Australia must rethink its approach to cyber security to secure our digital future.

That's according to a panel of experts who spoke at the Australian Computer Society’s Cyber Security breakfast in Canberra this week.

Leading the speakers was the Minister Assisting the Prime Minister for Cyber Security, the Hon Dan Tehan, who stepped into the role in July last year, with the aim of improving Australia’s cyber security capabilities.

“Cyber security presents Australia with risk and with opportunities,” he said. “We have to make sure that we capitalise on the opportunities, but we also have to make sure that we understand the risks,” he said.

Since then, he has overseen the deployment of Australia’s $230 million Cyber Security Strategy, launched last April.

“It’s hard to point to any part of the Australian economy that isn’t in some way or some part digitalised,” said Tehan.

“That’s why the Australian government put in place its cyber security strategy, a $230 million plan to make sure we are understanding the risk but also putting ourselves in a place to be able to seize the opportunity.

“It’s making sure that in every way possible we are preparing ourselves to be as cyber secure as we possibly can, and we’re not going to be able to do that unless we have the cooperation of all those in the Australian community.”

Education matters

Although the funding has arrived, it is unclear whether Australia has the resources to capitalise on the opportunities cyber security presents.

ACS last year published Cyber Security – Threats, Challenges, Opportunities, which outlined that university graduates will make up only 1% of the predicted 695,000 ICT professionals required by 2020.

“We need more graduates with these types of skills,” said Tehan.

“The growth forecasts are enormous, and I’d say to any young boys or girls, please think about cyber security as a profession going forward, because there are a lot of threats in this area we have to deal with, but there are also wonderful opportunities to have a fulfilling career.”

[L to R]: Matt Loeb, Jill Slay, David Shearer, Andrew Johnson. Source: Hugh Eriksson

Jill Slay is one of Australia’s leading cyber security educators.

She has worked as the Director of the Australian Centre for Cyber Security at UNSW Canberra and has recently joined ACS, where she helped launch new cyber security accreditation schemes in her new role as Director of Cyber Resilience Initiative.

She spoke of the need to rethink our education system to improve national cyber security.

“We need a foundation of education, we need training on the top then we need certification by an accredited body,” she said.

“I think we’ve got to infiltrate the ICT workforce, and we should be doing it through the TAFE system.

“If we could get an openness to putting more cyber security in those types of training curriculum and then we can assess it and certify people, that would be a way to go because you could guarantee employers that the staff are capable.”

Also speaking was CEO of Information Systems Audit and Control Association (ISACA), Matt Loeb.

He suggested Australia look overseas for examples of how to strengthen the cyber security workforce from the bottom up.

"We live in very interesting times when you look at how people are learning, and the modalities that exist for learning,” he said.

“The UK government invested about US $1.2 million in a program to train 55 cyber security professionals. But the cast of characters did not come from engineering, they did not come from computer science; they came from roles such as bartenders or barbers.

“These were individuals who demonstrated technology aptitude, and they were actually able to train those 55 over a 10-week period, and as of a month ago, 27 of those people are now employed in cyber security specialist roles.

“I use that as an example to stretch our thinking when we think about our cyber security workforce.”