Online frauds may be on the rise, but the number of skilled professionals who can handle threats in the cyber security space is far from adequate. Karishma Mookhey and her husband, Kanwal Mookhey, both security analysts, realised this a few years ago while conducting interviews for their venture, Networking Intelligence India. The venture was a global provider of services, solutions and products in the cyber security space. While many of the candidates had plenty of certifications to show, they lacked hands-on knowledge.
According to research company Gartner, by 2020, 100% of large enterprises will be asked to report to their boards on cyber security and technology risk at least annually (up from today’s 40%). “With rapid digitisation and the inter-networked world leading to a huge data explosion, the knowledge of cyber security has become pertinent,” Mr. Mookhey says. “Today we need skilled cyber security professionals who can not only handle the current challenges, but also evolve continuously with changing technology and the associated threats and vulnerabilities.” Ms. Mookhey adds, “It was essential to get people job-ready.”
The couple started the Institute of Information Security (IIS) in 2008 with an aim to help students gain practical knowledge through virtual machines and tools in laboratories specially set up for the purpose.
Course contents
The institute, with experts, spent the next six months designing courses ranging from ethical hacking and web application security to network security and forensic training.
Bhamini Shah, trainer and security analyst, says, “Students learn a wide variety of topics, from the basics to compliance standards and even forensics, cyber crime investigations, advance malware analysis, mobile security, cloud security etc.” There is both theory and practical tasks.
The mobile security course, for instance, provides in-depth knowledge on all aspects of mobile security, and explores risk assessment, and various other dangers and threats which put the consumer and data privacy at risk. Dilpreet Kaur, security analyst, says, “We cover real-world examples of security breaches either of the smart phone security framework or by third party applications.”
In the fraud detection, investigation and prevention course, students are taught the nature of financial fraud, how to detect fraudulent activity, and how to investigate any type of financial fraud. Chetan Dalal, one of the course designers whose expertise is in financial fraud investigation, says, “The six-week comprehensive training focuses on audit techniques, fraud detection techniques, accounting and law, auditing and investigation of frauds, collection of evidence and documentation which can stand the test of legal scrutiny, and write succinct, factual reports.” The course is ideal for internal auditors, heads of risk management and legal departments.
IIS offers flexible training timings through classroom sessions, corporate training, live and virtual trainings, and an e-learning portal. The duration can vary from three days for an introductory course to six months (two to four hours a day). The fees too varies from ₹15,000 to ₹1.45 lakh.
Courses are open to students from various fields as also industry professionals who want additional certifications and training to improve their knowledge in the cyber security domain. IIS also conducts training workshops and seminars for corporates to give training for their internal cyber security. The course fee depends upon the type of training, duration and the course opted for. For the entry-level training for instance, the course fee is ₹12,500 per student. Says Ms. Mookhey, “We need a minimum of five students [in a company] to deliver the training session.”
Their regular clients include DRDO, Indian Navy, ICICI Bank, HDFC, Infosys, Wipro and Capgemini, among others. From a batch of four students in the first year, IIS has trained more than 6,500 students in their institute and has branches in Pune, Delhi, Chandigarh, Hyderabad, Bengaluru and Dubai.
Jigar Bhanushali, 22, who is interested in information security, joined IIS’s Certified Information Security Consultant course last year, immediately after completing his degree in computer applications. The eight-month course has helped him deepen his knowledge of the subject, he says. “The practical assignments with multiple applications and servers with various degrees of interactive challenges have helped boost my confidence.”
Saish Rane, 21, joined the Certified Information Security Consultant course and the Certified Ethical Hacker course soon after a degree in information technology to “gain advanced knowledge of highly technical concepts as well as hands-on training in this relatively new domain”. In this course, he says, “we are exposed to real-time scenarios where we actually live through an attack, giving us a deep understanding of essential security systems.”
The founders want IIS to grow organically, to spread awareness about Information Security and open branches all over India and overseas to
provide easily accessible, hands-on training. Ms. Mookhey says, “Only by practising the percepts can they be learnt best.”
