A Catalyst for Cybersecurity Growth

The BSides Dhaka Meetup was a remarkable event, brimming with energy and excitement as cybersecurity professionals and enthusiasts came together to share knowledge, exchange ideas, and build connections. As I reflect on the experience, the event was not only a platform for technical discussions but also a space where deep-rooted challenges in the cybersecurity landscape were explored. The discussions during the event underscored the importance of addressing local challenges while framing them within a broader, global context.

The Current State of Cybersecurity: A Local and Global Perspective

One of the central topics I addressed as a speaker was the current state of the cybersecurity industry, both locally and globally. The job market in industries such as telecommunications, finance, and software/security is evolving rapidly, with a growing demand for cybersecurity professionals. Yet, despite this demand, a significant skills gap persists. This gap presents a formidable challenge to industries looking to safeguard their critical infrastructure, especially in countries like Bangladesh, where cybersecurity efforts are still in their developmental stages.

Proactive vs Reactive Approaches: A Global Comparison

The discussion during the event wasn't confined to local issues alone. Conversations with Jubaer Alnazi from TRS Group of Companies and Amit Kumar from Google highlighted global cybersecurity trends and best practices. As someone with global experience, I was able to draw parallels between Bangladesh and more advanced cybersecurity ecosystems. In other countries, there is a clear focus on proactive and agile approaches to cybersecurity. Organizations are quick to adapt, constantly innovating, and placing a high priority on preventive measures. Unfortunately, this is not yet the case in Bangladesh.

Here, the cybersecurity landscape has been largely reactive, with significant progress only emerging after high-profile incidents, such as the Bangladesh Bank heist. The heist, which made headlines globally, was a wake-up call for the nation. It was then that cybersecurity gained traction, but the approach has remained largely compliance-driven. Organizations tend to focus on meeting minimum regulatory requirements rather than developing proactive defense mechanisms that can detect and mitigate threats before they escalate.

Challenges with Mindset and Resource Allocation

A key issue I highlighted during my talk was the mindset within the cybersecurity industry. Many practitioners operate with a reactive mentality—waiting for something to happen before addressing vulnerabilities. There is a lack of prioritization when it comes to understanding and researching threats before diving into solutions. In many instances, individuals and organizations prioritize compliance over genuine security, ticking boxes rather than building robust, adaptable security systems.

The human factor also emerged as a crucial point of discussion. The cybersecurity workforce in Bangladesh is still under-resourced and, in many cases, unorganized. There is a troubling trend where individuals often exhibit more confidence than their actual knowledge allows, creating a false sense of security. This is compounded by a general lack of both theoretical and practical knowledge in the field. Professionals may possess certifications but lack hands-on experience, which is critical in a dynamic field like cybersecurity.

The Importance of Understanding Before Acting

As I shared in my discussion, one of the major shortcomings in the local industry is the insufficient focus on understanding and researching before taking action. Cybersecurity requires a deep understanding of systems, threats, and vulnerabilities, yet too often, individuals and organizations rush into implementation without a clear strategy. This shortfall is evident in how data is handled—too often treated as an afterthought, rather than the valuable asset it is. Organizations need to start caring more about data protection and security as a core part of their operations, not just a compliance checkbox.

Expected Improvements: Bridging the Gaps

In contrast, my global experience has shown me that other regions emphasize a proactive approach to cybersecurity. Organizations there are more agile, quickly adapting to new threats and developing solutions that prioritize prevention rather than reaction. This is something we must aspire to in Bangladesh if we are to keep pace with global security standards. The focus should shift from compliance-driven security to a priority-based, proactive approach that integrates continuous monitoring, early detection, and swift response.

To move forward, there must be a concerted effort to increase knowledge within the cybersecurity community. This knowledge must not only be theoretical but also deeply rooted in practical experience. There is a critical need for hands-on training, simulations, and real-world problem-solving that goes beyond what certifications alone can offer. Professionals must be encouraged to learn continuously and to share their knowledge openly with the community. This will help build a more resilient cybersecurity ecosystem, where collaboration and shared learning become the foundation for progress.

Collective Effort for a Resilient Cybersecurity Future

In conclusion, the BSides Dhaka Meetup was an inspiring event that brought critical issues to the forefront of our discussions. As a growing cybersecurity community, Bangladesh has significant potential, but to fully realize it, we must address the challenges of mindset, knowledge gaps, and reactive approaches. By fostering a culture of continuous learning, prioritizing proactive cybersecurity, and building stronger community ties, we can position ourselves to tackle both local and global cybersecurity challenges. The path forward is clear—only with collective effort and a shared vision can we build a resilient, future-ready cybersecurity landscape.