Australia has developed a reputation for its lack of cyber security skills but Telstra says you can find the talent if you’re prepared to look in unexpected places.
Telstra’s chief information security officer Mike Burgess said that some of the best available cyber security analysts needn’t necessarily come from traditional science and engineering backgrounds. He said while that those skills were still highly valued by the Telstra, highly inquisitive individuals from other disciplines could be just as valuable.
“Some of the best analysts I have seen in my intelligence career have double French majors or history majors and the thing that sets them apart is that they’re passionate about technology. They know the outcome but they are actually curious minded and they keep asking questions of the data or they seek out the data that get’s them the answer,” Mr Burgess said.
“I’ll break it down into two categories: discovery of analysts that can help you ask the questions of the data you already have to tell you whether you’ve got risky behaviour putting your networks or data at risk, or tell you whether you’ve got behaviour that is some miscreant stealing from you whether they’re internal or external,” he said.
Mr Burgess described them as “curious enthusiasts” but said that strong personal motivations around privacy protect were useful markers for identifying talent.
“Generally they’re motivated by their own privacy and the importance of privacy to other people. That’s a great starting point for a security professional,” he said.
Telstra primarily tries to recruit these individuals from tertiary education institutions but later career professionals could also help address Australia’s cyber security skills shortage, Mr Burgess said.
“There are many people who have used computers at home for hobbies but haven’t come from a traditional science and engineering background – it’s actually find those people that have a bit of geek in them but they haven’t chosen to do geek training at college or university,” he said.
Telstra’s strategy is a departure from that of the federal government’s Cyber Smart Nation initiative, which primarily aims to raise awareness of employment opportunities in cyber security and STEM (Science Technology Engineering and Mathematic) disciplines.
However, Burgess said there were potential pay-offs in taking a more creative approach to recruitment.
“There’s a good portion of the population that you’re missing if you just keep recruiting in your own image,” he said.
Australia sat alongside Mexico as one of the nations with the highest shortage of cyber security skills, according to the results of a survey by the US Washington DC-based Center for Strategic and International Studies (CSIS) conducted in partnership with Intel.
The survey of around 775 companies with 500 employees or more across US, UK, France, Germany, Australia, Japan, Mexico and Israel released late July revealed that 71 per cent of respondents reported “direct and measureable damage” to their network due to the skills shortage.
Mr Burgess did not dispute the notion that Australia was struggling as hard as other countries to develop a cyber security labour force. However, he remained optimistic that growing familiarity with technology among generations growing up with it around them would increase the potential pool of curious and enthusiastic recruits.
“They still need a passion for technology but people are getting better at that because that’s the world that we’re born into and that’s a natural thing these days,” he said.