Australia could soon have a nationally consistent framework for cyber security careers after new research found confusing job definitions, costly certifications and unclear pathways are preventing workers from entering the profession.
The findings, released as part of the CyberPath Professionalisation Pilot, have informed a new CyberPath Occupations Framework Discussion Paper that proposes a national map of cyber security jobs and a common language for describing cyber work across Australia.
CyberPath is a national workforce initiative backed by ACS, focused on professionalising Australia's cyber security sector by creating clearer career pathways, common capability standards and frameworks to help employers, educators and workers better navigate the profession.
Research conducted by Evolved Group surveyed almost 300 people and involved 33 participants in individual and group consultations across the cyber security sector.
It found that while demand for cyber skills continues to grow, many aspiring professionals struggle to identify suitable career pathways, understand role requirements and gain the experience needed to secure entry-level positions.
CyberPath said the framework is intended to address those challenges by providing a clearer structure for a profession that now spans more than 60 different job types.
Australian CISO Advisory Board member Maryam Shoraka said existing approaches to hiring and credentialling were creating unnecessary barriers at a time when organisations were struggling to find cyber talent.
"We would never build a hospital, declare a health crisis, and then require every nurse applicant to have already worked in one," Shoraka said.
"Yet that is precisely what we are doing with cyber security. The threat is not waiting for us to sort out our credentialling philosophy."
Experience required for entry-level roles
The research identified inconsistent role definitions, expensive certifications and entry-level positions requiring years of prior experience as among the most significant barriers to entering the profession.
Participants cited certification costs of between $3,000 and $4,000, ongoing maintenance requirements and job advertisements requesting two or three years' experience for junior roles as major obstacles.
According to the discussion paper, these challenges are being compounded by the absence of a nationally consistent framework for cyber security careers, making it difficult for workers to understand where they fit within the profession and what skills they need to progress.
The lack of standardisation is also creating challenges for employers attempting to assess candidates and for education providers seeking to align courses with industry requirements.
CyberPath said the proposed Occupations Framework would establish a common structure for describing cyber security work, helping employers, educators and workers navigate a rapidly evolving profession.
Greater collaboration needed
Dean Wunder, lead developer at local software company Finao, said greater collaboration and knowledge sharing would also be critical as cyber security skills become increasingly important across the economy.
"Cyber security requires continuous learning, and collaboration is critical," Wunder said.
"No individual can keep pace with every emerging threat, technology, or security tool.
“Organisations and professionals must share lessons learned, effective practices, and practical experience to accelerate collective capability and improve security outcomes."
With consultation on the Occupations Framework now complete, CyberPath is moving to the next stage of the Professionalisation Pilot: the development of a Capabilities Framework that will define the skills, knowledge and behaviours required across cyber security roles.
The framework is intended to provide employers with a more consistent way to assess capability while giving students, workers and career changers clearer guidance on the pathways into cyber security careers.