Published on the 21/09/2022 | Written by Heather Wright
While report notes real consequences of the gap…
Addressing the cybersecurity skills shortage isn’t possible through any singular approach and alternative approaches are now needed a new report warns, as it ups Australia’s cybersecurity professionals shortfall to 30,000 over the next four years.
The Per Capita report for A/NZ cyber security services company CyberCX, Upskilling and Expanding the Australian Cyber Security Workforce, suggests the skills gap is greater than previously thought.
“The nature of this shortage necessitates a co-ordinated approach, that includes a re-evaluation of the traditional approach.”
AustCyber’s pre-pandemic Sector Competitiveness Plan 2019 highlighted an expected shortfall of nearly 17,000 cybersecurity workers by 2026 – and noted that education providers increasing cyber security courses ‘could’ see the number graduates quadrupling to 2,000 a year by 2026.
Training not keeping pace with the emerging needs is also highlighted in Per Capita’s report, which notes that ‘the increase in candidate numbers skews largely to international student enrolees’.
“Addressing this skills shortage, given the highly technical nature of the work, is not possible through any singular approach.
“The nature of this shortage necessitates a co-ordinated approach, and one that includes a re-evaluation of the traditional approach to technical education.”
The (ISC)2 – the world’s largest nonprofit association of certified cybersecurity professionals – has also been ringing the warning bells over shortages. It says there’s a workforce gap of 1.4 million across Asia Pacific, and 25,000 in Australia.
Asia Pacific logged a declining workforce gap in the (ISC)2 2021 Cybersecurity Workforce Study, but the (ISC)2 says that doesn’t indicate a problem solved, noting APAC economies are reporting slower economic recovery and a disproportionate number of SMBs going out of business, alongside strong IT service providers as contributing factors.
That report also highlights the real consequences of the staff shortages, showing when cybersecurity staff are stretched thin, there are real negative consequences for their organisations, including misconfigured systems (32 percent), not enough time for proper risk assessment and management (30 percent) and slow patching of critical systems (29 percent). Oversights in process and procedure (28 percent), the inability to remain aware of all threats active against a network, and rushed deployments (both 27 percent) were also cited by survey participants as negative impacts their organisations had experienced because of cybersecurity workforce shortages.
While skills shortages are being felt across many industries and skill sets, technology has been particularly hit, and the Per Capita report says cybersecurity skills are now in shorter supply than cloud computing and cloud infrastructure – the skill previously in shortest supply.
International demand for talent, with developed markets including Canada, the UK and the US, offering strong employment opportunities for Australian professionals, is further exacerbating the issue.
The report warns that the skills gap in Australia is ‘arguably a significant economic and national security concern’.
“A major study of technical professionals and educators identified cybersecurity as the most significant technical skill shortage globally.
“This international contestation will result in competition for migration talent within key markets where there is no dearth of talent.”
While established training pathways through universities and TAFEs are stepping up their work, the report says that’s unlikely to be enough to deliver the qualified graduates needed, particularly with the high value of practical experience.
Instead, the report suggests supplementary models, such as bootcamp/intensive training models and the academy-style programs sponsored by cyber and technology companies to support more rapid re-skilling of workers from other technical and non-technical fields will be required.
A range of industry programs have been launched in recent times, including a partnership between AustCert and Microsoft for the Cyber Security Microsoft Traineeship Program combining formal training with paid, on-the-job experience, and La Trobe University’s cybersecurity initiative, launching microcredentials, providing hands on work-baed learning, and aiming to engage more than 80,000 high school students in cybersecurity concepts and education.
La Trobe’s initiative has received AU$2.35 million from the Commonwealth Government under the Cyber Security Skills Partnership Innovation Fund to partner with industry to lift the country’s cyber security capability.
Targeted immigration will also be ‘a critical supplement’ in the short term. But the report also issues a caveat for the immigration solution, noting that migration and investment in skills and the foundational economy are complementary and can strengthen the research and innovation base, migration can’t be at the expense of training investment.
The report notes the Global talent Visa Program, while ‘significant and compelling’ offers limited scope to address current and future sector specific skills shortages in isolation, given existing quotas.
More expedient and longer term Visa categories may be necessary in the short to medium term, depending on cyber crime rates and changing business requirements in the coming months.
“It is critical, however, that any skilled migrants that are making valuable contributions to the Australian economy are retained, and employed securely, or there is significant risk of a reverse brain drain, whereby cyber professionals hone their skills within the Australian market, but return after they have improved their capability set.”
Among the other recommendations outlined is the integration of TAFE and univestiy qualifications to enable learners to access employment opportunities while completing degree programs. Funded upskilling of public sector workers via dedicated tertiary and vocational/academy partnerships is also advocated.
“Given the sensitive nature of much of this category of work, establishing a domestic talent pool is essential to the national interest.”
