By MySecurity Media Staff Writer ©
The future of cyber security growth in Australia lays in education. That is, in the education of ourselves but also the education of government, industry and businesses, large and small.
In line with AustCyber launching Australian Cyber Week 2021 between 25-29 October, the future of cyber security in Australia will be placed under the microscope. Particularly, in the last 12 months of unprecedented cyber activity and the impact it has had on the Australian and global economy.
AUSTRALIAN CYBER SECURITY AND THE PANDEMIC
The COVID-19 pandemic continues to define where and how many of us work, and the speed of change has exposed new vulnerabilities in critical infrastructure and business IT systems.
With Australia named as the sixth most hacked country in the world, it is integral the nation’s cyber maturity and resilience is assessed and examined. Crucially, the question now is, have our actions of the past 12 months provided the foundations for successful economic recovery and the ability to learn lessons to continue to protect our digital borders?
EDUCATION AND THE GROWTH OF CYBER SECURITY
The deepening and broadening of the Australian digital economy and digital communications has highlighted the need for deeper education into cyber security.
Those in the know and entrenched in the world of digital protection must seek to upskill their knowledge bank, sharpen their cyber security axe and polish the shield. And for those not so cyber aware, it is time right now to educate them, but equally as important, listen to them, gain insight into the gaps, and challenges we may have overlooked in the rush of the last 12 months to stay above water.
Shedding some light on this very matter is Sarah Bailey, CFO at Penten. Sarah is an accomplished finance and business executive with more than 20 years’ experience in finance, strategy, and governance.
Cyber security is not on Sarah’s name badge as such, but her insights into it will have you sit up and fall in love with the art that is cyber security and where it is heading.
“I think we, Australia, is extremely well positioned, we’ve got good cybersecurity maturity, we’ve got good understanding. But the thing that it actually shows me is, are we ready for the next thing?”
That next thing meaning, Sarah says is not necessarily another pandemic (although anything is possible we’ve seen), but rather, what is coming next in relation to our digital landscape and our capabilities in the face of vulnerabilities?
“What are the things we need to be thinking about today in preparation for what’s coming next? How do we continue to build up on the deep foundations that we have in terms of our cyber resilience? But what’s next and how do we make sure we’re building actually for the long term the skills and the experience we need in this space, to help protect us for what’s coming next.”
What is already here is the threat landscape we are currently in, and what it means for the next 12 months.
“I see it personally with the number of phishing emails and texts as I’m sure many people do. But the threat landscape has shifted quite dramatically over the last 20 months, and whilst that’s COVID related, it does also point to a broader trend, just the way in which we are communicating. Although I believe Australia is extremely well positioned, I believe as a leader globally, I also think it’s not going to be enough.”
And it is here where education comes in and its importance on the cyber security stage.
“We’re going to need to keep thinking about this, thinking quite creatively and broadly, we are going to think about the skills needed to get into this space, that might not necessarily be the skills you would have expected five years ago, even two years ago. We need to be at this because this is the way of the future.”
THE RACE IS ON
At the core of cyber security in Australia is how do we respond to this ever-changing landscape, and can this nation keep up in the marathon that is cyber security?
This month, industry figurehead and CyberCX chief strategy officer Alastair MacGibbon warned “Australia is ‘a decade behind’ in the cyber security race”. And while it may appear to be a disheartening statement, Sarah says it serves as great reminder to step up the pace and charge ahead on the cyber security platform in this country.
“I actually think the point that he’s trying to make there has some validity to it, I think it actually speaks to the speed at which we’re seeing others really advanced their own cyber technologies, be them for good or for or for bad. I actually do think that what he is point to there is around the speed at which we need to actually continue to innovate and create in this space, because what is good today just might not be good tomorrow”.
“I think actually from an Australian perspective if I look across the ecosystem that we have, in particular from an AustCyber perspective, we have an absolutely brilliant ecosystem that has been created. We have great skills, great experience great businesses, great people thinking about this. But again it does point to the fact that there is so much more coming that we don’t even know about yet.”
FAIL FAST TO LAST THE DISTANCE
Part of cyber security education means leaning forward into innovation as well as building critical infrastructure now rather than later.
“I personally would love to see all of the infrastructure of Australia, and by that I mean government all the way down to all different aspects of society, really supporting innovation in this space and really supporting the speed at which we need that innovation. One of the things that we often hear about, particularly in startups and it’s not about startups per say, but that fail-fast mentality I do think that this is one of these spaces – where we’re going to have to try things – they may not work but we’re going to have to keep trying and trying and progressing at pace.”
That progression in the cyber security space can only be achieved with support from all levels of governance.
“There needs to be some agility there in relation to all types of government support, be it federal, state and territory, even sort of local community support as well, it’s for the thinking and self-belief in the industry itself and when it comes in things like RND tax incentives and various things that then promote the ability for organisations to keep on creating, keep on innovating. There are some really good foundations but again if we think about the speed at which the landscape is changing, then the ecosystem needs to be responding at that speed, and also comes with that the need for government to also be as agile as it as it can be.”
MARATHON NOT A SPRINT
The speed of which Sarah talks about is evident in the growth of Penten. The company went from three employees in its founding year in 2014 to now 138 staff members in 2021. And in 2020, Penten launched a new business unit: Tactical Communications Security. This capability adapts Penten’s high assurance secure mobility solutions to create highly complex, but simple to use secure communications technology for the tactical environment. An environment in which will continue to change.
“I say every week I’m surprised with the new things that we’re doing in the growth that we undertake. I do think Penten’s growth is in some respects a marker of the growth that we’re seeing more broadly across the industry, we just happened to be in this industry at this particular time. For businesses like Penten, and this goes across the entire ecosystem, it’s about sustainable growth and we work really hard to do that. The work we do is really important, primarily for governments, and so therefore it’s really important that we get our business growth absolutely in a sustainable way. And yeah I do think it’s a marker, it’s it is absolutely an indicator of how quickly the market itself is going. But then also when you think about the breadth and depth of the landscape and the threats in that landscape absolutely you know in some respects Penten’s growth is a is a reflection of that.”
LAYERED LEARNING AND EDUCATION
The only way Australia can keep up with the rapid growth in cyber security globally, is in education and recruitment here on home soil. Sarah says it’s not a simple learn a course and move on type of education, rather it is about serious investment in layered learning and sustainable growth.
“We need many layers to education, and if I talk specifically about Penten we try really hard to cultivate and share knowledge such that we’re building really specialist skills and experience in that space. We found it most effectively comes from most that do have really deep experience, coupled with those that you know learning the newest the newest innovations and thoughts coming out of particular universities.”
“If you couple those types of deep experience and deep knowledge, we’ve found that really cultivates skills experience in that space. But we also need to think more broadly about it. That is from an educational perspective. Coming through schools and through universities – how do we make sure that those formal courses, which many of us still absolutely subscribe in, are an appropriate way to continue learning? How do we make sure that those courses are completely up to date? How do we make sure that the newest and most innovative thinking is incorporated into those university courses?”
The growth of cyber security education in Australia does indeed require a multi-pronged approach. Sarah, a finance and business executive who is now entrenched in the world of cyber security, emphasises that education of any industry succeeds when it stems from a diversity of learnings and skillsets.
“Having people that have had different sorts of experiences come into this space is absolutely a value. We need to be really thoughtful around how we cultivate and create really great strength in the skills and experience in this space. We’re really good at the moment, but there’s opportunities for us to be really world leading in the way in which we’re creating skills.”
THE SKILLS SHORTAGE IN AUSTRALIAN CYBER SECURITY
It is not about a shortage of people, but more a problem with a shortage of experienced experts that can do the job needed in today’s threat landscape. At the moment there’s a wide margin of difference between cyber security professionals with a great resume and cyber security professionals that can actually be productive in a modern-day security operation.
“We know that there’s a huge skills shortage generically in cyber. We know as an industry it’s not going away, we absolutely need to do more so that we’re always at the cutting edge. We’ve been excited to partner with government in that regard and also partner with universities in that regard so that we’re always at that leading edge of new thinking. Just the way in which we need to be creative about and thinking about the industry and what is fit for purpose today versus tomorrow we also need to think about it too in terms of skills and experience.”
“Look for me personally, and it’s taking me a little while to probably get here, I do know that my skills and experience, and my diversity in thought absolutely contributes to the industry. I’m not a technologist, I’m not an engineer, and I have absolute deep admiration for all of my colleagues, particularly those that are deep technologists, but part of the need for not only Penten but the industry, is to have people like me that then don’t necessarily have that depth, but when someone describes something in a way I and helps me understand what that means in layman’s terms, so I can describe it to someone else. As in, how do I explain to my mum what we do and what the ecosystem is and I don’t mean that in any disrespect to my mum. But it is an example that diversity in thought and diversity in experience is absolutely will help make us all better and that is absolutely the case for this industry as well.”
CYBER SECURITY IS ACTUALLY SEXY
While cyber security has not been Sarah’s bread and butter vocation in the past, the Commerce and Psychology graduate believes the skills shortage in cyber security is not because of lack of industry-appeal, but more is at play.
“I don’t think it lacks sexiness personally, I actually think it’s actually an entirely sexy area. It’s a few things. Firstly, the speed at which things are changing mean that quite quickly organisations have to tap into resources quite quickly – which means that the time it might take someone who’s transitioning from a completely different industry, to build up their skills and experience, sometimes the timing hasn’t been supported just by virtue of how quickly we have got to respond to things.”
“I think the more that people are aware of all of the different elements of cyber, the more that there’s awareness and understanding of what that entails, what that means actually means also from a job perspective. I mean I’m a finance person, I’ve come into this industry from banking and logistics and a whole bunch of things, so I’m very new in theory to this space when I look at my peers who have worked in this space for actually 25 years in some instances. I’m an example of where there’s a really great opportunity for people to come into this industry and spend time learning but actually applying a different sort of set of skills that are equally as important from that sustainability point.”
“So for me personally, I mean I love it. It’s so interesting. How can you not be completely fascinated with the environment that were in, and the fact that then my personal contribution on a daily basis to Penten there for our customers, that’s massively rewarding I mean genuinely is the most rewarding job I’ve ever had I don’t think of it as a job, it’s just a brilliant opportunity, very lucky.”
CASE STUDY OF SUCCESS | AUSTCYBER AND PENTEN PARTNERSHIP
Penten has a solid partnership with AustCyber, the Australian Cyber Security Growth Network. One of which is to provide secure network access to a pilot group of regional SMEs and academia.
The partnership provides Australian SMEs with means to bid for, win and work on Government defence classified projects in a secure and protected environment from any location.
Matthew Wilson, CEO, Penten believes the benefits to Australia are twofold. “SMEs are the future growth and innovation engine of the Australian cyber economy. These businesses provide invaluable opportunities for defence to gain advantage. Without them, we are missing out. Australia is missing out.”
Michelle Price, CEO, AustCyber said, “This project brings together Australian SMEs to better support and protect themselves, defence and national security information; as well as Australia’s emerging place in the global defence and cyber market. AustCyber sees this project as a true game changer for the Australian economy and it shows a better way for economies globally.”
And it is this game changer partnership that cyber security in Australia needs to adopt fast.
“We have partnered with AustCyber for many years now, we are absolutely excited and incredibly supportive of everything that AustCyber is doing. And not only because of the organisation itself, but because of the ecosystem it’s just incredibly important, and the more in which we can play a part in that understanding broadly around the industry – bringing thought leadership to that space where we can – that’s a better thing for Australian and in fact arguably, the world. We have a genuine drive to do more, I know AustCyber definitely does and of course the industry does. So hence why we love being part of something like Cyber Week.”
BUILD THE PATHWAYS AND THEY WILL COME
The need for a diversity of skillsets in the cyber security space is evident for the industry to continue to stay on its solid growth path in Australia. But for that to be sustainable, clear and well-established pathways need to be put in place almost immediately.
“We need to show people pathways. We need to show really practical pathways coming in formal learning pathways as well and making sure that they’re really agile as what we need them to be. And then actually a broadening of awareness of the of the industry. I do, as I said, I think it’s a really sexy industry it is so exciting, I mean there is new pieces of information every day to help us learn more around the industry. It’s certainly not static by any stretch of the imagination, which for me means it’s extremely exciting.”
HOW DO WE SHAKE OFF THE 6th MOST HACKED COUNTRY IN THE WORLD TITLE?
Improving cybersecurity capabilities through upskilling and a layered education setup will indeed help Australia to better calculate cyber risk as well as respond quickly to threats.
However, as with the nature of the industry, it demands considerable time and resources, and can it be done? Will Australia be able to climb back from its startling global ranking and shake off its sixth most hacked country in the world title?
“Absolutely shake that off. I think we will continue to come under a whole range of threats from people that want to do us harm, us being Australia. I do think that we absolutely have the skills and experience and the desire together – this isn’t just a Penten thing this is the industry, with government, with individuals, with companies – we absolutely have a desire together to make sure that we are protecting our digital borders, our digital borders are going to be the most important thing in years to come, as opposed to our physical borders. We need to think about that in the way it requires and it requires us all together to band together to make sure that we can continue to protect the nation.”
MySecurity Media is an official partner with AustCyber’s Australian Cyber Week 2021 Virtual Conference between 25-29 October.
