Engineering continues to be an attractive profession with thousands of young students aspiring to join this field of study. Within the many streams available, one of the most needed requirements today is in the area of security, even as the Internet, mobility and technology trends such as cloud computing continue to transform the way individuals and businesses interact with one another digitally.
With just over 5,80,000 engineers graduating every year (Nasscom study), India now faces an urgent need to develop skills, prepare and arm itself in the area of cyber defence.
To understand the role of ‘cyber-warriors’, it is important to take a step back and review the security threat landscape. Even as the motivation of cyber attackers has moved from fame to financial gain, malware has become a successful criminal business model with billions of dollars in play. While the volumes of threats are growing exponentially, they are also becoming more sophisticated: we are now in the third significant shift in the threat landscape — one of cyber-espionage and cyber-sabotage. An example of this is Stuxnet — the first digital threat to have a physical, real-world impact — for which India was the third-most infected country. Stuxnet had the power to modify the frequency of high-speed motors and potentially cause explosions in sensitive installations, and its point of entry into the network was the ubiquitous USB pen drive.
This shift requires cyber defense operations that in many ways are similar to those of defending a warship in hostile waters.
Critical role
With the increasing sophistication of attacks and the potential cyber threats have to bring down national assets, the role of a security engineer is critical. It requires a combination of high-technology skills to understand, anticipate and pre-empt various attack techniques, as well as an investigative bent of mind to understand the psychology and motivation of attacks.
To be a security expert, an engineer needs to possess the skills and mindset to perform a defensive, yet pre-emptive role in protecting the nation. Further, the digital world operates 24 x 7, and it knows no physical boundaries — to keep pace, security engineers need to have a degree of foresight and quick thinking to mitigate threats before they cause widespread damage.
Certification
Even as the security landscape evolves, it is critical to constantly stay up-to-date on the latest threats, techniques and methods so that, when faced with an attack, engineers understand the most critical threats and take a risk-based approach. The good news is that today, there are global standards and certifications to train and skill-up security professionals, such as the GCIA (GIAC-Certified Intrusion Analysts. GCIAs have the knowledge, skills, and abilities to configure and monitor intrusion- detection systems, and to read, interpret, and analyse network traffic and related log files. They are certified by the GIAC - Global Information Assurance Certification, a worldwide body).
Proficiency
The need for technically proficient individuals becomes more relevant as innovation in the digital world happens much faster than the physical world. For example, we no longer have one dominant operating system, but multiple platforms; the main reason for this shift is the difference in how threats arrive onto computers as opposed to “platform-agnostic” attacks. When a cybercriminal writes a malicious code, it must be written in a program that can be opened by the recipient, plus be able to get past security software and any checks in the operating system software. With a platform-agnostic attack, other forms of malware can simply be deposited onto a computer by the user simply downloading it or even accepting it through an instant message or text message on a desktop, laptop, phablet or mobile phone.
Today’s security professional needs to be qualified to understand the vulnerabilities and strengths of each platform to ensure that information is safe regardless of the type of device it resides on. On a day-to-day basis they encounter new security threats and exploits that arise in the field, respond quickly to emerging malicious code threats and create relevant signatures or recommendations to deal with these threats.
Teams of security engineers take up different roles based on the threats that vary from malware, exploits, spam emails or phishing websites. While a malware engineer would focus on detecting and developing signatures to protect against malware, a vulnerability analyst finds out which systems or applications or systems have vulnerabilities (or software bugs) that can be exploited to take advantage of the victims’ computer.
Most importantly, integrity is very important to a cyber-security expert. Businesses, governments and consumers are relying on these individuals to secure themselves and their information, and it is important that they demonstrate and hold their trust. Strength of character is a key attribute of a security professional. Likewise, a spam analyst spends his day analysing hundreds of emails to figure out which are spam and which ones are legitimate based on a variety of criteria and relevant domain knowledge. On the other hand, a security analyst specialising in phishing, fraud, spam or website ratings deals with analysing hundreds of URLs every day and marks them as safe or malicious.
With the rising complexity of the cyber-security threat landscape, a cyber-security expert brings together a combination of skills in terms of technical knowledge, the right mindset and the maturity that is needed to take on this career that performs a critical function in the digital era. While there are multiple roles and profiles available, each one of them contributes to building an Internet that businesses and consumers can use with confidence.
The writer is VP and MD, India Product Operations, Symantec
