Navigating Australia's cybersecurity skills shortage

The tech talent shortage in Australia is at an all-time high, with cyber skills in particularly short supply. The pandemic didn’t help. There aren’t any quick fixes, but there are things we can do today that will alleviate the problem and put us on a path to a bigger industry in the future.

The federal government’s commitment to invest $9.9 billion in the Australian Signals Directorate’s (ASD) cyber capabilities is a much-needed boost for the country’s cybersecurity skills landscape. But it will take time for the government’s investment to pave the way for lasting change. Right now, we’re looking at a full decade for the so-called REDSPICE investment to run its course, and other efforts to build the cyber skills pipeline in Australia are likely to take years to bear fruit.

While we wait for top-down initiatives to come to fruition, we need to find ways to manage our cyber posture amid a fast-evolving threat landscape and a legislative framework that is making cyber safety and data security board-level issues. There are three broad areas we can invest in today to lay the groundwork for the next generation of cyber professionals.

Education

When it comes to cybersecurity, the individual is often the weakest link. Often, most successful cyber attacks aren’t the result of brute force techniques but rather because someone unknowingly clicked on a dodgy link in a seemingly innocuous email. It can happen to anyone. Unless, of course, they’ve been shown how to recognise suspect elements in otherwise ordinary-looking digital messages.

This is just one example. There are many different types of potential attack vectors. However, if we are educated about the more common types of attacks, and even made aware of some of the less common threats, we stand a greater chance of fending them off. The same goes for the employees in a business. If everyone is strengthened through cyber risk education and awareness campaigns, they will collectively become more resistant to potential threats.

To make this approach commonplace, we need to continue to grow the importance of seeing cybersecurity as a business issue rather than a technology issue and more importantly, normalise cyber awareness as a life skill.

Training

The state border restrictions in response to the pandemic meant that many organisations could not easily get their hands on new talent. As a result, they began ramping up efforts to develop fresh cyber talent internally.

Internal development programs are not new and were already in the works among many businesses needing such skills, such as managed security service providers and the IT departments of other kinds of businesses. But the border closures accelerated these initiatives.

The country’s tertiary institutions, government training programs and skilled immigration can only do so much to fill the skills gap we have in Australia’s cyber landscape. It’s up to every organisation with a stake in the industry to do their part in developing the next generation of cyber experts.

Many local businesses are stepping up to bring their people further into the cyber profession. Earlier this year, we ran the first Australian edition of our Certification Program in IT Security (CPITS), aimed at providing the hard and soft skills needed to get started in the field of cybersecurity.

The free nine-week program sees participants earn industry-recognised certificates, and a number of those completing the program are offered employment opportunities with Trend Micro while many other individuals go into the market and get picked up by, for example, IT channel partners and their customers.

Partnerships

What do you do when you need additional skills quickly? You outsource them. Deep partnerships with trusted external providers can instantly patch the IT and cyber skills gap in the local market.

It seems this is no secret to many organisations in Australia. We saw local consulting firms, resellers and IT service providers experience up to one thousand times the service work they had budgeted for in the wake of the pandemic.

Much of the tech and cyber talent in Australia departed after the onset of COVID, with border closures preventing new skills from coming into the country. But organisations still needed support, so they went to market for cyber skills and took talent on as external help.

While this is good news for cybersecurity services providers around Australia, it has perhaps been too much of a good thing, with many of those providers themselves now struggling to find the talent they need to meet growing demand.

This is where upstream partnerships come into play. Taking a vendor-as-a-service approach to security services has enabled us to meet the skills needs of both IT partners and their end customers. We launched our Service One offering last year to enable this approach, effectively giving local businesses and their security service providers access to the thousands of cybersecurity experts we have around the world.

Such partnerships mean local organisations get the cyber talent they need right now, not in five or 10 years’ time when the local skills pipeline begins to bear fruit.

With these three areas taken care of, we will be in a better position to hold the fort until the cyber skills market is no longer a ‘zero unemployment’ industry. We won’t be able to solve every problem or fend off every risk that is thrown our way, but with the right education, training and partnerships, we can better stay afloat amid a rapidly changing threat landscape.

Image credit: iStock.com/EtiAmmos