The cyber security skills gap has become so large that universities and TAFEs won’t be able to fill it, one of Australia’s largest cyber security services firms has warned, as new research suggests the industry could see up to 30,000 unfilled positions in four years.

That figure is nearly twice the cyber skills gap forecasted by industry group AustCyber before the pandemic, when it predicted Australia would need nearly 17,000 more cyber security workers by 2026 – and warned that universities will only be producing 2,000 cyber graduates per year by then.

Cyber security workforce shortages have outpaced similar gaps in key sectors such as cloud computing and cloud infrastructure, according to a Per Capita-CyberCX analysis – entitled Upskilling and Expanding the Australian Cyber Security Workforce – that warned the gap “is arguably a significant economic and national security concern.”

This was particularly the case in Western Australia, South Australia, the Northern Territory, and Tasmania – which were identified as the areas needing particular focus to boost cyber security skills – while the ACT “is emerging as a critical cyber security hub”, the report notes, “and this should continue to be cultivated.”

Universities had pursued a “dramatic shift” in strategy to fill the skills gap, with approximately 87 dedicated tertiary qualifications – up from just eight in 2018 – and 58 additional qualifications offering a cyber security major.

Although the analysis found these programs “appear to be well specified and map to critical domains of cyber security”, their novelty meant it may be some time before they “see significant uptake”.

Yet while university qualifications are valued by employers – and quite commonly held amongst cyber security professionals – discussions with the report’s research reference group revealed that lack of a degree is no longer a deal-breaker since many of the 33 cyber security specialties don’t require a university level qualification.

“While this assertion was dependent on category and focus, TAFE and other vocational qualifications are viewed as being of significant worth and immense practical value,” the report noted, urging “a re-evaluation of the traditional approach to technical education”.

“The tertiary sector continues to grow the talent pool but, given the technical and highly applied nature of many aspects of cyber security work, professional and practical experience is highly valuable.”

Industry picks up the slack

Recent industry efforts have blended practical experience and educational training, including a Microsoft/AustCyber traineeship program, a joint university/industry backed Cyber Academy that pays trainees, increasing cyber training through TAFEs, La Trobe University’s $2.35 million microcredential investment, the six-month CyberCX Academy, and widespread buy-in to a public-private jobs plan.

Immigration policy changes – including the new government’s recent reversal of long-stagnant migration caps – will play an important role in filling the gap, the report notes, as will increased domestic investment by businesses.

CyberCX CEO John Paitaridis warned that the “timely and important” findings of the research highlighted the challenges the sector faces in keeping up with the breakneck pace of digital transformation.

“As Australian organisations increasingly embrace digital transformation, we need to ensure we have the workforce capability to meet our nation’s cyber security needs,” he said, urging government, industry and academia to collaborate on pathways to bring “a more diverse group of Australians” into the industry.

“There are an increasing number of smart, secure jobs being created and going unfilled,” he said – with the economic cost of this shortfall to be explored in a soon-to-be-published second analysis.

Ain’t no skills gap wide enough

Even as industry and government work to bulk up the cyber security skills pipeline, competition from other sectors – which has become so intense that one recent list of hot jobs barely mentioned cyber security – ensures that closing the gap will put more pressure on both conventional and new skills pathways than ever.

The findings echo the results of the recent ACS Australia’s Digital Pulse study, which found that the technology sector faces an annual shortfall of 60,000 technology workers across all disciplines.

While the size of the gap may seem “daunting”, ACS chief executive Chris Vein said, closing it “is quite feasible” given the momentum already built by efforts to create new pathways into the cyber security field – such as the newly-launched ACS-Queensland Government partnership to offer the Certificate IV in Cyber Security as a traineeship.

“This demand is a great opportunity for Australia,” Vein said. “We have a great opportunity to build a digitally capable workforce and cyber security is a key part of meeting that challenge.”

Overall, the tech sector will need to expand to 1.2 million workers by 2027, Digital Pulse found – even as the market records 8 per cent annual growth that is more than twice that of the overall Australian workforce.

“If we can meet this demand,” said Vein, “we are going to get more Australians into high-paying technology roles and give industry and government the ability to protect our nation’s IT systems – and we hope more Australians, young or old, consider joining what is one of the fastest growing parts of the economy.”