By Sue White
As stories about cyberattacks fill newspapers and newsfeeds with increasing regularity, a spotlight has been pointed at a skills gap: we need more cybersecurity experts.
“Cybersecurity is no longer looked at as a small function of IT. Instead, it is a business enabler and the CISO (Chief Information Security Officer) has more influence in the boardroom than ever before,” says director of cybersecurity services firm Sekuro, Daniel Barratt.
The recognition of the importance of security is not simply due to breaches. Reputational damage aside, companies see legislation tightening and higher penalties without what Barratt calls a “mature security position”.
“All of these factors have led to a sustained skills gap. [It means] expertise in cybersecurity is highly sought after.
As organisations struggle to find the people they need to build and maintain their resilience against cyber threats, people with the right skills are highly sought after.
“We are currently seeing a particular demand for skills including governance, risk and compliance – known as GRC,” says Barratt.
According to another industry specialist, director of Waterstons, Charlie Hale, Australia also needs additional ethical hackers.
“An ethical hacker is simply someone who likes the challenge of hacking and tinkering but does so in a manner where they aren’t negatively impacting organisations or people,” says Hale.
While ethical hacking can be a job in itself, more often it’s a skill set possessed by cybersecurity professionals. These specialists ‘hack’ their own security (or that of their clients), usually with the goal of highlighting cracks.
“You’ll find [ethical hackers] in a slew of IT and security roles. Think penetration testers, security engineers and cloud architects,” says Hale.
“The defining attributes are that they maintain a set of ethics, only practicing their skill set on their own infrastructure, and they cultivate an adversarial mindset, allowing them to identify problems,” she says.
Given the serious nature of security breaches, it’s unsurprising that the highest demand for cybersecurity professionals is for those with years of experience.
“[These are people] who can come in and solve issues quickly. What that means is graduate roles are still competitive with only a handful of entry-level spots available,” says Barratt.
“However, once you build up your experience, you’re going to have an invaluable skill set for an organisation.”
Barratt suggests graduates apply for programs willing to invest in your skill development: “Look for graduate programs that will train you up, expose you to the right networks and that have a decent success rate of employment with the company at the end of it.”
Active networking can also help those wanting to enter this profession.
“Attending or volunteering at events such as AISA conferences, B-Sides [a hacker conference] and SekuroKon are valuable. Upskilling via certifications and aligning with a mentor will also help to get your foot in the door,” Barratt says.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.
Source: Thanks smh.com