Solving the cybersecurity skills gap

Cyber Security

Solving the cybersecurity skills gap

The war for talent has a new battleground – cybersecurity. Fuelled by a shortage of trained personnel, businesses and governments are struggling to fill important vacancies. That’s forcing recruitment teams to be more creative in their search for relevant skills, which is leading them to some unlikely places.

Cyberspace gets bigger every day, which makes policing it increasingly difficult. About 90 per cent of the internet – or 2.5 quintillion bytes of new data – has been created since 2016. The digital universe is expanding so rapidly we’re quickly running out of words to adequately describe its vastness.

Large businesses and governments have tasked chief information security officers (CISOs) with building cybersecurity teams to keep sensitive data out of the wrong hands. Yet all of them face the same hiring challenge – there simply aren’t enough trained specialists to fill this critical need.

The Australian Centre for Cyber Security estimates Australia would need 500 graduates every year just to meet existing demand for cybersecurity skills. Even before you factor in continued growth in demand, our universities simply aren’t in a position to fill this void.

At a recent cybersecurity roundtable hosted by Microsoft, public and private sector CISOs said they’re looking well beyond traditional computer science graduates for new cybersecurity hires. While technical knowledge is useful, other skills considered critical for security work are often missing from the IT graduate pool. These include effective communications, knowledge of human behaviour and strategic thinking.

Recruiters have long advised hiring people for cultural fit and then training them to develop the skills you actually need. Many leading Australian CISOs are following this advice, focusing on in-house training programs where they can mould entry-level staff into cybersecurity experts.

Hiring on potential

People with diverse backgrounds bring different skills and approaches to the table. This is valuable in cybersecurity. A communications professional might seem alien to the world of data protection, but they’re skilled at taking complex information and distilling it into something which resonates with others. This makes them valuable training assets within cybersecurity teams, helping communicate its importance more broadly within a business or department.

Other businesses have had success filling cybersecurity roles with people from a range of different backgrounds – psychology students are skilled at tapping into the way people think, while mathematics graduates have a keen ability to solve problems. The FBI often hires graduates with accounting backgrounds to fill cybersecurity roles, attracted by their attention to detail.

Finding candidates with a natural aptitude can be a challenge and, for this reason, larger organisations use novel ways to find candidates. Hackathons allow them to find staff with suitable interests and foundational skills who might not otherwise be considered job ready.

Training is also important. Microsoft views cyber-awareness as a critical skill for the workforce into the future, as more and more systems and platforms become digital and move online. This is especially critical in the area of the nation’s defence. With the growth of defence contracts and the requirement for all suppliers to engage via a digital shipyard environment, the defence industry in South Australia is concerned about the general level of cyber-awareness among tradespeople and professionals such as plumbers, construction workers and engineers.

The Australian Cyber Security Growth Network is one of six federally funded industry growth centres. As part of our National Skills Program, Microsoft Australia is partnering with the Defence Teaming Centre and the University of Adelaide to pilot and launch a cyber-awareness micro-credential, with the support of the defence industry. This micro-credential will be delivered as a benchmark requirement for anyone who wants to work in the digital shipyard environment and is designed to lift base-level cybersecurity literacy across the wider defence industry workforce.

Given that cyber awareness is essential to Australia’s long-term resilience, it is intended that the micro-credential content be adaptable and scalable to suit other segments of the workforce, such as healthcare professionals, educators, retailers and public servants. Along with our collaborators, Microsoft’s aim is to make a substantial contribution towards making our community cyber-smart.

Collaborating for the future

While demand for cybersecurity skills is great now, it looks certain to grow as the threat landscape continues to evolve. Business and government need to adopt an open and creative approach to finding the right talent.

Although the education sector scaling a curriculum around cybersecurity will help, industry and government must continue schooling the next generation of cybersecurity professionals. At the same time, there’s a pressing need for organisations to extend cybersecurity education throughout the wider staff, ensuring this isn’t left to the IT department. Cybersecurity won’t be effective if it’s siloed.

Creating a cultural mindset where all staff understand they have a role to play in data protection is key because cybersecurity impacts everybody.  A consistent strategy for data protection rests on education – whether it’s the next wave of cybersecurity professions or the staff around your office.

Download our industry report now for in-depth analysis of how to navigate the new cybersecurity threat landscape.