Supply gap persists despite higher salaries for security pros

High demand for cybersecurity professionals in India is leading to a rise in salaries being offered to such individuals by companies in India. However, despite a growth of 40% in salaries, an acute shortage of security professionals continues in the country, even as companies are forging ahead with digital transformation plans, especially with the expected rollout of 5G services in the coming months.

Siva Prasad N, chief business officer of staffing services firm Teamlease Digital, said that the average salaries of a cyber security analyst in India has gone up by “almost 37% to 40%” between August last year and now. He added that an “early-stage cyber security analyst” with at least four years of experience is around ₹7.5 lakh per annum right now. A ‘senior’ analyst in the sector, with at least a decade’s experience, earns around ₹22 lakh per annum, on average.

Cyber security analysts provide advisories to companies based on vulnerability reports from around the world. Unlike security researchers, who actually find flaws in programs and often even fix them, the analyst position is considered to be an entry-level role.

This rise in the average salaries may be an effort at plugging the demand-supply gap. According to data from staffing platform Quess Corp, sourced by Mint, the number of jobs increased by 113% in the past one year. The banking, financial services and insurance (BFSI) sector has been the chief recruiter with a 4.8x rise in job postings, the data showed.

Despite the industry’s best efforts, security professionals are unwilling to join Indian firms because of unfavourable work conditions and lower payouts against their regular freelance options. Skilled hackers build their own portfolios and earn a lot by doing work on the side, scoping out bugs in other products etc.

For instance, Dhiraj Mishra, an independent security researcher took up a full-time security analyst role at an investment bank in the UAE two-years ago.Alongside his regular paycheque, his employer allows him to pursue independent projects on his own time. “It helps me maintain a balance between the corporate role and my independent security profession,” he said.

The co-founder of a security firm, on condition of anonymity, said that the one-time payout of a bug bounty program can be significantly higher than the yearly salary of a 9-5 job. Companies, including behemoths like Apple and Microsoft pay millions to hackers who point out such flaws in their software, and Indian ethical hackers have been topping the charts in these lists for years.

For instance, in 2020, VPN-services provider AtlasVPN reported that Indian hackers netted over ₹35 crore between May 2019 and April 2020. Last year, security researcher Aman Pandey was cited as one of the top researchers in Google’s Vulnerability Reward Program (VRP), which is one of the bug-bounty programs run by the Search giant.

The person added that his own firm had 90 vacant positions, which they haven’t been able to fill in the last four months, despite offering steeper than usual salaries. Teamlease’s Prasaid said that over 70,000 cyber-security jobs are vacant in India at present.

The remaining professionals, according to industry executives, aren’t skilled enough. “One of the key issues is that while cyber threats and even security tools have grown in the levels of sophistication, professionals have not been able to upskill themselves at the same pace,” said Vijendra Katiyar, country manager, India and SAARC at US-based cyber security firm, Trend Micro.

The need for such professionals, industry experts said, will only increase going forward as 5G services roll in, bringing with it smart factories, digitized shop floors etc. Clifton Menezes, executive vice president of India Head Group Portfolio at Capgemini, said that the rise of the need for increasingly sophisticated security professionals can be linked to “the increased use of smart sensors, mobility solutions, connected devices, or robots in shop floors.”

Yogesh Zope, chief information officer and chief digital officer at manufacturing services firm Bharat Forge, said that while 5G will help “create new revenue streams”, such streams will also increase the risk of threats. “As more and more sensor-based devices are added to the network, hackers will be able to use a compromised device to infect other devices in an internal network,” Zope added.