Micro-Credentialling helps plug Australia’s cyber skills gap

By MySecurity Media Staff Writer ©

On the back of continued attacks and growing cybersecurity awareness, the cybersecurity industry is expanding fast. But the industry’s capacity to meet the demand for its services is constrained by a severe shortage of skilled workers.

The cybersecurity industry in Australia directly employed approximately 26,500 people in 2020. That’s tipped to grow by 7,000 by 2024. The Australian Government has nominated the skills shortage as a potential barrier to shoring up the country’s cybersecurity defences.

Australia’s 2020 Cyber Security Strategy flagged the problem, with the Government committing millions of dollars via the Cyber Security National Workforce Growth Program to address the skills shortage.

But medium to long term strategies do little to address the skills shortage now. The lack of clarity around pathways to a career in cybersecurity exacerbates the issue. However, micro-credentialing, short upskilling courses, and remote learning could provide a solution or stopgap.

“We have a huge demand in Australia for cybersecurity professionals,” says Dr Rebecca Vivian from the University of Adelaide’s School of Computer Science. “Cybersecurity roles are so diverse. You don’t necessarily need a technical background to work in the field. You could have a marketing background, or a law background, and add that layer of a cybersecurity micro-course, online course, or some sort of training, to add strength to what you are doing.”

While many cybersecurity short courses are free, and the knowledge learnt can be useful, payment of a fee usually results in a verifiable credential.

“It’s a nice way to demonstrate to employers you’ve been learning in the area,” said Dr Vivian. “You are seeing that demand creeping into businesses and all kinds of industries. Everyone needs to know about cybersecurity now, and education can play that critical role.”

Dr Vivian also sees short courses as a backdoor into the cybersecurity industry, particularly for professionals working

in other industries. She says they can also be pathways into a formal diploma or degree. A six-week self-paced course at home also offers a potential cybersecurity industry employee a handy taster of what the industry is really like.

“There are a number of courses on cybersecurity; we call them MOOCs – massive open online courses, anyone can go and enrol and learn about cybersecurity.”

The Australian Signals Directorate (ASD) needs cybersecurity workers with specific skills. They have six grades of cybersecurity knowledge; a learner who has some knowledge, the novice who understands cybersecurity requirements, the practitioner who can apply the knowledge and requirements, the senior practitioner who can enable, the principal practitioner who can advise on cybersecurity, and the expert practitioner who can do all of the above as well as initiate cybersecurity procedures.

The ASD’s grades may be more than the average business or organisation needs, but it provides a valuable framework for cybersecurity roles in an industry that largely lacks frameworks and clear pathways to entry.

Adding a layer of complexity to workforce shortages and the growing cybersecurity threat is the rise of remote working. An Australian Government Institute of Family Studies survey conducted in June found 67% of respondents now worked remotely some or all of the time.

It is a catch-22 for the industry because remote working raises cybersecurity risks in most businesses and organisations. But remote working makes cybersecurity industry recruitment and formal learning harder and more challenging to manage.

However, remote working can slot in nicely with short online learning, especially if it is self-directed and selfpaced. Remote working often allows for more flexibility than working in the office, making education a more viable option. It potentially elevates the role of micro-courses within the cybersecurity industry.

Dr Vivian says the demand is there for cybersecurity short courses, and there’s a growing number on offer. “It’s a nice way to have a short, more informal style of course,” she says. “But you are also building the skills you can apply in any sort of professional context.

She argues the cybersecurity industry is far broader than many assume. It goes beyond the technical and analytical roles. Consequently, there are many ways to enter the industry, and sometimes people need to think outside the box.

And that may be worth doing. The cybersecurity industry generated approximately $5.6 billion in Australia last year and is expected to grow to $7.6 billion by 2024. The average salary in the industry is around $90,000.

“There are a lot of different roles,” said Dr Vivian. “You could be combining your law hat, your policy hat, your medical hat… but by upskilling in cybersecurity, you’ll have the language to participate and inject diverse perspectives.”

Not-for-profit body AustCyber identified a critical shortage of nearly 18,000 people cybersecurity specialists in 2020. They also argue education and training is the answer.

Like the ASD, AustCyber has also documented a framework that describes and classifies the cybersecurity industry and its workers, attempting to bring some order to a young and untidy industry.

AustCyber groups cybersecurity work functions into seven categories. They further break down specialist functions into 33 types and work roles into 52 types. Each role has specific tasks and skills.

These frameworks provide, to say, a budding exploitation analyst, some sort of formal guidance in terms of the training and education required. The previous lack of documented guidance and framework is arguably one reason why the current skills shortage exists.

Dr Vivian thinks Australia’s cybersecurity workforce numbers will catch up, but it needs to be addressed through various pathways. She thinks upskilling the existing workforce through micro-courses and in-house training is one of those pathways.

But Rebecca Vivian also has an ace up her sleeve. Among other things, she is heavily involved in educating primary school-aged kids and their teachers about IT.

Down the track, a whole generation of cyber-savvy school kids will enter the workforce. They’ll have grown up as cybersecurity natives. For them, cybersecurity will be just another end of school option. Worse comes to the worse; they’ll sort everything out when they grow up.

MySecurity Media is an official partner with AustCyber’s Australian Cyber Week 2021 Virtual Conference between 25-29 October.

Join us for the ASITII Festival of Space that will take place throughout November.

Throughout the festival you’ll get to hear from incredible speakers on the most intriguing topics in Space, including National Space Update, Space Licensing, Rocket Technology, Spaceport Australia, Space Tracking and Mission Control, Satellite Manufacture, Space Launch Environmental Standards, and Investing in Space.

Build your network, gain knowledge and meet like-minded people, business and policy experts, academic researchers and students interested in the growing Space industry both in Australia and Internationally.

Sumen Rai, Director of the Defence Innovation Partnership Julia Mitchell, SITAEL Australia Dr Alice Gorman, Flinders University Dr Amy Parker, Centre for Earth Observation CSIRO Julia Dickinson, Lockheed Martin

Dr Malcolm Davis, Strategic Policy Institute Dr Catherine Grace, Assistant Director, South Australian Space Industry Centre Andy Koronios, CEO, SmartSat Todd McDonel, President, Global Government, Inmarsat Moderator: Chris Cubbage, Director & Executive Editor, MySecurity Media

Dr Benjamin Kaebe, Space Industries

Paul Williams, Black Arrow Space Technologies

Marta Yebra, Mission Specialist, ANU Institute of Space Dr Cassandra Steer, Mission Specialist, ANU Institute of Space Dr Francis Bennet, Mission Specialist, ANU Institute of Space Moderator: Catherine Ball, Associate Professor of Practice: Engineering, The Australian National University

Bidushi Bhattacharya, AstroHub Rob Kremer, Kinexus

Dr Carl Seubert, Chief Research Officer, SmartSat CRC Dr Peter Kerr, Coordinator, Defence and National Security, SmartSat CRC Dr Nick Stacy, Senior Principal Scientist, Space, Defence Science and Technology Group Professor Michelle Gee, Director, Sir Lawrence Wackett Defence & Aerospace Centre – Royal Melbourne Institute for Technology

Dr Gordon Roesler, Robots in Space

Mike Kalms, KPMG

Andy Bowyer, Kleos Space

Lloyd Damp, Southern Launch

Mark O’hare, Positive Place

Stephen Carroll, Evolv3

Mani Thiru, Amazon Web Services