Home / CSCD / CSCDEventOct16

Held on October 16, 2020, 5:30 PM

Ask me Anything:
Cyber Security Program
By IIT Kanpur and TalentSprint

Aritro Bhattacharyya
Sr. Director

Lately, the demand for skilled Cyber Security professionals has sky-rocketed. In this webinar, Aritro Bhattacharyya, Sr. Director, TalentSprint and Seshadri. PS, Alumni of IIT Kanpur | TalentSprint’s Cyber Security Program and working with Unisys, discuss how the program gives its participants a headstart in pursuing a successful career in the competitive cyber security domain.

Watch Webinar Recording

About Advanced Certification Program in Cyber Security and Cyber Defense

Advanced Certification Program in Cyber Security and Cyber Defense by IIT Kanpur is ideal for current and aspiring professionals interested in exploring and exploiting the latest trends in Cyber Security. A program with deep academic rigor and intense practical approach will allow participants to master in-demand skills and build world-class expertise in cyber security technologies.

Event Transcript

Over 67,000 job openings in India in Cyber Security. How to build the expertise

mix of obviously, you will have good theory because it is from it. But it's also good mix of, you know, lab sessions, a good mix of projects, good mix of what we call Capture the Flag, because that's really when you do your own research. And it's, it's like gamified. So you get points and you know, it makes you do more work. And of course not last but not the least, the capstone project. Because, you know, when you do a project is really when you learn, you know, you can listen to a professor's lecture by in the morning and by evening, you would have forgotten what he said, right. But if you actually do something you would really be remembering at least, you know, there is a saying, you know, about how it helps to do rather than to, to just listen or watch. Right? So. So I think those were really my triggers are to be able to really get my hands dirty, and I think it did the job. I mean, after the course I can tell you, it's six months down the line, I'm so comfortable with some of these terminologies I'm so comfortable speaking in some of these, these meetings with confidence that yes, you know, I know, whatever, what, what, what's going on?

Absolutely. And then I need some key takeaways from what you've just said over here, which, which is something that I would like to talk about, is that most people when they talk to us, the first thing that they say is that yeah, I mean, coding, why is coding required, etc. And she's kind of, you know, spoke about that very well, saying that, you know, you may, you may not need to do it yourself, but you need to know how it's being done. And that's where we are a little different from the other programs, you know, that are there in the market, whereby he would want people to get their hands dirty. If you are looking at this program as just another certificate, you will come in, do the sessions, and you will get the certificate, etc. Probably not the program for you. But do you think this is a correct assessment? Sheesh? Absolutely, absolutely. I

mean, you can go and get in, get a certificate work very hard for three months, you know, read up a lot of theory and you know, actually go through some of books. But you know, this is different, because, as I said, No doing it hands on, you can you know, you download Kali Linux to you know, you make sure you download all the required software, you have to have your machine configured, you will be given challenges. And then you the good part is the best part about this challenge is the debrief sessions, right? Because no many of us would not have cracked the whole thing, you would have gone halfway, and you really want to know what happened. Right? So the debrief sessions, and you know, so I think, clearly, you know, if if you want to learn this subject, if you want to make a career in cybersecurity, if, if you think that, you know, this is something that is going to grow, and I think all all statistics point out to the direction. And if I may add, also right beyond what you just said, there is 5g, going to come in the next couple of years, there is going to be IoT devices. Now, as you add more and more devices into your infrastructure, you it's a direct proportion of the risk, right. So so every device added has brings in risk. So I think this, this cybersecurity, that we are seeing now is really, in my view are just the tip of the iceberg. It's good to be so much more required, so much more needed, in so many more skills needed, that I think, you know, everybody could, you know, really anybody who wants to pick any of these areas would would, would, and specialize there do a good job, be passionate about what you're doing, you will really, you know, I think See, saw those benefits, right, reap those benefits, as you know, you move forward in five years, 10 years.

So absolutely, I mean, if you look at it, I mean, ai ml is such a craze develops or in going back to that as well. But at the end of it, it's still needs to be secured whatever system is being created, it still needs security. So cyber security is there everywhere. And and like she mentioned right as more devices get connected, etc, threats will increase, which is a which is okay. But the fact of the matter is, if I look at it from an opportunity perspective, opportunities for professionals, to you know, upskill themselves or or know about this and and make a career out of it goes up manifold.

And also I would like to add here, right? So, you know, there's a very nice intersection of AI ml in cybersecurity. So, you do see some parts of this, of how that how AML can be applied in a cybersecurity scenario, you know, in terms of binary analysis, static analysis, dynamic analysis, model creation, so, you know, we

So we could we could submit it online on the, on the talents platform. And then of course, in the beginning of the course itself, we had to decide on our capstone project because as we formed the group, the real meat was on how do we, how do we do the capstone project? And how do we function? So we were, we were, we had, we had different topics and topics from deception technologies, honeypots, ideas, network security, you know, web security, you know, whatever, right. There's a whole bunch of security domains. We had topics on that. We had also, you know, malware analysis, joining using a and as a as one of the projects. So, then, of course, the end of the session, we had to really present our project findings, use open source tools, understand what we learned in these sessions, and really apply that. And then there was a project presentation and the last session. And then of course, now we are know, working towards creating the book, through different chapters. Our group also, you know, we worked on creating a white paper. That will be if it is like a white paper, I wouldn't say we have published it yet. But it was a 60 to 70 page document that really outlines what we had done so that broadly added through is the structure. I don't know if that kind of answers your question.

Yeah, that that does that does kind of gives an overview of, you know, what, what life was in class, so to speak. And you spoke a little bit about TPR interaction as well. So when so I'll take it from the learning side, what you learned, have you been able to, you know, kind of replicate that or use some of these learnings in your day to day role, so to speak. So if you want to kind of give us key takeaways for you from the program? No, I

think absolutely. So I've been a little fortunate that I am in the field, right, and therefore, a see some of these on a day to day basis. So I've been able to apply a number of things that I learned in the program on my day to day work. As I said, it really enhances my mix, my whole understanding of things, you know, in from a different perspective makes it richer May I love, I'm able to have very, very intelligent conversations, because you know, you understand the topic much better. So for me, as I said, and I do see some of the participants were not from cybersecurity background. So it may have been a little different for them. But I think personally, for me, it was, there were a lot of takeaways, I use that on a day to day basis. It helps me in my volunteering activities, and it helps me in my day job, you know, helps me to have some good conversations with a number of my peers.

Absolutely. So, you are a senior professional, you know, you are a leader in this space, you work for a long time over here, when what would you advise people? What are the trends that you are seeing in the sector right now in terms of, you know, need for talent? What should people and you know, if you can, can you just tell us for the for the benefit of the audience that has joined us here, opportunities that are there that you are seeing in the market, as somebody, you know, who is in a very senior position and a large organization?

Yeah, I think, clearly, I think what you're reading on the chart is, is quite well depicted. But in a broadly, I could say there are three or four areas, right, as from a corporate standpoint, one is really the security operation center. So you know, threat detection, Threat Management, able to handle threat, threats from looking at network traffic, right, as traffic, and so on and so forth. So really, the that's the operations, there's good opportunity, there is the governance speak till about security, education, you know, training and awareness and security is one of the biggest drawbacks, right, while it tends to be neglected in a number of areas, because security is thought out as a technical subject, but I'm a big believer, I do come from a process background that in security view, all the three things apply people process and technology. Right. So I think things like governance, compliance standards, all of them really are one one bucket, then there is the other bucket that is really about threat hunting, threat intelligence, we really being able to look at analysis, forensics and you know, response incident response, we will have an incident and how do you respond back and so on and so forth. And then of course, there is also the the last part, which is really about investigation, digital forensics, you know, collecting and, you know, analyzing samples, doing malware analysis, so you know that that piece again, is

And also specific access, like when we do a C, CTF and capture the flag and other things, you will, they will be provided access. But it's not as if you have full access to the virtual access to the entire lab, they will be in a role based or need specific access provided based on the assignment of the project that has been given to you.

And, and this was happening when you were doing the program away because the program, basically just to make people understand was, you know, you It started off with a campus visit. And then the sessions were live online sessions over the weekends. And it kind of culminated in another campus visit where the presentations would have happened. So the live access was provided as a part of your learning sessions as well, when you went over. Okay, right. Now, one other clarification that I would like to give over here is the fact that thanks to the pandemic, now, Cohort Two does not have any campus visits planned because of the of the situation that we are undergoing. The program has been tweaked and the platform, it's possible for the platform, because technically, it's possible for the platform. So the access to CGI, which sheesh was talking about in terms of physical, you know, going going through the entire thing is kind of now being provided virtually, so you have access to all of the features, and everything that they had done physically is happening virtually now on the platform. So it's, if you really look at it, look into some of the comments saying that we want to do an offline program, or nobody really knows, you know, when an offline thing will happen, we'd be more than happy if you know, it's technically it's health wise, it's feasible for people to come and congregate, etc. But, you know, we don't know. But the fact of the matter is, the platform is strong enough to to kind of give you the complete feel of the classroom, even though you're not in the classroom, so to speak. So that's the first part of the question. Margin Comm. Okay. So again, this, Davey, for your second question, knowledge about merging, and dq Labs is something that we can get back to you offline. You know,

I think I think we should probably, we should probably put that across to the prof. It really is. There is there is a there is a there is basic stuff in cryptography that talks about quantum and so on. But, you know, this, the topic that you're bringing out is fairly interesting. I think you should have more deeper conversations with the the faculty on this.

Absolutely. So let me just look at it. I won't talk about you know, there's a question on choosing a program for nit route killer IIT, roorkee, IIT Kanpur, go through every program, see what suits you the most look at, you know, the the the kind of reputation that institutions have, and take a call, it's, it's something that you would have to do, I mean, I would not say that, you know, you do this program. And this will be the end of it. Most cases, I know, a lot of people Chase, I think they are going further into, you know, cybersecurity after doing this program. I've spoken to a couple of them, they're on our other webinars as well, they're researching more in the domain now

connect. So there that is happening. So people are pursuing more more depth courses after this. Also, you know, as I said, the projects, the IIT Kanpur is also looking to see how they can be incubated in the startup. So, that's another thing that they're also considering for a few projects, if they believe that that that's worth doing going forward, again, all initial days, but you know, there, that's very much in the being in the discussion slot.

Right. So there's this question on, you know, and this is going to be the last question that I take. You know, and you kind of answered this before, you know, does this cover machine learning concepts, which would be applied to cybersecurity, I think you did that as a part of the program

correctly, it covers especially when we there is a fairly detailed topic on malware analysis. So, during that topic, you know, using machine learning, you know, is looked at. So, I think that's the area that we do have a will. But Professor also offline, can do or through through the course can also talk about very ml in the whole cybersecurity lifecycle where ml can be applied, but the course you know, there is a project as well on the malware analysis that you cannot play him.

Absolutely. Um, thank you so much. And, you know, there's a poll that's been opened up, you can just you know, let us know your feedback on This is one last question that I will take from Husker he's asking and I was kind of loop waiting for why this question didn't crop in yet. He has experience in telecom networks, no experience in cybersecurity domain. But the fact is he still qualified. I'm assuming you are qualified, will you be able to get a job? When it comes to questions about jobs? See, most people focus on Will I be able to get a job? My humble request to most people is focus on building the skill. If you have the skill, the job will come to you. Most cases for executive programs, the first question that they ask is, does it have a difference or not? We will probably have Yeah, that's one change that is also coming is that we will probably again, it's it's not, it's still in the works, but we will have some kind of career advancement support being provided from cohort three onwards, it's still at at a stage of discussion. But most cases when people ask will I get a job is a placement there, etc. My only request to people is that concentrate on building the skill. So if you have the skills companies will lap you up. I mean, companies are desperately looking for professionals to fill in their ranks. Would you disagree with me? No, absolutely. No, I think you're bang on. Absolutely. Okay. So well, okay. One person has been asking Lakshman Kumar, I think I answered your question already. It's not an in person program that you will do in the campus, you have campus visits, if the campus visits if it's safe. You will the campus visit will happen as a part of the program. It happens at the start and end of the program. The rest of the program is online. And and it's a nine class, it's not like you're going to be looking at recorded videos, none of the classes have any recorded videos. So thank you so much. You know, it's been lovely having you shop, you know, thank you for taking time out. I know, I took some a little longer, he went in a little longer than expected, but it was, you know, nice, interesting conversation that people are having. So thank you so much for taking time out on a Friday evening and joining us.

I It was my pleasure. It was great talking to you. I'm happy to answer any questions offline. If anybody has, they can drop it through and I can I do. I do believe this is a great program. And you know, hope we have good participation.

Absolutely, we will. And thank you again to all the people who are there. He I'm going to keep the poll open for the next couple of minutes. You can get more information about the program start dates, etc. There is you know, Harsha from my team, who manages who leads this program, her number is given or you can drop us an email. If you're interested, somebody from the team will be getting in touch with you. Thank you so much for joining us, and we hope to see you in case we've not been able to answer all your questions, you know, routed to us, and we'll be happy to help you out.

Thanks again. Thanks so much. Good evening, everybody. Have a thank you, everyone. Bye. Have a great day. Bye bye.

Watch the entire interview here

Note: This video transcript is generated by AI. Therefore, it may not be 100% accurate.