting you is that whether your becomes your friend, whether you every time you see an IT system and it product or not even direct it product like your washing machine, you start thinking how it can be attacked and what would what would what should have the company done that to not have that attack happen, right. So, if you can start thinking about everything like that, then I know that you have learned something. And, and and some students have said that, yes, they have started becoming very suspicious of all products, their phones and their apps and security settings in their phones and their browser and everything. And I think that is required and is that that anything that has a sensitive part is that inculcation of that kind of mentality that we that is a that will make people successful cyber, you know?

Absolutely very well for timing, you know, in terms of this is one one aspect if we are able to translate that into all of the learners, it would really make a lot of difference not only in you know their lives, but also in terms of the overall environment as a whole. So what I'm doing is that you know, we can I'm opening up questions from the audience we we have have about another 1015 minutes more. So people wanting to raise you know, they can you can raise your hand or you can send your question via chat. And we'll start with Sudhir is been very prompt. Yeah, so there's questions and we can do both. So we'll start off with to read while we kind of look at the questions on So so the I've allowed you to unmute yourself, you can ask your question.

Sure. Thank you so much, everyone. It's really helpful session for us.

So you're able to hear me right? We are.

Okay. Okay, great. So I would like to understand how does this program help someone coming from diverse background for example, I was into B roll before. And now I'm moving here because I did my MCC and Linux and CCNA. Okay, as during my undergrad tuition. So now I want to move to cybersecurity. So, how this is going to help me and second question also, like, is this a diploma which diploma certification or is this an advanced certification? So

kriva is light on it.

So I'll take the second one and probably Professor can Take the first part. It's a certificate program. It's not a diploma program or degree program. And so that's the short answer to the question Professor probably want to take up the first part.

Yes. So I think that this course this course is for somebody who wants to have a career in cybersecurity. If you're asking why I should do cybersecurity, then I think it's probably you're not yet ready. You have to do your own research to know what cybersecurity is about and why it is important. What is its what are the opportunities in cybersecurity. Second thing I think, is that you have to be very good at programming. And you have to at least, you know, know something about it and cybersecurity, not server security, but more about, you know, network is, you know, networking, web technologies and and In general, you know, some of the IP stuff and and you have to actually like it, okay? It's not just for, you know, it's not a course that are foreign for very unsure person, it has to be that somebody who really likes this is a kid here and really wants to now move into cybersecurity as a career but he has to like computer science or or programming or or you know it in general to actually thrive in this Otherwise Otherwise you will find it very

difficult. Absolutely. We'll take this question. Hopefully, that answers your question. Now, we take this question, which has come on chat servatius asking what are the open source tools that you covered as a part of the curriculum?

Well, there is a lot to go about, like starting from, you know,

tools that We use for

for analyzing programs to see whether whether it has it is a malware or not to cuckoo sandbox for an amazing dynamically analyzing programs for collecting features and running programs to

you know,

tools like network intrusion detection like Zeke or bro, two h IDs or, you know, posting motion detection system like like wasa snort, or sericata. We look at Android, we look at, you know, various tools. So, so it's not that we it's not a force for covering tools. So we introduce the tools to the students to empower them to use the tools to actually guide their own network. to actually try it out on their own hosts. So, so if you think that this is a course on learning a bunch of open source tools, it's not going to be very interesting to you. It's about the concepts. It's about the cybersecurity mindset, and the tools that come as as a matter of fact, because those are the tools that are available for free.

Absolutely. Thank you, professor. Just taking up a couple of questions before we let a couple of people ask questions on Beecher, you know, to verbally does this question from, well, I don't see the name but what is the prerequisite of the course and what would be the pathway for this in terms of prerequisites you need to know coding professor and and one year of work experience that's the prerequisite but then we've had cases where we have taken, you know, bright students who are good at coding who are already applying The first cohort also in the class. So I think primarily professor, we are looking at, you know, being able to code the we are also in for the current cohort that's gonna come into the class we are planning to run a preparatory module where, by the brush up your coding skills if you if you are lacking it. So that's something that's also on the cards for us. So yeah, being the ability to code is one thing and being passionate about cybersecurity industry, looking at yourself as a cyber security professional would be the other part. What experience depending if it could be I mean, most cases, they were professionals last time, but this time, we will have some students bright students in the classes well for the coming cohort.

Right? Oh, yes, professor.

Yeah, I think that if you don't know programming, and I think talentsprint gives you a one month module to learn programming.

Got to week module Professor

two week module. But before that you have to take a test, I guess. And if you pass it, then you don't have to go through the module. Yes. And even after that two week module, if you are not comfortable programming, then this course will probably be very hard for you and I wouldn't recommend it. So, so you have to be comfortable programming and then if you take that two week module and still not then then it is not going to work.

Absolutely.

So there is this question from Jam Jam allowing you to talk as you can unmute yourself and ask your question,

please. Hi, good evening to all the panelists and all participants in this question. My question is, my son is in last year computer science and he wants to take a career in cybersecurity and join Indian Navy. So can you just highlight on these slides? He can go and what exactly he will do in cybersecurity if he want to join Indian Navy.

What is the what is his background? He said even the finding

is Yeah, he is in final year computer science.

Okay. So I think that joining Indian Navy as a is a different from cybersecurity, you know that Navy does not, you know, directly recruit in cybersecurity they actually train their people through various programs. For example, a lot of naval officers come to it Cancun for their master's degree here and then they go and get position into WASC and other Navy side. This kind of places where cybersecurity is the main agenda, but then they get also transferred to other locations at once locations to the show. for, you know, whatever their their schedules are. So I think that the questioner navy and cyber security are to be orthogonal. So if he wants to do cybersecurity and he is if his coding skills are up to the mark, he can take this course. But, but I think that maybe and this is

unrelated and should not be confused with.

Absolutely. So this is a question from me garage. So he asks, you know, how can he mastered cybersecurity within the six month period of the program? I think of you Roshini has kind of answered it before. But, you know, it's open to both of you. Obviously, cybersecurity is such a large field, you would not be able to, you know, master it in six months time, but you will probably become more curious and start looking at The entire field and looking at opportunities that are there you know, she need Professor anybody

can he knows she she can answer it better, but I don't think we claim that people master services.

Absolutely,

yeah. And I agree with that statement, I think

you will not master cyber security in six months that is for sure. But you will surely find out what you do not know. And that means then you have an opportunity to learn that and an opportunity to connect back and then ask questions if you need to. So and you will not become an expert at the end of six months, but you will you will know what you need to learn and you will you know, have the desire to learn once the program is over.

Absolutely. So, moving on to the next question. Um, so this is question and we found some bureau professionals who come to us this is from Ganesh You know, I, he has no coding experience. But he carries five years of experience with cybersecurity operations and audits. So you know, whether he will be a fit for this program or not.

No.

So, yeah, I mean, this is this is something that we've been talking about it you would need to have the programming part of it to get this done, we can help you, you know, build up some of your some of those competencies over there. But yeah, you would need to know programming is like the professor mentioned, it would be, you know, difficult for you to manage this.

So, I think that one thing I should mention is that this is a question of, not knowing, knowing or not knowing it's a question of attitude. So, you may not know programming at very well. But if your attitude is that I don't need to know programming, then I think this will not work. If you can, if you can. Learn some programming on enough programming like JavaScript or, you know, on the go or Python in couple of weeks. Not necessarily at the at the Masters level, but at least you can learn but if you're if you take the stand that I have been working in cybersecurity operations and I don't do programming then it will not work because will demand programming in the in the work that you will do. Absolutely.

So, a lot of questions which are there I am going to kind of because we are at 7pm. I will ask my you to ask your question why you would with the caveat that the question remains shot.

Oh, yeah, hello, sure. No monster to all attendees and panelists. So, this is my question. I will be having two questions. So the first question for the talentsprint. So, it's Four plus years of me working as an automation tester in very reputed MNC company. Okay, and recently last year only I completed my ch and I'm certified now. So, I just want you to know like I got it unfortunately to join this course in June only, but you do some personal reasons I was not able to join that. So, I wanted to know from talentsprint whether after becoming a CH also, if this course will be helpful to me, this is the first question and the second question is for the professor. So professor, I want to know like, like, if I want to do overs, okay. And after all, I want to indulge in the research of the cybersecurity domain. So, what is the path I should pay for it and how I can grow in this to become an excellent, you know, excellent person in this person and this field, and not just to, you know, drag this in a field, like other people are doing in this world.

Do you want to take up the second part of it? I think you can answer both parts.

Right? So ch is, you know, ethical hacking course and certification. There is also ACP, then there is, you know, CISSP and various certification. I don't believe in certification because there are many different ways certifications can be obtained. And they're also, you know, there is not in depth. Oftentimes, they're there. They're done with an exam, the final certification exam in mind. So I think that it's kind of orthogonal to what we do, we don't care about certifications, we care about learning and getting mental dimension towards cybersecurity mindset so that you can thrive as a professional and learn more. So that I think is not With these certifications, but that is up to you to decide whether you want to learn, you know, in depth the concepts and in depth understanding and, and understand that what you don't know. So so with that at the end, you can you actually have a better path forward. So that that's the kind of thing that I feel should be this but maybe stinney can answer more because he has many years of work experience and still he found the course useful. So I would ask me to pitch him.

Sure, okay. Yeah. I think in the industry in corporate said there is. You see the people take a lot of certifications and that is valued within a from a corporate perspective. I myself, I have not done any of these certifications and my interest was more Towards the learning part, which is when even in the beginning when I was evaluating cybersecurity programs, one of the things that I looked at was the actual certifications. And I, I personally felt that that while it is useful in your job and and helps you advance your career, but a lot of it is done manually, you learn parts and then you write exams for it, but later if you forget about it, so I have done certificates and vacations and itl and CS, Q and PMP. But I mean, it's a learning that you get, but you don't really practice it so much. So it's a difficult in a situation whether you what you need to take but it's it's up to each individual. So if you are looking for learning if you are looking for for a in depth understanding of the concepts and trying them out and this is the right place, if you are more focused on the career path, then maybe certificates I don't know.

Yeah. So in terms of You know, career as an option right now, with the fact that you know, there is so much demand for professionals or certification would would be helpful. I mean, there is there are companies that are looking for their companies that actually come to us, asking for professionals bigger whether we have them or not. So, in terms of a certification, yes, it definitely does help a brand like it kung fu will never hurt you. If you were to do a program like this in a program that covers the basic aspects of cyber security and get you you know, up and running, in terms of at a very foundational level will obviously be helping you and what this part of the answer is there are a lot of questions that are coming up in terms of career opportunities there that are there as a part of the program etc. So there are no placements that are offered as a part of the program, but I'm sure you know people you know, like sheeny, and the entire cohort who would have passed out would have gained enough competencies and srini can you know disagree with me if he wants to that if they would find that they he already kind of said that, you know, there are so many opportunities that are there, you would probably not be looking for a lot of jobs, you would, you know, you would become as a professional you'd become much more valuable for companies that are looking for it the initial part of the presentation, I was talking about opportunities, you know, 10 lakh or jobs for people to be filled up, but professionals are lacking when it comes to a competency. So, if my answer to you know, questions around career opportunities, that are there is that learn the foundations of the field in which you are in if you are able to do that, you know, you would find that that knowledge itself will get you make you more valuable and make you stand apart from the crowd. So, we will take up the last question And we'll take up an audio question. There's some people who have, you know, raise their hand. So which one right? You can ask your question. You can, you know, unmute yourself and ask your question. I also opened up the poll for people, I would request everybody who has not yet voted to vote for this while who's been asked this question.

Hi, everyone, and thank you for profession. Thank you professor for giving such brief about the course. Just wanted to know couple of things. As you have mentioned about the coding and that part, I am basically my SQL DBA and I am having around like six years of experience working with a reputed company. I wanted to know that I have experience on Python and JavaScript and HTML programming, but past few years, I mostly work with the Divi site. So I wanted to know that what are the language you are looking for for this kind, of course? And what would like? What is the placement opportunity after doing this course? Is there any placement opportunity from you

know, the placement opportunity part is not there. So again, I just answered this, but if you build up the competencies, there are enough jobs that are available. So the professor can answer the rest of the question.

So, if your competence level is in Python is good, and if you know JavaScript, HTML, PHP, ci, you want your good for this program?

Absolutely. Thank you. We know that was a free concert we we let's let's do this. So we will take up one last question professor and Ching. What would what would your advice be to Anybody who is looking at it because there it's a mix of, you know, a lot of participants that we have seen over here there are students and we are going to be you know, taking up, you know, questions, you know, we will be taking up bright students this time some bright students. So you can, you know, write to see ACTA talentsprint.com for knowing about the process of going about getting yourself enrolled. So, to both of you what would be one advice that you give to prospective people considering a career in cybersecurity.

So, screening first,

right, okay.

When you say prospective

anybody,

you know, it could be a working professional, it could be in the fourth, fifth or fourth year of their college, looking at getting making an entry and making a career in the domain of cybersecurity.

Right. And are you asking me if there is possibility there are or

what would be the two? Sorry. Okay.

All right. Okay. Yeah, from that perspective, okay. Then I think, you know, knowing the basics and then trying the basics is very important. I think I've repeated this before and I'm just repeating myself again. And so, it depends on what level of experience you're in at this point in time. So, you would have students who come into into this field and gain experience in this area and then they get into the entry level. career opportunities in this field. And again, there are options from corporate perspective, there are opportunities from from government from and the ability for them to actually start something by themselves because the demand for for indigenious solutions and and services are quite high in this market. For people who are midway in their in their career wanting to make a change. into this field, then a program like this would be extremely helpful for them. Because then it gives them the the basics and the understanding and the ability to move laterally within their organization. So even if they are not working in a cybersecurity area within their organization, they can always get the certification With this knowledge more laterally into this into this field, from people who are like myself who have been in the industry many years, I see a great career opportunity in terms of actually incorporating this knowledge into our strategies because many corporations today wait for themselves to be attacked before they decided that they want to do in bringing an element of protection or cybersecurity in their organization. So, this is great for for people who work with decision making, to know what is the reality on the ground and coorporate that into their, into their, into their career. There are curious in terms of understanding risk in, in making decisions and in strategies around cybersecurity impacts the organization and so I don't know if answered the question

but Thank you professor.

Yeah. So, I think that you know, one should only worry about this eventually what matters is what you know, not what degree you have and what certificate you have and things like that. And if you feel like what you know is not good taking you anywhere in the career or adding one or one or two certificates without going through this, you know, the grind is not taking you anywhere in the carrier then I think this is a good course. If you are just looking for certificates or jobs. You know, see the the job should secure you rather than the US taking the job because you have to spit is the job doing secure And that's what I believe in. And that's why I think you should consider this as that kind of a course that, you know, building the path to expertise, working really hard, you should be ready to work really hard if despite your other, you know, daytime job, you know, as, as many of our students say that, you know, sometimes, CTF and other stuff become like an intoxication. Right? And they can they have to solve it, and they really want to solve it. And then they worked all night and, and still had the daytime job. Of course, the COVID situation helped a little bit because that gives them the flexibility to work at home and probably get a little bit of sleep here and there. But yeah, I mean, that's the kind of thing that would actually the attitude is very important that You'd have learning and building expertise that that, that people should know you're not for your certificates, but for what I know and what you can do on by hand. You know, in terms of cybersecurity, that's the kind of attitude we want to build. And that's what will, you know, create entrepreneurs in cybersecurity or data, cyber security defense. So for enterprises and governments, so that's what our goal is, and that's where if you were really wanting to do that, then this is a good course.

Absolutely. Thank you professor was very well taught. And she, you know, we you gave us a peek into how things are taught, from a learner's perspective sheeny and from the teachers perspective of it, Professor Sandeep Shukla coming in today, it was a wonderful session. We had a lot of questions that are that we wish you know, we could take up it's already 715 right now, but feel free to reach out to the ID if you have questions post completion of that. webinar, somebody from our team will be getting in touch with you. And, you know, if you have more questions, we will be happy to take them up and answer them. The enrollments for the current code for the next cohort are on the classes will start end of August. So you still have time to apply for the program. It's open for both working professionals as well as some students. The team will be able to brief you on the exact modalities of coming in. Thank you Professor Shukla for coming in and shared spending time with us. I know we made a very last minute, good call to him today and he was gracious enough to accept that in spite of his busy schedule. Cindy, thank you so much for coming down sharing your journey. And your experience with all of the participants today. I'm sure they would have gained a lot out of the insights that you shared about your experience with the program. Thank you, everybody, for Joining us today and we look forward to seeing most of you in campus in I would say not in campus. It's going to be digital for the next cohort to start with. We look forward to having welcoming you guys in one of our sessions in class as a part of the program very soon. Thank you again. Very good night to everybody. Thank you again, good night. Night.

Watch the entire interview here https://youtube.videoken.com/embed/wnXJlNAV5FY