ICT Security Human Resources

Budi Rahardjo
Institut Teknologi Bandung br@paume.itb.ac.id

Current Situation
The need for IT Security Professionals But, not enough human resources available locally
Need initiatives, strategies, to solve this challenge

Stakeholders / Positions To Be Filled

Industry
Banking, Telecommunication, eCommerce, companies in general

Military
Cybertroops

Government
Policy makers

Academics
Researchers, inventors, Lecturers, Teachers

To Do: Must map current and projected need

Level of Competence (Dreyfus & Dreyfus)

1. Novice
Rule-based behaviour, strongly limited and inflexible

2. Experienced Beginner
Incorporates aspects of the situation

3. Practitioner
Acting consciously from long-term goals and plans

4. Knowledgeable practitioner
Sees the situation as a whole and acts from personal conviction

5. Expert
Has intuitive understanding of situation and zooms in on central aspects

Americas National Initiative for Cybersecurity Education (NICE) Strategic Plan, August 11, 2011

Certification vs. Formal Education similar to software engineering

Certification Formal Education

Too many certifications Widely diverse Not standard (yet) Expensive

Has just started Still a new field Not available in most places Not recognized (yet) by the industry

Suggested Initiatives
More security courses at universities Security training at different level (from awareness to advanced skill) Security forum / sharing / conferences Incentives for certification Inexpensive certification Regulation to make sure security is considered

Info Security Grad Programme at ITB

Two paths
InfoSec Engineering InfoSec Governance

Facilities (Cybersecurity Center)

Malware lab (virus, botnet, honeypot) Forensic lab

Opening Agustus 2013

Concluding Remarks
We have become too dependent on IT Security is a major concern IT security is still a new field Professionals are in demand Must fill the gap quickly