Australia’s cyber smart workforce
22 Apr 2016|

The long awaited Australian Cyber Security Strategy, released yesterday by Prime Minister Malcolm Turnbull, outlines a $230 million investment in national cyber security over the coming four years.  

While developing Australia’s cyber workforce in order to become a ‘Cyber Smart Nation’ is one of the Strategy’s four key pillars, it’s been allotted just $13.5 million of total investment.

By the Strategy’s own admission, creating a robust cyber security workforce is a fundamental prerequisite to achieving all other elements of the Strategy. However, the industry’s relative infancy means that current education trends aren’t creating the workforce that will be required to deliver the ‘innovation, growth and prosperity’ the Strategy promises.

Research suggests that there will be a global shortfall of 1.5 million information security professionals by 2020, and Australia’s no exception. An increase in cyber workforce demand is an acute national phenomenon—with the government expecting positions for computer security experts to increase by more than 20% over the next five years. In fact, trends on the ground are even more extreme, with job site SEEK showing that the number of computer security roles advertised increased by 60% in 2015 alone.

In light of these trends, yesterday’s Strategy outlines the government’s intention to increase the quality and quantity of individuals coming through all levels of Australia’s cyber security education pipeline.

The establishment of academic centres of excellence at universities is intended to enhance the quality of high-level cybersecurity education. Simultaneously, the Strategy reveals plans to increase the volume of cyber-skilled individuals through the expansion of cyber security training in Registered Training Organisations, including TAFEs, and the development of training for individuals at all career stages through cyber security short courses.

In a particularly positive step, the Strategy discusses the expansion of national cyber security competitions, such as the national annual Cyber Security Challenge Australia. Exercises such as these play an important role in talent discovery for the cybersecurity industry, yet currently only target individuals that are already in full-time tertiary education (PDF). Many highly skilled individuals aren’t necessarily being funnelled through conventional education channels. Thus, broadening the net of these competitions to a wider participant base is an essential component of capturing more of Australia’s cyber workforce potential.

This workforce plan is part of a broader government effort to address Australia’s low number of STEM professionals. The National Innovation and Science Agenda aims to increase the number of young Australians equipped for the digital age, investing $48 million in promoting STEM literacy in schools and $51 million in enhancing the digital skills of students and teachers.

Private sector organisations are also already addressing the shortfall of cyber security professionals. The Commonwealth Bank and UNSW have established a Security Engineering Partnership aimed at ‘boosting the nation’s reserve of quality security engineering professionals’. Similarly, Macquarie Telecom is collaborating with the University of Western Sydney to provide cyber security scholarships. Others such as Northrop Grumman, Telstra, Optus and Google are also looking for future talent at all levels of education through STEM-focused programs, scholarships and competitions.

Despite those positives, the Strategy could more directly address immediate skills gaps and gender representation. The Strategy astutely prioritises tertiary cyber security initiatives and the training of executives, bringing focus to efforts that will deliver change the quickest. However, it doesn’t address the fact that even these short-term goals will inevitably require several years of course design and implementation before change is felt on the ground. Even upon completion, cyber security graduates have to adjust to practical workforce dynamics and it may take significant time for them to attain the knowledge and skills enabling them to truly add value to the industry.

Unfortunately, five years is a long time in the digital world and we must consider more near-term alternatives. The NISA includes an initiative to ‘support innovation through visas’ by attracting entrepreneurs from overseas with an attractive and simple pathway to Australian residency.  However, this policy is currently limited to ‘entrepreneurs with innovative ideas and financial backing from a third party.’ Australia should consider expanding this framework to include cyber security experts and professionals, in order to immediately address the serious need for a cyber-skilled workforce.

This global employment shift isn’t only about numbers but also gender representation. Women constitute only 10% of the global information security industry, actually dropping from 11% last year.

Despite paying lip service to this issue, the Strategy dedicates only one line to how it will address this problem. Unfortunately, the effort isn’t only short but vague. It promises to undertake ‘a range of integrated actions developed with the private sector and research community’, though no detail is offered on how or when this will be achieved. It should be noted that the NISA includes an initiative to increase opportunities for women in STEM, to the tune of $13 million over five years. However, that doesn’t explain the relative absence of relevant policy in this Strategy.

Australia’s new Cyber Security Strategy provides a strong platform for the improvement of Australia’s cyber workforce, complementing the existing NISA and private sector initiatives. However, speedy implementation, plans for immediate skills gaps, and a more articulate strategy for female participation would further improve the prospects of Australia’s future ‘cyber smart workforce’.