September 25, 2020
Source: JuSun/iStock
Australia is currently experiencing a severe shortage of job-ready cybersecurity professionals. It’s estimated that the country could require approximately 16,600 additional cybersecurity workers by 2026.
Recruiting in-demand IT talent presents a significant challenge for the entire economy, from the public sector to dynamic startups and large multinationals.
In spite of Australia’s recent growth in its core cyber workforce, supply is not enough to meet demand. The number of cybersecurity vacancies and time to hire is well above the IT industry average.
According to a 2020 analysis of historic data of salaries, vacancies and time-to-fill, Australian businesses face a supply gap that could last until the mid 2020s.
Figure 1 - Cybersecurity positions are harder to fill and command higher average salaries (Source: Australian Cyber Security Growth Network)
And, while a substantial number of academic institutions have launched cybersecurity qualifications, it’ll take time to develop this pipeline. At which point they may be in higher demand than ever.
Figure 2 - Cyber workforce demand and supply (Source: Australian Cyber Security Growth Network)
One question for business is whether they can leverage transferable skills. Cross training existing IT professionals into new career paths could be an option
Another option is to offer training and professional development of existing talent pools. Providing access to security certifications for current employees could help to grow cybersecurity teams.
Global society is more reliant on technology than ever before.
Whether it’s a small firm or a large global enterprise, chances are your business is dependent on digital technology.
And, while technological advances have expanded the economy, it also opens the door to new and rapidly evolving threats.
In 2018, Australia’s external spend on cybersecurity grew to $3.9 billion. However, according to the Morrison Government, cybersecurity incidents cost businesses in Australia an estimated $29 billion every year.
With complex systems in play and a lack of trained professionals, cyber attacks could inflict critical operational damage.
There are three main strategies your business can take to develop effective security teams.
Let’s discuss each of these in more detail:
The first strategy involves training new employees from the ground up.
This method carries many benefits, such as long-term cost savings, internal knowledge sharing and talent retention.
Training has always been essential to business success. It provides your employees with the skills and knowledge necessary to do their jobs effectively.
We’ve already discussed that cybersecurity threats are costing Australian businesses $29 billion every year.
Increasing training investment can help companies improve in-house expertise to reduce risks, detect threats, and prevent incidents and attacks.
Providing graduate training helps you build from the ground up and benefit from academic research in the field.
There are a number of ways you can attract talent from universities, including:
It’s important to also be aware of the disadvantages of graduate schemes.
The second strategy to prevent a cybersecurity talent shortage is to upskill your existing employees with a stronger understanding of cybersecurity.
Academic training can play a vital role but will be insufficient to meet demand. Transferable skills can play a significant role in attracting and developing talent.
In fact, a cybersecurity workforce study by McAfee found a wider variety of professions and trades transitioning to cybersecurity jobs. Including
Figure 3 - professional qualifications of those working in the field responding to McAfee’s Cybersecurity Talent Study (2018)
People with strong problem solving skills are often well-suited to cybersecurity, as are those with scripting and reverse engineering skills. With this in mind, developers and programmers tend to be a good fit for cybersecurity.
When interviewing for transferable skills, try to avoid questions that are specific to cybersecurity.
Instead, consider scenario based questions that allow candidates to demonstrate a growth mindset and ability to learn. This will help you find employees with the capabilities to apply the skills they have to a cybersecurity role.
It is also important to increase awareness among all employees - not just those with an explicit focus on tech.
Apparently, 51% of reported breaches are caused by ‘human error’. These lapses include password sharing and sending documents containing sensitive information to the wrong recipient.
With that in mind, building cyber awareness through the organisation is an important element of a ‘regeneration’ strategy.
This can be done through the following steps:
The culture in the cyber security sector is ever-changing and requires individuals to actively keep abreast of all developments. This could include support through sponsoring of courses and training to develop employee loyalty.
Today's job seekers value environments that are built to encourage individual learning and development. The benefit of offering training to employees means that your company will have an upskilled workforce.
The final strategy option is to create a cybersecurity talent acquisition plan.
Recruitment partners can provide expert knowledge of the market and where the best opportunities lie. If they have a strong enough network, they can source in demand talent both locally and globally.
They can also help you to market your employer brand to the talent you want to attract. A well developed employee value proposition gives candidates an insight into your company and creates inbound demand.
It is worth spending time, thinking about your digital identity and the various channels, candidates will use to research you.
The immediate benefits to a cybersecurity talent acquisition plan is hiring specialists to develop your ‘make’ and ‘regenerate’ strategies. Other benefits include:
A talent acquisition strategy must consider candidate motivations and what security professionals want from their next employer.
According to a study conducted by (ISC)², the majority of security employees want to work for a company
If your company is feeling the effects of the cybersecurity shortage in Australia, we can help.
Our technology workforce solutions are designed to support you at every stage. We can provide talent acquisition, consulting and global employment services if you need to find skills from our global network.
We identify candidates according to your needs, so we’ll never put forward a candidate that doesn’t match your criteria. To find out more, speak to one of our specialists
This post was written by: Ryan Carroll, Regional Director - Australia & New Zealand
Breaking the glass ceiling
Digitalisation in Oil and Gas – 3 ‘soft’ benefits to attract talent
Organizing Papua New Guinea visas and work permits
A reflection on the three-year anniversary of the Airswift brand
Going green: attracting and retaining talent
Australian mining industry workforce trends
Nuclear power employment in 2021: Trends to look out for
The post-pandemic energy workforce
2021 was the year that VC investments rocked the mobility tech sector
Best practices for energy companies to transition to a remote workforce