Australia is currently experiencing a severe shortage of job-ready cybersecurity professionals. It’s estimated that the country could require approximately 16,600 additional cybersecurity workers by 2026.
Recruiting in-demand IT talent presents a significant challenge for the entire economy, from the public sector to dynamic startups and large multinationals.
What impact does a cybersecurity skills shortage have on the Australian economy?
In spite of Australia’s recent growth in its core cyber workforce, supply is not enough to meet demand. The number of cybersecurity vacancies and time to hire is well above the IT industry average.
According to a 2020 analysis of historic data of salaries, vacancies and time-to-fill, Australian businesses face a supply gap that could last until the mid 2020s.
One question for business is whether they can leverage transferable skills. Cross training existing IT professionals into new career paths could be an option
Another option is to offer training and professional development of existing talent pools. Providing access to security certifications for current employees could help to grow cybersecurity teams.
Why does cybersecurity matter in business?
Global society is more reliant on technology than ever before.
Whether it’s a small firm or a large global enterprise, chances are your business is dependent on digital technology.
And, while technological advances have expanded the economy, it also opens the door to new and rapidly evolving threats.
In 2018, Australia’s external spend on cybersecurity grew to $3.9 billion. However, according to the Morrison Government, cybersecurity incidents cost businesses in Australia an estimated $29 billion every year.
With complex systems in play and a lack of trained professionals, cyber attacks could inflict critical operational damage.
What strategies can firms take to prevent a cybersecurity talent shortage?
There are three main strategies your business can take to develop effective security teams.
Make - train from the ground up
Regenerate - upskill talent from other verticals within tech
Take - attract talent from the industry
Let’s discuss each of these in more detail:
1. Make - how can firms build a cybersecurity training strategy?
The first strategy involves training new employees from the ground up.
This method carries many benefits, such as long-term cost savings, internal knowledge sharing and talent retention.
Cybersecurity training is an essential investment.
Training has always been essential to business success. It provides your employees with the skills and knowledge necessary to do their jobs effectively.
We’ve already discussed that cybersecurity threats are costing Australian businesses $29 billion every year.
Increasing training investment can help companies improve in-house expertise to reduce risks, detect threats, and prevent incidents and attacks.
It’s worth considering graduate schemes as part of your cybersecurity training strategy.
Providing graduate training helps you build from the ground up and benefit from academic research in the field.
There are a number of ways you can attract talent from universities, including:
Offering mentorship programs. These will appeal to graduates without a lot of hands-on experience, but are willing to learn..
Contact universities to see if their curriculum contains your desired skill set. If they do, you can offer internship schemes, with the potential to keep graduates on once they’ve finished their studies.
It’s important to also be aware of the disadvantages of graduate schemes.
The average salary costs for a graduate would be lower, but they will require more support than an experienced specialist
It’s difficult to guarantee loyalty at this stage in their career
The time frame before graduates are fully productive may be longer than hiring experts
Training and development can be costly and resource intensive, although it can pay off in the long-run
2. Regenerate - upskilling existing talent with cybersecurity knowledge
The second strategy to prevent a cybersecurity talent shortage is to upskill your existing employees with a stronger understanding of cybersecurity.
Academic training can play a vital role but will be insufficient to meet demand. Transferable skills can play a significant role in attracting and developing talent.
In fact, a cybersecurity workforce study by McAfee found a wider variety of professions and trades transitioning to cybersecurity jobs. Including
People with strong problem solving skills are often well-suited to cybersecurity, as are those with scripting and reverse engineering skills. With this in mind, developers and programmers tend to be a good fit for cybersecurity.
When interviewing for transferable skills, try to avoid questions that are specific to cybersecurity.
Instead, consider scenario based questions that allow candidates to demonstrate a growth mindset and ability to learn. This will help you find employees with the capabilities to apply the skills they have to a cybersecurity role.
Cybersecurity awareness is not just an issue for the IT department
It is also important to increase awareness among all employees - not just those with an explicit focus on tech.
With that in mind, building cyber awareness through the organisation is an important element of a ‘regeneration’ strategy.
This can be done through the following steps:
Organize security talks and training sessions
Set up an early warning system to counter malicious spam campaigns
Preventing employees wearing badges with their personal identifiable information in public
Reminding employees of the risks when discussing confidential or client-specific information in public
Create a good practice guide that is easy to access for all employees and is regularly updated
Keeping up to date with developments
The culture in the cyber security sector is ever-changing and requires individuals to actively keep abreast of all developments. This could include support through sponsoring of courses and training to develop employee loyalty.
Today's job seekers value environments that are built to encourage individual learning and development. The benefit of offering training to employees means that your company will have an upskilled workforce.
3. Take - how can firms develop a cybersecurity talent acquisition plan?
Recruitment partners can provide expert knowledge of the market and where the best opportunities lie. If they have a strong enough network, they can source in demand talent both locally and globally.
They can also help you to market your employer brand to the talent you want to attract. A well developed employee value proposition gives candidates an insight into your company and creates inbound demand.
It is worth spending time, thinking about your digital identity and the various channels, candidates will use to research you.
Is your LinkedIn company profile up to date?
Do you monitor your Glassdoor page and respond to feedback?
Do you share employee testimonials or images of your office/site?
Do you encourage former employees to refer you as a great place to work?
The immediate benefits to a cybersecurity talent acquisition plan is hiring specialists to develop your ‘make’ and ‘regenerate’ strategies. Other benefits include:
A more streamlined hiring process
A better employee experience and candidate journey
Stronger diversity among candidate and employees
A talent acquisition strategy must consider candidate motivations and what security professionals want from their next employer.
Are you looking to hire cybersecurity professionals?
If your company is feeling the effects of the cybersecurity shortage in Australia, we can help.
Our technology workforce solutionsare designed to support you at every stage. We can provide talent acquisition, consulting and global employment services if you need to find skills from our global network.
We identify candidates according to your needs, so we’ll never put forward a candidate that doesn’t match your criteria. To find out more, speak to one of our specialists
This post was written by: Ryan Carroll, Regional Director - Australia & New Zealand