Cyber Skills Gap Set to Widen
The Australian cyber security industry is chronically short of manpower, and with cyber attacks expected to skyrocket in coming years the problem is set to worsen.
However the good news is that this talent shortage is encouraging employers to rethink how they source the cyber skills they need, creating strong job opportunities for those interested in a career in cyber security and stimulating investment in artificial intelligence.
A recent warning from the federally funded AustCyber agency about the nation’s cyber skills gap has been echoed by employers and recruiting agencies across Australia. A survey of cyber security professionals and business leaders revealed most were finding it ‘difficult’ or ‘very difficult’ to recruit cyber security talent.
More capable people are needed in a wide range of roles, says Emma Neville, general manager of cyber security recruiting for international IT employment agency Halcyon Knights.
Across the board
“Cyber security is a diverse field, but there’s requirement for talent pretty much across the board,’’ says Emma.
“Skills that are really in demand right now are in areas such as cloud security, as more organisations are moving their operations into cloud and hybrid cloud solutions.
“There’s also a real focus on application security and Dev Sec Ops (which aims to ensure cyber security is built into new applications, rather than being ‘bolted on’ later).’’
With companies coming under ever more attacks, organisations are always looking for more people to work on their incident response teams.
“Skills on the defensive side of security are 100 per cent in demand, especially for people experienced in dealing with enterprise-level incident response and defence against complex attacks,’’ says Emma.
However proving that the best form of defence is attack, organisations are also spending more on offensive security. The aim here is to stay one step ahead of bad actors through threat hunting and penetration testing – performing mock cyber attacks to evaluate defences.
“So ‘red team’ professionals who can provide these services are in demand because they give organisations a real opportunity to learn where their security gaps are and what needs to be addressed in a proactive way,’’ says Emma.
Education and training
Experts say Australia’s lack of qualified cyber security staff can only be resolved taking by action on several fronts at once.
For one thing, women make up only around a quarter of Australia’s tech workforce, so addressing this imbalance would go a long way to alleviating the problem.
When it comes to education and skills development, it’s important to spread the net as wide as possible and tertiary education is key, says Emma.
“TAFEs and universities are doing a great job, providing some fine cyber security courses,’’ she says. “These are an excellent way to learn the fundamentals and get a good grounding in basic theory, and they also provide internships where students can get practical commercial experience.’’
However, while it is important to encourage the younger generation’s interest in technology and make them aware of different career options that they might not be across, we also need to be investing more in upskilling those already in the workforce, says Emma.
“There are a lot of skills within the broader technology remit that would lend themselves well to cybersecurity,’’ she says. “Rather than constantly looking outside of your own organisation, companies should be developing their existing intellectual property.’’
Recruitment agency Hays agrees, saying the good news is that the cyber security talent shortage has created lots of job opportunities for those interested in pursuing a career in the industry.
“Employers realise they need to keep an open mind when writing their selection criteria and reviewing candidates. People with strong soft skills and a background in IT can be upskilled into cyber security,” says Adam Shapley, managing director at Hays Information Technology.
In the absence of sufficient qualified people to maintain the nation’s cyber defences, machines are stepping up.
For example cyber security firms are training artificially intelligent systems to detect malware and viruses, and AI-powered systems can automatically collect data by scanning huge volumes of articles, studies and news about developing cyber threats.
“There are several interesting cyber security start-ups and other organisations focusing on how artificial intelligence can help companies uplift their defence capabilities,’’ says Emma.
“Given the cyber skills gap I definitely think automation of some of these tasks is an area that will continue to be leveraged further.’’