ICT Security Human ResourcesBudi Rahardjo

Institut Teknologi Bandungbr@paume.itb.ac.id

Current Situation

• The need for IT Security Professionals• But, not enough human resources available

locally

Need initiatives, strategies, to solve this challenge

Stakeholders / Positions To Be Filled• Industry

– Banking, Telecommunication, e-Commerce, companies in general

• Government– Policy makers

• Academics– Researchers, inventors,

Lecturers, Teachers

• Military– Cybertroops

To Do:Must map current and projected need

Level of Competence (Dreyfus & Dreyfus)

1. NoviceRule-based behaviour, strongly limited and inflexible

2. Experienced BeginnerIncorporates aspects of the situation

3. PractitionerActing consciously from long-term goals and plans

4. Knowledgeable practitionerSees the situation as a whole and acts from personal conviction

5. ExpertHas intuitive understanding of situation and zooms in on central aspects

America’s National Initiative for Cybersecurity Education (NICE) Strategic Plan,August 11, 2011

Certification vs. Formal Educationsimilar to software engineering

Certification• Too many certifications• Widely diverse• Not standard (yet)• Expensive

Formal Education• Has just started• Still a new field• Not available in most places• Not recognized (yet) by the

industry

Suggested Initiatives

• More security courses at universities• Security training at different level (from

awareness to advanced skill)• Security forum / sharing / conferences• Incentives for certification• Inexpensive certification• Regulation to make sure security is considered

Info Security Grad Programme at ITB

• Two paths– InfoSec Engineering– InfoSec Governance

• Facilities (Cybersecurity Center)– Malware lab (virus, botnet, honeypot)– Forensic lab

• Opening Agustus 2013

Concluding Remarks

• We have become too dependent on IT• Security is a major concern• IT security is still a new field• Professionals are in demand• Must fill the gap quickly