By David Gee. Board Risk Advisor, Non-Executive Director & Author
We are constantly reminded that there is a cyber skills gap shortage in every country that impacts every industry. I’ve written and spoken about this over the years at industry events and hypothesised how this is to be addressed.
Our industry does have a fundamental gap in how we train and develop our cyber talent, and it is fair to say that this gap is most felt by enterprises that have been compromised – and that is when the delta is well understood.
More importantly, the real issue is a talent gap shortage. Just having warm bodies in seats (or working remotely) is not going to make your enterprise secure. We live in a digital world that is often interlaced with manual processes, and unless you can hire the very best talent then it is more luck than design that is keeping you safe.
At a superficial level
The Australian cybersecurity job market is experiencing a boom, driven by increasing cyber threats and digital transformation. There is a gap between the demand for cybersecurity professionals and the supply of qualified candidates. This is leading to competitive salaries and a need for organisations to attract and retain talent.
And There is a strong focus emerging technologies with staff attracted to working with the latest and greatest cyber tools. But let me double click on this and what is really going on?
The recruiter’s perspective
Some of you may be aware that after I retired last year that I took on several advisory engagements. One is with JS Careers to assist them with cyber, tech and data recruitment. In this capacity I help screen candidates that are looking for their next cyber roles. I’ve been able to make a few interesting observations.
In many industry events and conferences, about 10-15% of the attendees are actively seeking their next role, and networking with their peers to get an understanding of the market.
I’m talking to all levels from CISO to new graduates that are entering the market. While the conversations are very different there are some clear patterns. I’m sure some of these thoughts may be a bit controversial, but here goes:
- Limited new CISO roles at the top end of the market;
- Mobility of staff at mid-level is pronounced;
- New entrants to Australia appear to have a disadvantage in getting traction;
- Salaries are keeping up and ahead of inflation;
- Cloud architects are in demand;
- IAM specialists are in demand;
- SOC leaders are in demand;
- Application security engineers are in demand; and
- Contract staff rates have exceeded permanent.
Yes, there is demand but at the same time there are lots of vacancies as many of the above roles require requisite experience and expertise. This is not a short-term fix, and each person that aspires for their next role will need to think carefully about their skills, knowledge, experience and behaviours (SKEB)
Note that I talk about this focus on SKEB in my recent book, The Aspiring CIO & CISO. Please do have a read of this to explore further.
About the Author
David J. Gee has 20 plus years experience as CIO and CISO. He joined Macquarie Group in early 2021 as Global Head Technology, Cyber and Data Risk. David was responsible for protecting Macquarie Group using his significant expertise in technology and cybersecurity. He has served as CISO for HSBC Asia Pacific, based in HK and responsible for the most critical and profitable countries for this large investment bank. David drove the cybersecurity transformation maturity uplift and led all aspects of cyber for HSBC in these 19 countries. Prior to HSBC, David had an extensive Transformational CIO experience across numerous significant roles.
