Coming from the 2022 Australian Information Security Association (AISA) CyberCon in Melbourne, Jeremy Daly, Cyber Security Lead at DDLS, reflects on the variety of people who have entered the cybersecurity industry over the last few years and the multitude of ways in which they have done so. This article was originally published on SecurityBrief by TechDay Network.
The key things needed to narrow the cybersecurity skills gap
The 2022 CyberCon in Melbourne this October saw the physical gathering of leading cybersecurity companies, professionals and industry experts for the first time in a few years – an especially pertinent meeting given the recent string of breaches Australia has faced.
What stuck out to me was the variety of people who have entered the industry over the last few years, and the multitude of ways in which they have done so. No two pathways into cybersecurity are the same. In order to continue plugging the now-critical cyber skills gap, we need to think outside the box on how we educate people, and how we can break down barriers preventing them from entering the industry.
Growing the cybersecurity community through equal opportunities
Based on internet job vacancies and national-level employment projections, number 2 on the 2022 Skills Priority List in Australia is Software and Applications Programmers, with 7,841 vacancies. ICT Business and Systems Analysts are 9th with 3,830 vacancies, while Contract, Program and Project Administrators are 14th with 2,842 vacancies.
Meanwhile, Per Capita-CyberCX suggests that the industry could see up to 30,000 unfilled positions in four years. And that this is a number that universities and TAFEs will be unable to meet.
It also appears that places like Western Australia, South Australia, the Northern Territory, and Tasmania need more focus on boosting cyber security skills.
To promote equal opportunities and reduce barriers to employment, the Government has proposed immediate actions to support Age pensioners, initiatives for Workplace Gender Equality and Strengthening the Respect@Work Council. These are reported outcomes from the Jobs and Skills Summit in September 2022.
The Government also pledged to:
Explore more options on place-based approaches that drive upskilling at the local level and address barriers to employment among disadvantaged groups and the long-term unemployed.
Continue to work with stakeholders to hasten the development of new remote and disability employment service models.
The fast-paced nature of ICT and cybersecurity knowledge
The Jobs and Skills Summit touched on the time it takes for people to complete a degree-level education to be ready to take on a role. Complicating this challenge is the rate at which technology changes and cyber security attacks occur. Consequently, the rate at which knowledge of cyber security updates is also fast.
There is a consensus that while university qualifications are valued, the lack of a degree or a relevant degree should no longer be a barrier. Most cyber security specialisations do not require a university-level or post-graduate studies qualification.
Not requiring a degree aligns with Jobs and Skills Summit discussions on using micro-credentials relevant to labour market needs. Micro-credentials, including work-based learning, will be placed in a proper framework and will be ‘stacked’ into full Vocational Education and Training (VET) qualifications.
To us, this is an unseen benefit, an opening to address the gap through flexible learning solutions. These flexible solutions can include:
Short courses for entry or junior-level professionals who can receive help from on-the-job training
Self-paced learning delivery for career shifters and busy professionals
Bootcamps where students can learn and continuously keep up to date with trends as part of a community
Students can book and sit short courses in a traditional classroom set up with an instructor, a virtual classroom set up with a remote instructor, in hybrid arrangements or seminars and webinars.
Focusing on flexible learning solutions offers the agility to adapt to changes in the cybersecurity landscape as they happen.
It also means hiring people with the right values as a starting point and then building their skills. Foremost of these values should be a hunger for learning, empathy, integrity, and a powerful sense of ethics.
Looking to the SFIA for guidance on behaviours and specialisations
You can develop other ideal traits further with practice, training, certification, and being part of an expanded network. These traits include:
Communication (including listening)
The values and characteristics above are part of the index of behavioural factors in the Skills Framework for the Information Age (SFIA).
SFIA was initially a framework for the ICT community. Since then, it has expanded as a way to map out the skills and competencies required by business and technology professionals who design, develop, implement, manage and protect the data and technology that power the digital world.
In the SFIA, Cybersecurity falls under the Strategy and architecture category under the Security and privacy subcategory. From there, you can find the following focus areas:
Personal data protection
Other cyber security specialisations fall in the Delivery and Operations category under Security services:
Getting started and finding your niche in cyber security
Some questions we get asked during tradeshows like CyberCon are “How do I get started? And how do I learn everything that needs to be learned?” Our best advice is to get started and take things in your stride. Fortunately, there are now many resources to help people learn cybersecurity fundamentals.
From there, you don't need to cover everything all at once. You don’t even need to complete a degree. You can explore and dive deep into the different specialisations through micro-credentials and certifications. You can also work on developing the various traits that make a strong cybersecurity specialist.
Understanding these focus areas and behaviours can help you make strategic investment decisions for skills development. And you can do so as you help address the digital skills shortage and create a more cyber-safe community.