New study reframes Australian cyber security skills shortage

21 November 2016

Companies that fail to recognise the importance of cyber security expertise within their organisation might be contributing to the view that Australia has a cyber security skills shortage, according to new research.  

The study by the Australian Information Security Association (AISA) suggests that the skills shortage is better characterised as a failure of some organisations to resource appropriately, rather than the belief that there are not enough people to fill available jobs. Conducted over four months, the study included a member survey, analysis of job ad’s and interviews with key stakeholders.

Seventy eight per cent of AISA members surveyed believe that there is a shortage of qualified cyber security workers for available positions in Australia, however, further analysis of the data suggests that the problem is deeper than demand simply outstripping supply. 

AISA members believe a large proportion of organisations are not putting the right number of people with the right skills into appropriate positions, although many acknowledge there are several organisations which do support well-resourced security teams.
This resourcing problem is fuelled in part by a failure on the part of management to appreciate information security risks, according to AISA members. This failure may in turn be a consequence of the relative immaturity of the Australian cyber security skills market.  

From the supply side, there is evidence of high levels of frustration from those looking to enter the cyber security work force, with too much focus by employers and recruiters on prior experience and detailed knowledge of very narrow and specific areas, which unnecessarily narrows the pool of available candidates.

The reluctance of many employer organisations to invest in development of entry level cyber security workers is a particular concern, given the average Australian cyber security worker is 36 or older, with a large number looking to retire in the next 10 to 20 years. It also raises questions about the career prospects of graduates from vocational and tertiary courses, more of which are being rolled out to address the perceived crisis. 

AISA CEO Arno Brok says there are several organisations in the Australian economy that do cyber security well while many do not even have cyber security on their radar or see it as irrelevant to their business. 

“Those who are doing it well have the budget and understanding of their own requirements to recruit and train the people they need,” says Mr Brok. 

Ms Siganto, AISA’s Director of the Cyber Security Academy (CSA) says a more mature appreciation of how important information security is to ensuring trust and protecting organisational reputations will help raise the profile of the profession and provide a more clearly marked pathway for cyber security workers.

“AISA has an important role to play in helping employers understand the kinds of skills information security practitioners can bring,” says Ms Siganto. 

Based on the findings from this research AISA is pursuing a number of important initiatives including:

• Publishing a Cyber Security Careers Guide identifying job roles and career pathways for those interested in pursuing a cyber security career, employers and recruiters to improve their understanding of the cyber security skills ecosystem
• Working with employers to increase their understanding of the need to invest in and grow Australia’s cyber security capability
• Working with the Australian Professional Standards Council to identify Cyber Security as a profession under the scheme.

AISA’s Report ‘The Australian Cyber Security Skills Shortage Study 2016’ is available for download from the AISA website: https://www.aisa.org.au/CyberSkillsReport

Media interviews: 

Jodie Siganto, Director, Cyber Security Academy, AISA
M: 0408 275 733 E: [email protected] 

Arno Brok, CEO, AISA
M: 0404 885 373 E: [email protected] 
W: www.aisa.org.au/CyberSkillsReport

About the Australian Information Security Association (AISA)

The Australian Information Security Association (AISA) is the peak body for information and cyber security professionals. AISA champions the development of a robust information security sector by building the capacity of professionals in Australia and advancing the cyber security and safety of the Australian public as well as businesses and governments in Australia.