Australia is suffering a cyber security skills storage, and organisations may be unknowingly contributing to the problem.
According to a new study by the Australian Information Security Association, organisations that fail to recognise the importance of cyber security expertise within their organisation may be playing a role.
The study suggests that the skills shortage is better characterised as a ‘failure of some organisations to resource appropriately', rather than the belief that there are not enough people to fill available jobs.
Seventy eight per cent of AISA members surveyed believe that there is a shortage of qualified cyber security workers for available positions in Australia. However, further analysis of the data suggests that the problem is deeper than demand simply outstripping supply.
AISA members believe a large proportion of organisations are not putting the right number of people with the right skills into appropriate positions, although many acknowledge there are several organisations which do support well-resourced security teams, the study shows.
This resourcing problem is fuelled in part by a failure on the part of management to appreciate information security risks, according to the study. This failure may in turn be a consequence of the relative immaturity of the Australian cyber security skills market, AISA suggests.
From the supply side, AISA says there is evidence of high levels of frustration from those looking to enter the cyber security work force, with too much focus by employers and recruiters on prior experience and detailed knowledge of very narrow and specific areas, which it says unnecessarily narrows the pool of available candidates.
“The reluctance of many employer organisations to invest in development of entry level cyber security workers is a particular concern, given the average Australian cyber security worker is 36 or older, with a large number looking to retire in the next 10 to 20 years,” the company says.
“It also raises questions about the career prospects of graduates from vocational and tertiary courses, more of which are being rolled out to address the perceived crisis.
AISA CEO Arno Brok says there are several organisations in the Australian economy that do cyber security well, while many do not even have cyber security on their radar or see it as irrelevant to their business.
“Those who are doing it well have the budget and understanding of their own requirements to recruit and train the people they need,” says Brok.
Ms Siganto, AISA's Director of the Cyber Security Academy (CSA) says a more mature appreciation of how important information security is to ensuring trust and protecting organisational reputations will help raise the profile of the profession and provide a more clearly marked pathway for cyber security workers.
“AISA has an important role to play in helping employers understand the kinds of skills information security practitioners can bring,” says Siganto.
Based on the findings from this research AISA is pursuing a number of important initiatives including:
· Publishing a Cyber Security Careers Guide identifying job roles and career pathways for those interested in pursuing a cyber security career, employers and recruiters to improve their understanding of the cyber security skills ecosystem
· Working with employers to increase their understanding of the need to invest in and grow Australia's cyber security capability
· Working with the Australian Professional Standards Council to identify Cyber Security as a profession under the scheme.