Telstra's curious approach to the cyber skills shortage

Australia has developed a reputation for its lack of cyber security skills but Telstra says you can find the talent if you’re prepared to look in unexpected places.

Telstra’s chief information security officer Mike Burgess said that some of the best available cyber security analysts needn’t necessarily come from traditional science and engineering backgrounds. He said while that those skills were still highly valued by the Telstra, highly inquisitive individuals from other disciplines could be just as valuable.

“Some of the best analysts I have seen in my intelligence career have double French majors or history majors and the thing that sets them apart is that they’re passionate about technology. They know the outcome but they are actually curious minded and they keep asking questions of the data or they seek out the data that get’s them the answer,” Mr Burgess said.

“I’ll break it down into two categories: discovery of analysts that can help you ask the questions of the data you already have to tell you whether you’ve got risky behaviour putting your networks or data at risk, or tell you whether you’ve got behaviour that is some miscreant stealing from you whether they’re internal or external,” he said.

Mr Burgess described them as “curious enthusiasts” but said that strong personal motivations around privacy protect were useful markers for identifying talent.

“Generally they’re motivated by their own privacy and the importance of privacy to other people. That’s a great starting point for a security professional,” he said.

Telstra primarily tries to recruit these individuals from tertiary education institutions but later career professionals could also help address Australia’s cyber security skills shortage, Mr Burgess said.

“There are many people who have used computers at home for hobbies but haven’t come from a traditional science and engineering background – it’s actually find those people that have a bit of geek in them but they haven’t chosen to do geek training at college or university,” he said.

Telstra’s strategy is a departure from that of the federal government’s Cyber Smart Nation initiative, which primarily aims to raise awareness of employment opportunities in cyber security and STEM (Science Technology Engineering and Mathematic) disciplines.

However, Burgess said there were potential pay-offs in taking a more creative approach to recruitment.

“There’s a good portion of the population that you’re missing if you just keep recruiting in your own image,” he said.

Australia sat alongside Mexico as one of the nations with the highest shortage of cyber security skills, according to the results of a survey by the US Washington DC-based Center for Strategic and International Studies (CSIS) conducted in partnership with Intel.

The survey of around 775 companies with 500 employees or more across US, UK, France, Germany, Australia, Japan, Mexico and Israel released late July revealed that 71 per cent of respondents reported “direct and measureable damage” to their network due to the skills shortage.

Mr Burgess did not dispute the notion that Australia was struggling as hard as other countries to develop a cyber security labour force. However, he remained optimistic that growing familiarity with technology among generations growing up with it around them would increase the potential pool of curious and enthusiastic recruits.

“They still need a passion for technology but people are getting better at that because that’s the world that we’re born into and that’s a natural thing these days,” he said.

Join the CSO newsletter!

Error: Please check your email address.

Tags chief information security officerCenter for Strategic and International Studies (CSIS)recruitmenteducationCISOSecurity professionalcyber skills shortagedata analysisCSO AustraliaTelstraMike Burgessbusiness intelligencesecurity training

More about IntelSmartTechnology

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Andrew Colley

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts