1. ICT Security Human Resources
Budi Rahardjo
Institut Teknologi Bandung
br@paume.itb.ac.id
2. Current Situation
• The need for IT Security Professionals
• But, not enough human resources available
locally
Need initiatives, strategies, to solve this
challenge
3. Stakeholders / Positions To Be Filled
• Industry • Military
– Banking, – Cybertroops
Telecommunication, e-
Commerce, companies
in general
To Do:
• Government
Must map current and
– Policy makers
projected need
• Academics
– Researchers, inventors,
Lecturers, Teachers
4. Level of Competence (Dreyfus & Dreyfus)
1. Novice
Rule-based behaviour, strongly limited and inflexible
2. Experienced Beginner
Incorporates aspects of the situation
3. Practitioner
Acting consciously from long-term goals and plans
4. Knowledgeable practitioner
Sees the situation as a whole and acts from personal conviction
5. Expert
Has intuitive understanding of situation and zooms in on central aspects
6. Certification vs. Formal Education
similar to software engineering
Certification Formal Education
• Too many certifications • Has just started
• Widely diverse • Still a new field
• Not standard (yet) • Not available in most places
• Expensive • Not recognized (yet) by the
industry
7.
8. Suggested Initiatives
• More security courses at universities
• Security training at different level (from
awareness to advanced skill)
• Security forum / sharing / conferences
• Incentives for certification
• Inexpensive certification
• Regulation to make sure security is considered
9. Info Security Grad Programme at ITB
• Two paths
– InfoSec Engineering
– InfoSec Governance
• Facilities (Cybersecurity Center)
– Malware lab (virus, botnet, honeypot)
– Forensic lab
• Opening Agustus 2013
10. Concluding Remarks
• We have become too dependent on IT
• Security is a major concern
• IT security is still a new field
• Professionals are in demand
• Must fill the gap quickly