ACS President Anthony Wong joined last week’s Australian Cyber Security Mission to San Francisco for the RSA Conference 2017, using the trip to expand collaborative arrangements with key professional bodies focused on information and cybersecurity.

The passage last week of the Privacy Amendment (Notifiable Data Breaches) Bill 2016 places greater onus on organisations and agencies to provide robust and effective personal information protection and cybersecurity environments to combat cyber threats and data breaches.

As organisations and agencies look to assess and enhance their capabilities, and those of their employees and contractors in complying with this legislation, the shadow of a global shortage in cybersecurity skills looms large. The skills shortage has been the subject of numerous studies, including the recent ACS report, Cybersecurity: Threats, Challenges, Opportunities.

Vacancies Remain Unfilled

ISACA’s State of Cyber Security Study 2017 released last week, highlights the challenges in finding skilled workers. Many respondents say it takes six months or more to fill cybersecurity roles and a significant number can’t fill them at all.

The worldwide study found that while many organisations received five or more applications for each cybersecurity opening, a third of respondents reported that three out of four candidates lacked the qualifications needed to do the job.

Last week’s launch of the Australian Government’s Cyber Security Industry Capability Report paints a picture of Australia’s strengths and capabilities in relation to the cybersecurity challenge. The document details the technical expertise and industry leadership of Australian cybersecurity organisations and the advanced capabilities of our researchers.

It highlights various university/industry partnerships and the nation’s overall cyber preparedness through a range of case studies and government initiatives, all of which suggests that Australia is moving forward on this agenda.

Building a Cyber Savvy Workforce

On the back of its many initiatives to improve Australia’s cybersecurity readiness, the Government recently asked the ACS for support in developing the skills and capacity of the local workforce.

As the ICT professional association, the ACS has a core charter to establish professional benchmarks and provide independent assessment and validation against them. The ACS accredits Australian tertiary degrees, maintains a Core Body of Knowledge and operates a Professional Standards Scheme, which provides legal recognition of ICT as a profession and identifies ICT workers as professionals on the same level as engineers, lawyers and accountants. This scheme is part of Federal and State legislation and protects ACS Certified Professionals who meet the criteria by limiting liability.

Last week while in San Francisco, we met with several certification bodies including ISACA and (ISC)2 and signed Memorandums of Understanding to advance frameworks for mutual recognition and professional standards.

These collaborations will complement our established relationship with IFIP, the global federation of ICT professional associations, and through it, the ACM Joint Task Force on Cybersecurity Education, which was established in 2015 to address the global shortage of cybersecurity professionals.

We were fortunate to have ACS Fellow and Cybersecurity expert, Professor Jill Slay, who has been working with the joint task force, join the ACS delegation on the Cybersecurity Mission and attend our various meetings.

Left to right: ACS President Anthony Wong, Palo Alto CEO Mark McLaughlin, Professor Jill Slay, ACS CEO Andrew Johnson 

 

In an environment of increasing complexity and uncertainty, collaborations are key to sharing information and developing joint solutions. This message resonated strongly in the keynote addresses by industry leaders at RSA Conference.

Microsoft’s Brad Smith advocated for a Digital Switzerland, calling on world governments to work together to protect and defend cyberthreats against civilians, while the CEO of Palo Alto Networks, Mark McLaughlin, called for automated sharing of threat intelligence as technologies and platforms converge.

The ACS’s collaborations with key professional bodies will enable us to build a roadmap for developing and certifying information and cybersecurity skills, helping to raise professional standards and build capacity, trust and confidence.

Recognising Our Duty of Care

In addressing an EU meeting on The Future of Cyber Security in Europe last year, Leon Strous, then President of IFIP, the global federation of ICT professional associations, said: “Ensuring cyber security and cyber resilience is also a duty of care of the individual ICT professional, in all stages of a system lifecycle (design, development and operation). This means that most, if not all, types of ICT functions and jobs have to contribute to cyber security and cyber resilience.” 

To meet the demands of the new legislation and operate responsibly in today’s connected world, organisations and agencies will need to explore holistic and collaborative solutions to the cybersecurity challenge. This means ensuring that not only their technical employees, but also executives, non-technical staff, partners and suppliers understand their obligations in securing and protecting personal information and infrastructure.

I am grateful to Austrade and the Cyber Security Growth Network for their commitment to the Cybersecurity Mission, bringing together a coalition of the willing to advance Australia’s cyber resilience and promote our capability on a world stage.

Anthony Wong is President of the ACS and Chief Executive of AGW Consulting P/L, a multidisciplinary ICT, Intellectual Property Legal and Consulting Practice.