[ISN] 99% of future IT workforce does not understand basic concepts of secure coding: Jay Bavisi

http://businesstoday.intoday.in/story/secure-coding-jay-bavisi-ec-council-nasscom-hcl/1/203605.html By Manu Kaushik Business Today February 22, 2014 The National Cyber Security Policy released by Indian government last year aims to create a workforce of 500,000 cybersecurity professionals in the next five years and build a training infrastructure through the public-private-partnership (PPP) model. Malaysia-based Jay Bavisi, President, EC-Council, a company that is involved in training and certification of cybersecurity professionals, says that the situation is worrisome for India as far as cybersecurity is concerned. The US-based EC-Council came into the limelight last year when reports emerged that Edward Snowden, the man who turned whistleblower against the National Security Agency and revealed its global spying programme, was trained at one of its training institute in New Delhi in 2010. Edited excerpts: Q. How prepared is India against growing cybersecurity threats? A. The problem that we are facing with hacking actually stems from the inability of coders to actually code securely. In India, we ran a competition where we partnered with more than 100 colleges, NASSCOM, HCL and several other large corporations. The results showed that almost 99 per cent of the future IT workforce in India does not understand the basic concepts of secure coding. We think that a better model is that every single developer, before he/she touches a code, has to be security-conscious. In India, the financial sector is extremely vulnerable because of the sheer risk associated with the sector. Then come defence, IT and telecom. But I think the risk is sector-agnostic. There’s a major risk for India simply because it’s a leading exporter of software in the world. Q. You are working with various government departments in India. What has your experience been? A. We are working with at least 15 government departments. We have trained law enforcement agencies, defence communities and peripheral agencies. Our engagement with government agencies is something we would not like to discuss due to confidentiality issues. […]