Australia faces a massive skills shortage of cybersecurity professionals and the gap will only get worse unless more is done to invest in education, according to experts in the field.
Wednesday marked the launch of a $3.8 million government- and private-industry-funded joint education program called Cyber STEPs (Secondary to Tertiary Education Partnerships), designed to bring cyber education pathways to more high schools.
The aim of Cyber STEPs is for advanced cyber security to be taught to students in years 7 to 12. The program will also be available to TAFE, other Registered Training Organizations (RTOs) and universities.
Speaking at the launch, James Curran, CEO of Grok Academy, a nonprofit that promotes cyber education, says the skills shortage will only grow in the future.
“Right now, we’re talking about a shortage of 25,000 cybersecurity professionals in Australia,” says Curran, who is one of the original authors of digital technologies in the Australian curriculum.
“If all companies aren’t already heavily online, they soon will be. As soon as your organization is online, as soon as your people are storing data, managing operations, anything like that, in an online environment, you can be hacked from anywhere in the world.”
Grok’s Cyber STEPs program creates simulated cyber attacks in the real world for students to participate in. It has been running in schools since 2019 and so far more than 170,000 students have participated in online education.
Organizers say thousands of students attended Wednesday’s launch event, during which they heard from industry leaders about the importance of developing cybersecurity skills and why they should consider a career in the field.
Curran says that while it’s great to see student training being supported, what’s also needed is training for educators themselves.
“If you think about it, almost none of our 337,000 teachers in Australia ever learned about this stuff in school, never learned anything about this as part of their initial teacher training at university,” he says.
“We ask them to teach our children from elementary school onwards and, in many cases, teachers, like the rest of us, [are] making exactly the kind of mistakes we really need to protect our children from.”
Banks and technology companies are well represented among Cyber STEP’s private industry partners, stating that the industry needs the next generation of young people to be trained and interested in cyber security.
Luke Barker is the head of cybersecurity for British Telecom in Australia and says the cybersecurity component of his business, where they provide cybersecurity support to businesses, has been completely transformed in recent years, from being a fifth share of their total business now about four-fifths.
“We have to be at the forefront of that cyber resiliency, our customers require us to make sure not only that they are protected as a business, but also that their customers are protected,” he says.
Barker adds that the growing threats from cybercriminals change from industry to industry, however, those most at risk were small and medium-sized businesses that might not have the resources to implement the strong cyber defenses that larger companies have.
“There’s a lot of vulnerability in certain sectors, some like health care, for example, as well as other small businesses,” he says. “In addition, those businesses that are traditionally offline, such as manufacturing, are becoming targets due to the impact an attack could have on their day-to-day business.”
ANZ Bank Chief Information Security Officer Lynwen Connick says major financial institutions like yours were always going to remain a big target for cybercriminals, and maintaining a strong and robust defense system was essential.
“We have invested heavily in security, long before cyber became a cyber security issue,” says Connick. “What you will find is that we are [one of the] organizations, which work a lot on security and have very sophisticated security capabilities, [because we know] as a financial organization we will be targeted. And that’s why it’s something we take very seriously.
“But we want to make sure that we help others too, because we know that if there was a big cyber attack in Australia, it would affect the entire economy. And that is why it is equally important that we help others to do the same.
“I imagine we probably have a more strategic capability than most organizations will be able to implement at this stage. We see it very much as a defense-in-depth approach,” she adds.
Connick says she would like to see more young women enter what is the largely male-dominated field of cybersecurity. She says job opportunities and career options in the field were only growing.
“For more people to get involved in cyber security, we need more women, we also want more diversity because more diversity in any team will make it more successful,” she says.
She and other speakers at the event were keen to point out the range of career options involved in the cybersecurity space, emphasizing that not all options were limited to technologically advanced roles. Communicators, trainers, and teachers are among some of the non-technical roles needed.
Matt Wilcox, founder and CEO of cybersecurity workforce management company FifthDomain, says Australians are generally pretty cyber-aware and that we’re probably in the middle of the field of sovereign countries in terms of cyber security. of our preparedness for large-scale cyberattacks and online threats.
“We are not like an Estonia that has been living at the gates of a hostile country [and] who have essentially been over the years a testing ground for certain cyber weapons,” he says. “We are not like that. At the same time, we are not the worst of countries either.”
Wilcox says that organizations like his, which find and place cybersecurity professionals in various roles, are always looking for new talent and that cybersecurity would continue to be an attractive and highly paid destination for young people to work if they were will inform the opportunities.
He says he would like to see the government and universities invest more in bringing cybersecurity professionals from the field and back into universities to teach skills to a broader range of students.
“You have to think of this as a strategic investment, it takes years for what we’re putting in now to become a capability,” says Wilcox.