Sumit Gupta, a young IT (information technology) security professional at a private IT security firm in Delhi, was so fascinated reading about cases of cyber crime while studying for a BCA (Bachelor of Computer Applications) that he decided to specialise in IT security.
His job now requires him to take counter measures against hacking of client sites. Though his father has yet to understand what exactly it is that Gupta does for a living, young Sumit loves what he does. “It is exciting. I can do it for 16 hours a day,” he says.
The work related to IT security can be divided into three parts. The first one involves finding out the reason for breach of cyber security. The next step is to trace the origin of hacking and, lastly, put measures that prevent the malware (malicious software) attack from happening again. Though every IT security expert is deployed at one of these three stages of security, he or she will not like to divulge the intricate details of their projects.
“As we are bound by the rules of confidentiality, we don’t get to know what our colleagues are up to,” says Gupta.
With soaring cyber crime rates, IT security is gradually gaining prominence in the corporate world and the government departments. “Information security and ethical hacking are the latest buzzwords in the industry. In today’s market with its cut-throat competition, leakage of information can be detrimental to an organisation’s future,” says Rajesh Huddar, head, information security practice, Mahindra Special Services Group.
Another industry insider, Anuj Khare, who co-founded IT security company Appin Technologies after quitting his US job, started out from a tiny office in Delhi six years ago. Thanks to the growth in industry, he now boasts of high-profile contracts, including those of the Delhi and Mumbai airports, for which 130 of his people are working.
“Companies till some time did not want to spend money on cyber security unless they faced an attack. Things are changing now. Earlier, only government departments and banks needed IT security tools, but now even mid-level traders require it and soon (every) company, small or big, would be clamouring for it.
It used to be a niche career but now, it’s not,” says Khare.
Considering the rising demand for IT security professionals, Delhi Technological University (DTU — previously known as the Delhi College of Engineering), introduced an MTech programme in information systems two years ago. “In IT companies, no product development happens without security measures. With cloud computing making inroads into our lives, information security is set to grow. Which is why, courses in data security and information systems are being added in engineering colleges at undergraduate and postgraduate levels,” says Dr Daya Gupta, head of department, computer engineering, DTU.
Those who undergo short-term courses in computer security might not get a cyber security job straightaway. They might be required to work in the networking space initially before they are promoted to more responsible positions. “We train our students in networking, hardware and cyber security simultaneously because all three subjects are interrelated. Initially, most of them join as network administrators before they are elevated to the security positions after two to three years,” says Ravinder Goyal, director, IACM, a chain of private institutes imparting education on computer related activities. IMT Ghaziabad also runs an online Masters level programme in cyber security and laws, but only for working professionals.
“Securing the IT space with foolproof measures is very important. In cases where financial transactions take place online, there should be 100 per cent security measures (in place), which most of the time is not the case,” says Prof AM Sherry, director, IMT Ghaziabad.
What's it about?
A cyber security professional puts the mechanism of checks and balances in place to prevent online frauds. Most crimes involve stealing of any critical information or siphoning off money by impersonating someone else in the virtual world. Security experts not only create secure computer applications but also trace the culprit in case someone manages to breach the security
9 am: Analyse threats and gaps in the current set-up
10 am: Check the vulnerability to virus attacks and security breach. Repeated checks are carried out.
3 am: Review the results of tests
5:30 pm: Create programmes, which are least prone to hacking
7 pm: Read updates and journals related to Internet security
Initially, one can earn anywhere between Rs 10,000 to Rs 15,000. With experience and qualification, one can earn Rs 20,000 to Rs 25,000 in two years. If you are already an MCA or BTech, your salary will be much higher, depending on the reputation of the institute which has conferred the degree
. Analytical mind
. Passion for IT and an ability to adapt to the changing technological demands
. Responsible attitude
. Willingness to learn, unlearn and re-learn. That’s what the IT industry demands
How do i get there?
Unfortunately, IT security training is not given at the undergraduate level. But, the institutes that offer BCA or BTech offer IT security as a small component, which is not enough if one wants to specialise in it. To meet that requirement, one has to undergo a full-time dedicated course in cyber security from any reputable institute before applying for a job. Those who hold a BTech degree can also go for a regular MTech programme in information security
Institutes & urls
. MTech in information security from Ambedkar Institute of Technology, Delhi affiliated to GGSIP University;
. MTech in information security and computer forensics from SRM Univerity, Kancheepuram and Chennai, Tamil Nadu.
Pros & cons
The job is exciting
Ensuring the security of IT systems of a government department or a company is a very responsible job, which gives one a sense of importance
Salaries are not good, especially for beginners
Cyber crimes are on the rise
The head of Karnataka CID, which investigates all cyber crimes in the entire state, talks about the spurt in e-crimes in the IT hub
What prompted Karnataka to set up its — and India’s — first full-fledged cyber crimes police station in 2001 ?
Karnataka is a pioneer in information technology and hence the police top brass of Karnataka thought that it would be necessary to establish a cyber crime police station in Bangalore. So, the police station was established in 2001.
Does the Karnataka police have in-house cyber security experts?
Yes, we have trained two detective inspectors working in Cyber Cell, CID, Bangalore. They have been trained not only in India, but by US agencies as well.
What kind of computer/ information technology training has Karnataka provided to its sub-inspectors for cyber and related crimes?
We have established a cyber training cell with the active support of Data Security Council of India, a wing of NASSCOM (a trade body representing India’s IT and business process outsourcing companies). A technical expert has been provided by NASSCOM and two experts by State CID to impart training. We train police officers, bank officials, prosecutors, defence personnel etc on a regular basis. For police officials, we give training on the basics of cyber crime and how to investigate such crimes.
Do you hire private service providers for handling/ cracking cyber crimes or related aspects of other crimes ?
Yes, we hire private experts on and off on a need basis to help us investigate cyber crimes. However, our own experts are quite good at their jobs.
On average, how many computer-related cases does the Karnataka police get in a month or year? Has there been a spurt in computer-related crimes in your state?
On average, Karnataka police registers about 120 cyber crimes every year. There has been an increase in cyber crimes in the past one year. This is because the IT Act has been amended and crimes carried out by using cellphones, too, have come under its purview. Of late, we have seen a rise in e-mails and text messages being used by criminals to lure unsuspecting people to part with their money.
Generally, what kind of cyber and related crimes does the Karnataka police have to deal with?
Generally, three major types of cyber crimes are committed. They are:
. Phishing mails by which the criminals fraudulently transfer amounts from the bank accounts of victims. Sometimes, fraudsters make the victims send (them) the money by saying that they have won a
. The second type of crime is related to morphing images of persons to harm their reputation and using indecent images of women/ children.
. The third category is related to job scams, wherein a victim is told that he has been given a job and he is asked to send money.
Of the three, 50 per cent of the crimes committed fall in the first category.
Can you give us an example of a major case that the cyber crime police station cracked with the aid of computer-related evidence?
It is a pity that in the past 10 years, there has been no conviction in India in respect of crimes under the IT Act. This is because the understanding of cyber crime on the part of law enforcement authorities, including the prosecution department, is not high. It is hoped that we will get convictions in the near future.
Dr DV Guruprasad, IPS, Director General of Police, CID, Karnataka Interviewed by Rahat Bano