Solving Australia’s Cyber Skills Shortage? the right training is a good beginning
At a time where digital transformation is making individuals, businesses and governments increasingly vulnerable to cyber-crime, Australia has a severe cyber security skills shortage.
Both the Information Systems Audit and Control Association (ISACA) and the International Information System Security Certification Consortium (ISC)² detail in their latest reports a potential global short fall of up to 2.93 million cyber security professionals.
Closer to home, AustCyber have predicted industry will require at least 11,000 additional workers over the next decade to meet existing demand – without factoring in government aspirations to create a stronger cyber security sector.
It is clear that Australia needs more cyber professionals but governments and private organisations are finding it difficult to find the right people for roles. Many are technically qualified, but lack the real world skills and experience to do well.
So there is a dual problem; the number of people in the workforce and the quality of skills and experience they possess. Shoring up the way we teach cyber security in this country will go a long way to improving this.
The first step could be establishing a national benchmark for cyber education.
In the US, a partnership with government, tertiary institutions and the private sector, have developed the National Initiative for Cybersecurity Education (NICE) that address current and future cybersecurity education issues through the promotion of best practices. Their framework helps both employers and employees to set a standard that all can work towards.
In the UK the recently established UK Cyber Security Council, represents government, professional bodies and industry with the aim of developing cyber security as a nationally recognised and established profession with clear career pathways. A similar Australian framework would benefit us in the design of cyber security education creating a benchmark to assess a candidate’s suitability for a role.
The second step is ensuring the principles of cyber security and ICT skills are introduced into our schools early.
STEM students are still in short supply, despite initiatives to increase numbers. Introducing cyber security to young people at a young age has a twofold advantage. To stimulate an interest and desire to pursue a career in cyber and, as our next generation of digital natives are immersed in a cyber-world, to make their online experiences safer.
The third step involves the private sector actively promoting and investing in cyber skills and their cyber professionals with lifelong training programs.
Companies should also review their hiring processes. Qualifications and certifications are important, but indications from the USA and Europe suggest a more holistic assessment of candidates based on personal characteristics such as resilience, curiosity and problem solving are important too.
Ex-members of the military and security services often have the aptitude to re-skill as cyber professionals as do graduates holding non-STEM degrees. On the other side of every hacking attempt is a human brain trying to discover and exploit vulnerabilities. Being able to think from their perspective and anticipate their actions is a valuable skill.
Vocational education, also has an important role to help re-skill members of the existing workforce, who wish to switch careers or up-skill within their current job. It can also help in providing alterative pathways for schools-leavers to gain entry into the cyber workforce, where university may not be a viable option. TAFEs and Canberra Institute of Technology are offering excellent nationally recognised cyber education programs that can be tailored to suit individuals’ personal situation. These offerings are often a highly cost effective alternative to academic offering or professional certifications.
While cyber vulnerability continues to provide rich pickings for the hackers, we are going to have to keep employing more and more people. Don’t let your business be a cyber-fail for lack of the right cyber professionals.