Every other week, there seems to be news about Australia’s cyber shortage.
We hear the skills gap is widening, and that we need thousands of people to enter the industry to ensure our global competitiveness and long-term success.
Yet, as one of the many who took the leap and retrained in cyber security, I can say from experience this narrative is misleading and leads people down a path that is nothing like what is promised.
An alluring facade
My decision to enter the world of cyber security was not a rash one, nor one I entered without doing my due diligence.
I had run my own freelance business since 2010, offering virtual assistance, translation and transcription services.
This allowed me to live an amazing life, where I could travel frequently for long periods of time to follow my passion for volunteering in countries like Cambodia and Vietnam.
In the latter part of the last decade, however, I started to see the landscape of my industry change.
While my business was still busy, technologies like Google Translate and automated virtual assistants were slowly taking over.
Not one to bemoan the march of progress, I realised I needed to upskill into a future-proof career.
Then, as now, cyber security seemed to be on everyone’s lips.
Every time I turned on the news or read the front page, there was some new story about the massive skills gap, a new data breach, or a government incentive designed to bolster the workforce in this new and essential industry.
The more I heard about cyber security, the more of my boxes it ticked.
Everyone appeared to be saying the same thing.
“It’s a great job for people who work remotely!”
“It’s the next big thing!”
“You don’t even need a tech background! In fact, it could be more valuable if you don’t!”
So, when the pandemic hit, significantly impacting my freelance business, it felt like the perfect opportunity.
I enrolled in an Associate Degree in Applied Technologies (Cyber Security) at the University of Tasmania and dived in.
Cashing my reality check
Two years later, I graduated, even finding myself on the roll of excellence!
Certificate in hand, I gleefully visited employers across Melbourne, looking forward to starting the exciting new career I’d worked so hard to achieve.
Sadly, I didn’t receive the warm welcome I’d been expecting.
A few actually laughed at me, though many were nicer, as they informed me that, no, they didn’t have any entry-level roles.
Jane Rathbone faced a hard reality check trying to get a foot into the cyber door. Photo: Supplied.
Perturbed but undeterred, I changed tack and headed instead to my university’s careers service, thinking it was time to put all their talk of ‘industry connections’ and ‘links to employers’ to work.
Their suggestion?
Fruit picking.
Don’t get me wrong. The University of Tasmania’s standard of Curriculum and teaching was very high – there was just no practical support to enter the job market as the pathways simply don’t exist.
So, I approached another university’s career service for help.
While far more engaged, the careers officer confirmed what I had begun to suspect.
“I don’t know where you got that idea, but there’s no way you’ll get an entry-level job in cyber with that degree,” he said.
By now, my COVID supplement had stopped, as had my Austudy payments, and, after two years of study, freelance business was barely trickling in.
I needed work.
“What am I going to do now?” I asked him.
He sent me a link to a temping site.
The cyber security job gap
Mine is far from a unique experience.
Many of my university peers, who were incredibly intelligent and truly passionate about cyber security, have also failed to find a foothold.
The truth is, there are lots of jobs in cyber security, but they’re almost all at a senior level.
And, if there aren’t any entry-level positions for those smart, capable people who spend their weekends gaining extra certifications just for the pleasure of it, what hope is there for anyone else?
When reality first settled in, I honestly felt stupid and naive.
As soon as I graduated, it seemed like everyone knew the truth: the best path to cyber security is through a career in IT.
All that talk about not needing a technical background now seems so inane, and I wonder how I ever believed it.
But with the benefit of hindsight, I can see I was simply guilty of putting my faith in sources I thought were credible.
Avoiding an insecure future
I’ve not yet given up on a future in cyber.
I’ve been working hard since graduation to get any experience I can — volunteer work, part-time gigs, or whatever else I could find — adding each to my resume as I go.
This finally paid off last week when I began talks with a promising new freelance client.
It’s an entry-level cyber security role with a small business, but the owner is willing to train me and help me make a path — a rarity indeed.
I may not speak for everyone, but to my mind, there are two key things that need to change.
Firstly, reflecting on Rohan Neagle’s comments last year, if industry, government and other concerned bodies are truly interested in solving the cyber workforce shortage, they should focus on creating entry-level pathways.
I understand most employers want someone who can walk in ready to get the job done, but diamonds like that need to come from somewhere.
It’s simply ridiculous to continue crying out for new workers when there’s a huge, untapped pool of graduates with no pathways to success.
Secondly, for universities and the media, it’s important to understand that cyber is not the promised land it’s made out to be.
I urge you to be cautious in your coverage, particularly relating to jobs and growth in the sector, and ground your messaging in a more nuanced, realistic view, lest you leave more travellers like me stranded along this unfinished road.
As told to journalist Kate Millar. Jane Rathbone can be contacted on LinkedIn here.