Building the cyber security workforce Australia needs

Cyber security is now one of the most rapidly growing industries globally. The threat posed by the perpetrators of malicious cyber activities has spurred governments, the private sector and the research community to invest in cyber security products and services to the tune of around US$131 billion today - a figure which is expected to increase to almost US$250 billion by 2026.

The economic growth opportunity presented by the expanding cyber security industry is, however, underpinned by the need to develop an appropriately skilled cyber security workforce. In Australia alone, it is estimated that over the next decade our economy will require an additional 11,000 workers to perform various technical and non-technical cyber security work roles.

But what are the jobs in cyber security? And what are the skills required to perform them? These are two common questions asked by students, parents, educators and those in the existing workforce that are looking for a career change.

Common misconceptions include “cyber security is only a job in an IT team” or “a job in cyber security means you must join the defence force”. On the required skills front, it is common to hear “you need to be able to code” or “you have to study at university for a really long time”. Busting these and other myths about cyber security careers is crucial for attracting the right talent into the industry.

It is vital that we communicate to all Australians, in particular to young Australians, that while a career in cyber security may start in an organisation’s IT team, the nature of cyber security as a business rather than an IT risk means that it is unlikely to end there. Equally it is important to communicate the plethora of career opportunities in cyber security that don’t have a technical focus but rather require people with a policy, legal, risk or education background.

The crucial message is that cyber security is not a job. Cyber security is an industry with over 50 distinct work roles spanning technical ICT as well as non-technical roles. These work roles are categorised under 7 high level groupings.

The National Initiative for Cybersecurity Education (or NICE) workforce framework in which the cyber security roles are found, is a public resource. It is available to Australian employers, current cyber security staff, educators, workforce trainers, technology providers and students considering a career in cyber. The framework was developed by the National Institute for Standards in Technology (NIST) over several years and is maintained and updated in collaboration between industry, government and academia. NICE provides a full listing of cyber security work roles, job descriptions, and the knowledge, skills, abilities and tasks that relate to each.

The usefulness of the NICE framework for building Australia’s cyber security workforce is clear. NICE provides educational institutions with the means to map their curriculum so it’s clear how skills developed in a cyber related program align to different cyber careers. The framework provides students with a resource to explore different careers in cyber security as well as the means to self-identify what skills they require to perform the cyber career they aspire to. It also provides employers with the means to undertake targeted workforce planning, internal skill gap analysis, and a transparent mechanism to identify which education providers are skilling the cyber professionals they need in their organisations.

Is the NICE workforce framework a silver bullet? No. Is it better than starting from a blank piece of paper? Yes. Communicating this urgently and effectively to policy makers, educators, employers, and students is a necessary starting point to commence the myth busting around cyber security careers and set the scene for a much more sophisticated conversation about building the cyber security workforce that Australia needs.

Owen Pierce

Program Manager for National Research and Education

AustCyber - the Australian Cyber Security Growth Network Ltd

owen@austcyber.com I @OwenP1000 I @AustCyber

About AustCyber

The Australian Cyber Security Growth Network (AustCyber) is the industry-led and not-for-profit company responsible for delivering the activities of the Cyber Security Growth Centre initiative.

The global cyber security market is currently worth more than $100 billion and is expected to more than double by 2020. AustCyber will ensure that Australia is a global industry leader, able to export products and services in the global marketplace while helping Australian businesses and governments to address the growing threat of cyber-crime.