In a newly-minted role for the cyber security pioneer, Professor Jill Slay has been appointed Director of Cyber Resilience Initiatives at the Australian Computer Society.

Slay was formerly Director of the Australian Centre for Cyber Security, and previously headed the ACS Cyber Taskforce which Slay said lead to the new role.

“My purpose is to make sure we in Australia have enough people in the workforce to defend us from bad guys,” she said.

‘Bad guys’ is the term Slay uses for hackers. One of the most pervasive cyber crimes is targeted phishing – gaining access to a user’s CV and sending tailored job offers or emails with other targeted content containing malware.

Cyber shortage

Slay has been outspoken about the cybersecurity workforce shortage in Australia, saying we simply do not have enough such professionals in the industry, and need to do more to attract people to this specialty.

“I use the salary as bait,” Slay joked.

A mid-level cyber security professional earns about $140,000 per year according to Slay, and high-level experts are said to earn a seven-figure salary.

“They just get headhunted from one company to another,” she said.

Slay said no matter the profession, people with cyber security skills will never be unemployed.

“Cyber security has to infiltrate almost every discipline because we’re all dealing with computers, we’re all dealing with policy of some kind, and there aren’t enough technical people to do the work, and the tech people don’t often understand legal and business issues.

“My job is to get everybody to understand it,” she said.

Training and education

Slay’s role as Director involves several things. Implementing cyber security training in a range of departments is one of them.

According to Slay, there are two key areas where cyber security accreditation can improve: in entry-level and highly-advanced jobs.

“The things that we need in Australia are for TAFE to embed more cyber security in their curriculum and for universities have to have a range of programs from info systems through to computer engineering that all have technical cyber security in them.

“ACS can contribute here because we’re the people who actually develop the curriculum advice,” she said.

Slay said Australia has more jobs for entry-level people, but still needs specialised professionals.

“We also have a big gap in where SMEs, which are 60-70% of Australian industry, where you don’t even have one half of a qualified cybersecurity person.

“A conservative estimate of what we want in Australia is 10,000 people working in cyber security -- and we don’t have 10,000 people in the pipeline,” she said.

Slay said her role needs to evolve as cyber security progresses, but she will primarily look at how to incorporate cyber security into ICT. Her focus is to work with other directors on the implementation of the new cyber certifications, which were launched earlier this month.

A crucial aspect of this role was developing and rolling out national standards and subsequently helping ACS and its members understand the benefits and opportunities in ICT professionals gaining skills in cyber security.

“If I’m a member who hasn’t got those cyber security skills, I need to be guided to something to read or study, so I’m going to develop that as well.

“We also need to come up with an appropriate assessment of career skills, which is the pathway we’re trying to provide,” she said.

Cyber crime and AI

Slay said artificial intelligence could be the solution to handling large amounts of data in cyber security.

“The big data community wants to put sensors on things to collect data, and the more data collected, the more risk there is of malware, and the need to detect, store and secure it.

“You can’t sift through it manually to detect malware but you can automate [that process],” she said.