Growing government and private-sector cybersecurity investments are bringing much-needed attention to a critical sector of Australia's economy – but increasing demand for cybersecurity skills is also exacerbating the scarcity of suitably skilled cybersecurity professionals in an increasingly competitive market where even recent university graduates struggle to find work.
That market has become so competitive that recent ESG research found 46 percent of organisations say they have a “problematic shortage” of cybersecurity skills this year, up from 28 percent last year.
IT systems integrators are struggling to find skilled security staff to service their customers, with 86 percent of respondents to a recent CompTIA survey confirming they were suffering from a security skills gap. Availability of security skills has emerged as a key area of demand this year as academics warn that the Australian government's cybersecurity response is decades behind those of comparable countries.
Cybersecurity is held as being crucial to Australia's economic future but, many argue, Australia's academic and business institutions are producing the wrong skills for the wrong century – driving claims that an adequate cybersecurity response will require “fresh thinking” from Australian industry leaders and policymakers.
Even academic organisations are feeling the pinch as cybersecurity continues to suffer brand-recognition problems and efforts to stimulate STEM education at university level will take decades to pay off; in the meantime, universities are working overtime to resolve persistent and long-standing gaps between the skills that graduates have and those that employers need.
“This is something being addressed at all different levels within Deakin,” says Sanjay Verma, head of information security and risk with Melbourne-based Deakin University, who has experienced firsthand how challenging it is to source skilled security professionals for his IT operation. Recognising that Australia continues to struggle both in terms of the availability of cybersecurity skills and in matching qualified candidates with the right jobs, Verma has become a vocal advocate for the new Cyber Security Online Marketplace (CSOM), a join venture between CSO Australia and SkillSapien that matches skilled cybersecurity job seekers with the jobs they are looking for.
CSOM has been designed for ease of use, allowing users to instantly bring in their LinkedIn profiles to a site where they can search through available security-related jobs – anonymously if they wish – or register to be notified as new opportunities emerge.
CSOM also facilitates confidential chats with potential employers to help those employers quickly narrow down their shortlists of candidates. The portal is invaluable for current university students and recent graduates that have great potential but need on-the-job training to apply their knowledge in real-world settings. “Imagine having direct access to a really few smart undergraduates and getting them involved in your newest Agile project where you want to drive 'Secure by Design',” says David Gee, a security consultant who has been involved in CSOM's design. “Students will love the experience and be able to work with the standup meetings, and also with the more senior staff to learn from them.
And in the future, when you are looking to fill a vacancy they are a perfect fit for the organisation. It is a classic 'win-win-win'.” The ability to provide easy access to the next generation of cybersecurity professionals differentiates the CSOM brand and has been welcomed by university academics such as the head of Deakin's School of IT – who, Verma says, “has been quite supportive of the CSOM brand”. “This is something that Deakin management at all levels has been in discussions about,” he explains, “to determine how we can collaborate with other parties to put interns into industry placements and give them real-life training from the operational point of view. “It is all about having the conduit and the touchpoint to give a platform for students so they are not only going through the teaching process but also learning and getting real-life experience.”
Deakin, along with other CSOM endorsing organisations including the University of Technology Sydney and Macquarie University, has actively supported CSOM as an innovative way of helping cybersecurity professionals tap into the fast-growing opportunities within Australia's evolving IT market.
“CSOM is quite a mature platform that builds on CSO Australia's established reach to different organisations and forums,” Verma says. “Partnering with CSOM puts the university in a position where we don't have to start anything from scratch. This is a tool that can be pulled into business-as-usual processes to be used within Deakin on a day-to-day basis.” Personnel and skills issues remain bugbears for CIOs but, with an election looming and Australia's cybersecurity future on the line, bodies such as the Australian Computer Society are warning that something has to be done around IT skills – and that it can't wait any longer.
Recognising the growing pinch, a range of organisations have moved to stake their claim on Australia's cybersecurity talent by establishing security-focused centres of excellence, with the likes of NEC Australia and Raytheon recently joining investments by the likes of NBN Co, BAE Systems Applied Intelligence, the Victorian government and the federal government's far-reaching Cyber Security Strategy predicated on attracting hundreds of cybersecurity specialists.
The paucity of local skills has been driving companies such as Tabcorp to look overseas for talent, even as new technologies such as the Internet of Things (IoT) leave IT-security executives unprepared and employment-site indicators suggest that interest in tech jobs from job seekers continues to increase – especially in Sydney and Melbourne.
As a growing number of students and skilled cybersecurity professionals register with CSOM, the importance of the portal will grow and employers will benefit from easy access to the crème de la crème of Australia's cybersecurity market. In the long term, this will pay off with easier resolution of cybersecurity issues and better ongoing access to the changing security skills that every organisation needs. “All organisations are looking for the right candidates for any piece of work,” says Deakin University's Verma, “and within my role I often require different skill sets at different points in time. In the long term the traditional model of going to recruitment agencies to find the right people will be gone; CSOM makes it easier to drill down into a specific skill set that I'm looking for, and quickly identify the right people.”