Skip to Main Content
Skip to main content

Microsoft, NAB and CITT partnership helps boost Victoria’s cyber skills and protect small business

Consortium of public and private organisations gives TAFE Victoria students valuable on-the-job experience while directly improving cybersecurity for small businesses

A unique partnership between Microsoft, NAB and Communications and Information Technology Training (CITT) – a not-for-profit industry-based organisation – is helping improve the resilience of the state’s small business sector, while providing cybersecurity students with practical industry experience.

The Student and Small Business Cyber Risk Project, supported by the Victorian Government, partners Victorian TAFE students who are enrolled in a cybersecurity qualification with an industry mentor and a small business in Victoria to conduct cybersecurity risk assessments.

Following a successful pilot in 2023 involving 64 students and 24 small businesses, organisers are now calling for more small businesses and mentors to sign up for the 2024 intake. They expect to enrol 200 new students this year, with plans to roll out nationally over the next two years.

As part of the program students are partnered with mentors from NAB and Microsoft to conduct a cybersecurity risk assessment using publicly available tools. The small business will receive a report with steps they could take to improve cybersecurity in their business.

“A lot of smaller companies struggle with a lack of skills or understanding of where to start when it comes to cybersecurity,” said Mark Anderson, National Security Officer at Microsoft Australia and New Zealand.

In many cases, taking a few simple steps can be enough to protect against 99 per cent of cyber threats. It’s been great to be involved in this unique and highly scalable program, which is contributing to strengthening our nation’s cybersecurity defences. – Mark Anderson, National Security Officer, Microsoft A/NZ

According to the Australian Signals Directorate’s recent Annual Cyber Threat Report, the average cost per cybercrime reported for a small business has risen by 15 per cent year on year, to $46,000 in 2023. Further, research from NAB shows small businesses feel they are ill-prepared in the face of cyberattacks. Only 15 per cent of small to medium enterprises (SMEs) in Australia conduct extensive training around scams and other cyber risks, while only 4 in 10 felt that they were vigilant around their cybersecurity.

“As Australia’s largest business bank, we feel a deep responsibility to support the small business sector,” said Sandro Bucchianeri, Chief Security Officer, NAB. “They are a huge driver of economic growth, employing two in every three Australian workers. Yet, they remain one of the most vulnerable communities to cyber attack, as they continue to face increasing costs of goods, ongoing labour shortages and rising rates of cybercrime.”

“As we’ve seen over recent weeks, cyber criminals are stepping up their tactics, targeting high profile Australian businesses on a near-daily basis, impacting everyone from our hospital system, legal system and business community. Initiatives like these will help the small business sector respond if they are caught up in a hack,” said Mr. Bucchianeri.

Partnering cyber students with small businesses

The Victorian Government has invested approximately $400,000 in the program, with in-kind contributions from other stakeholders taking the program’s value to nearly $1 million. The program is aligned with the Victorian state’s five-year, $50 million cyber strategy and its $64 million Digital Jobs program, both of which were launched in 2021.

“The Allan Labor Government is proud to invest in exciting projects that enhance Victoria’s high reputation as a leading digital economy,” said Minister for Skills and TAFE Gayle Tierney. “The Student and Small Business Cyber Risk Project is a great example of government and industry working together to ensure Victoria has the skilled workers needed for in-demand industries like cybersecurity.”

Students who complete the program receive an industry certificate, verifying their satisfactory participation in the project and improving their readiness to participate in the workforce.

“What makes this program unique is that it’s industry-driven, industry-based and built in conjunction with organisations who know cybersecurity and Australia’s small business sector,” said Dominic Schipano, National Executive Officer at CITT. “The program empowers TAFE students in Victoria on their journey to build a rewarding career in cybersecurity with not only a qualification but also valuable on-the-job experience. At the same time, it gives Victorian small businesses access to skilled and employable talent who will help them better understand cybersecurity within their business.”

Collaborative partnership enables innovative approach to cyber skilling 

CITT is managing the program and is closely supported by Microsoft and NAB, alongside the Victorian TAFE Network, The Victorian Small Business Commission and Victorian Skills Authority.

Microsoft, in conjunction with CITT and its partners has developed the program’s learning resources, and alongside NAB, has provided mentors and facilitators who supervise the students during their placement with the participating small businesses.

Cybersecurity is a team sport and we all have a role to play. This program is a great example of the impact that public-private partnerships can have in fortifying our nation’s cyber defences, and paving the way for a safer digital landscape. – Mark Anderson, National Security Officer, Microsoft A/NZ

From a small business participant: 

One of the first businesses selected to participate in the project was Bravo Careers, a Melbourne-based career development consultancy that offers services across ANZ, Asia, Europe and India. Client Relations Manager, Jonathon Hazelton, was responsible for overseeing the project and the four students who were selected to assess the company.

“As a career-focused consultancy, we manage a significant amount of sensitive data every day. We’re also a small company and, as with many businesses our size, we have faced challenges in the past that made cybersecurity a priority. But, as a small group of employees, this can be challenging, as none of us are experts in this area. That’s why we were interested in participating in the project,” said Mr Hazelton. “The risk assessment was key in helping us understand our current systems and processes, and to receive guidelines and recommendations on how to improve them. “

As a result of that, we were able to make more informed decisions and develop a clear cybersecurity policy that covers aspects such as data collection, access and storage. It also helped us to adopt a more proactive cybersecurity approach, rather than waiting for problems to happen. – Jonathan Hazelton, Bravo Careers

Small businesses can apply to participate in the program by contacting CITT. For more information, visit or contact 1800 628 765 and ask for the Cyber Security Project team.