Your Guide to Cyber Security Careers in Australia
Despite efforts in recent years to significantly increase the number of cyber security professionals in Australia, there still remains a significant shortage, according to the Australian Computer Society. In 2021, there were 134,690 Australians working in cyber security, although reports suggest the industry is growing so fast that at least another 25,000 are now needed.
However, this isn’t the usual callout to those with information technology (IT) skills to upgrade. The Australian Cyber Security Growth Network (AustCyber) highlights the need for a cyber literate workforce in every single workplace. Whether you’re an intern, a manager or a board member, you must be conscious of cyber risk. It’s important for all of us to engage in daily cyber hygiene practices to keep online information secure.
The need for cyber hygiene and cyber security professionals is emphatically reinforced by Professor of Cyber Security at UNSW Sydney, Richard Buckland.
“It’s like the gold rush, or when the doors open at the Apple store and everything is half price. Every single area of life is impacted by cyber security and is not yet ready. Military, espionage, financial, consumer, research, government, transport, social, romantic, corporate, news, art and music, space travel, global warming, energy, education, privacy, police, emergency response. You name it – it depends on cyber security working and it’s currently significantly underprepared.”
Professor Buckland is helping to improve our preparedness through UNSW’s Master of Cyber Security.
Australia’s cyber security career landscape
Until recently, there wasn’t really any cyber police to call and report a cyber crime. That was until NSW Police established its Cybercrime Squad in early 2017. Cybercrime Squad Commander Detective Superintendent Matt Craft recalls that the new nature of its work created some challenges for building planners.
“When police properties were building our floor, they asked, ‘Where do you want your dock [for prisoners]?’ I said, ‘I don't want a dock, we’re cyber. What I do want is a server room’,” he told The Sydney Morning Herald.
They’re probably already thinking about enlarging that server room. In 2019, one in every three Australian adults felt the sting of cyber crime. On average, someone reports a cyber crime to the government’s ReportCyber website every 10 minutes.
In business, the frequency of cyber crime increases. Telstra takes the cyber pulse of Australian companies every year in its Security Report. In 2019, it revealed that 65 per cent of businesses had experienced an interruption due to a security breach in the past year. The two most common causes were phishing and web application attacks.
This trend unfortunately continues into the present. In 2021 alone, 49 per cent of all Australian organisations experienced a software supply chain attack, calling into question their relationship of trust with their partners and creating even more demand for robust cyber security.
What this means is that demand for cyber security professionals is high and the salaries on offer reflect that. AustCyber’s Cyber Security Sector Competitiveness Plan shows that cyber security professionals are paid an average of $12,000 more than their IT colleagues. In management jobs, that premium jumps to $20,000. The average entry-level salary for cyber security careers is also generous, with a cyber security analyst receiving an average salary of $118,547, according to Indeed.
Technical skills for cyber security careers
Jon-Anthony de Boer was a software engineer at Telstra until he upgraded his career to become a part of the DevOps Security team at Telstra. He started with courses in secure coding in several languages, which for cyber security includes C, C++, Python, Javascript, PHP and SQL. He also deep-dived into the cyber security industry wherever he could.
"I read great blog posts from the likes of Tanya Janca, listened to podcasts and kept across security news from the likes of Bruce Schneier and Clint Gibler,” de Boer said.
In addition to broad programming skills like de Boer’s, cyber security professionals benefit from an understanding of the architecture, administration and management of operating systems. A recent report in the US highlights that these technical skills are often missing from the CVs of applicants for cyber security roles.
Cyber security graduates should endeavour to list all the following skills on their resumes:
- Security incident handling and response
- Security architecture
- Programming
- Information security
- Analytics and intelligence
- Penetration testing
- Programming skills, including proficiency in C, C++, JavaScript, PHP and SQL
Non-technical skills for cyber security careers
During industry consultation for Australia’s Cyber Security Strategy 2020, the Government found that “human behaviour is almost always part of the problem.”
Phishing emails are one of the most popular forms of cyber attack because employees at any level can be tricked into clicking on a link. That’s why interpersonal and communication skills are so valuable in cyber security professionals.
In addition, Professor Buckland sees psychology as one of the top five non-technical skills for cyber security.
“Understanding humans, our strengths and weaknesses, is an important skill. Humans lie behind every weakness, bug, exploit and attack. You should also have curiosity – leading to an understanding of how computers, software, and systems work under the hood and creativity to think of new solutions. Unlike most fields, cyber is new every day.”
“Scepticism is a useful skill. You should be questioning everything and not taking things for granted. And you should have communication, teamwork and leadership skills,” Professor Buckland said.
Cyber security graduates should also list the following non-technical skills on their resumes:
- Teamwork/collaboration
- Creativity
- Skepticism
- Communication
- Curiosity
- Leadership
Careers in cyber security
It’s no exaggeration to say that a career in cyber security can take you anywhere. And with its broad skill requirements and universal applications, cyber security professionals come from all backgrounds.
Here are five careers in cyber security to consider.
Chief Information Security Officer (CISO)
Narelle Devine arrived at the role of CISO after 20 years in the Royal Australian Navy. She also completed Masters degrees in systems engineering and computer science at UNSW.
The Chief Information Security Officer sits at the top of the cyber security hierarchy. They take responsibility for an organisation’s vision, strategy and programs to protect information assets and technologies.
In her first CISO role at Services Australia (formerly the Department of Human Services), Ms Devine oversaw Centrelink’s welfare payments system. IT News reports that she was “responsible for protecting the personal and financial security of 26 million Australians, managing 280,000 authentications every day and protecting the $190 billion in payments the department makes every year.”
Ms Devine has recently moved on to her second CISO role as Telstra’s CISO for Asia Pacific.
The role of CISO is usually found in large organisations and government departments, such as Victoria’s Department of Health and Human Services. They recently advertised for a newly created CISO role with a salary of up to $183,601.
Key skills and educational requirements
The senior position of CISO requires many skills and multiple years of experience. To become a CISO, you should have the following:
- Significant experience in business management and a deep knowledge of information security risk and cybersecurity technology
- Strong understanding of Linux and networking
- Knowledge with industry standards, such as ISO, CERT and COBIT
- Understanding of data privacy regulations
- Understanding of development, security and operations (DevSecOps) and security automation
CISOs will also typically need a Master of IT Cyber Security, as well as a range of non-technical skills, including exceptional communication and business acumen.
Cyber security analyst
Cyber security analysts are the front line of defence in an organisation’s cyber security team. In quiet times they monitor network access through logs and real-time dashboards. If a breach occurs, they’re ready to lead the response – defending information and infrastructure from attack.
Cyber security analysts need a range of technical skills. Penetration testing is used to analyse networks and systems with the goal of identifying weaknesses before cyber criminals find them. With computer forensics they analyse data from logs and reports to identify when and where breaches have occurred. They also use reverse engineering to find out the threat posed by a bug or malware.
Cyber security analysts can expect to earn an average salary of $76,790.
Key skills and educational requirements
Typically, a cyber security analyst is a junior position filled by a graduate or by an individual with a few years of experience in the industry. To become a cyber security analyst, you need the following:
- Ability to research and evaluate emerging cyber security threats
- Understanding of disaster recovery and ability to create contingency plans
- Knowledge of how to monitor attacks, intrusions and other illegal activity
- Understanding of how to test and evaluate security products
- Ability to design new security systems or upgrade existing ones
- Knowledge of ethical hacking
- Ability to identify potential weaknesses and implement firewalls and encryption
To become a cyber security analyst, graduates typically need a bachelor’s or a master’s degree in IT or cyber security.
Cyber security engineer
Cyber security engineers design and build the networks and computer systems that cyber security analysts monitor. They also monitor the cyber security of an organisation to advise on software, hardware and processes that should be introduced.
Helen Oswell is a cyber security engineer at a company in England that designs technology solutions for other businesses. Her average day involves designing tools and writing proposals to solve client problems.
“My favourite part of the role is designing tools and implementing them – for example, working on a vulnerability management tool in a cloud environment,” Ms Oswell said.
Cyber security engineers can expect to earn an average salary of $98,453.
Key skills and educational requirements
A few skills overlap between a cyber security analyst and a cyber security engineer. To become a cyber security engineer, you need the following:
- Ability to plan, implement, manage, monitor and upgrade security measures to protect organisational data
- Understanding of security measures and protocols
- Knowledge of how to troubleshoot network and security issues
- Ability to test and identify network and system vulnerabilities
- Understanding of how to respond to security breaches
- Ability to liaise with stakeholders throughout the organisation to manage and mitigate security threats
To become a cyber security engineer, graduates typically require a bachelor’s or a master’s degree in engineering, IT or cyber security.
Cyber security specialist
After years of working as a cyber security specialist, Kylie McDevitt is now the director of a security research and engineering team at the Australian Cyber Security Centre (ACSC). Ms McDevitt came to cyber security after working as a radio engineer in telecommunications with a Bachelor of Engineering. She’s also completed a Masters in Computer Networking.
One of the key responsibilities of a cyber security specialist is to plug security in at the development stages of software systems, networks and data systems. This might involve reviewing security and providing recommendations. It could also require the programming of customised defence systems and protocols.
To keep her cyber security skills sharp and indulge her passion for tech, Ms McDevitt founded BSides Canberra, which is the largest hacker forum in Australia. That’s one way to keep your finger on the cyber security pulse!
Key skills and educational requirements
Typically, a cyber security specialist is a senior role, calling for several years of experience. To become a cyber security specialist, you need the following:
- Ability to build out security during developmental stages of software development
- Understanding of how to look for vulnerabilities and risks in hardware and software
- Knowledge of best-practice IT security infrastructure
- Understanding of firewalls
- Ability to constantly monitor for and mitigate security threats
- Ability to identify perpetrators and manage persecution if required
To become a cyber security specialist, graduates typically require a master’s degree in cyber security.
Penetration tester
A hacker forum might be a good place to find a penetration tester – often referred to as ethical hackers. In the early days of cyber security, penetration testers were often hackers who decided to use their powers for good. These days they are more likely to study penetration testing and learn to think like a hacker without actually being one.
Ben Tudor is a Penetration Testing – Senior Lead in the Cyber Security team at Telstra. As a young electronic engineering graduate, he worked in mobiles network operations before sliding across to cyber security. Ben says his penetration testing team are working on areas as diverse as 5G, software defined networks and big data products.
“A key focus area at the moment is the movement towards Internet of Things (IoT) – and the development of new assessment methodologies to meet this growing area,” Tudor said.
Penetration Testers can expect to earn an average salary of $89,711.
Key skills and educational requirements
Penetration testers need the following skills:
- Ability to perform tests on applications and cloud infrastructures
- Understanding of how to design and conduct engineering attacks
- Knowledge of how to develop methodologies for penetration testing
- Ability to review code for security vulnerabilities
- Knowledge of document security and compliance
- Ability to write technical and executive reports
- Understanding of how to communicate penetration testing findings to technical and non-technical staff
To become a penetration tester, graduates typically require a master’s degree in cyber security.
In the end, we’ll all be cyber security professionals
AustCyber and the Australian Cyber Security Strategy 2020 are encouraging workplaces to embrace cyber hygiene. It’s something Professor Buckland believes we’ll see before too long.
“Understanding cyber will be part of every job, like using phones and word processors are now. Currently technical expertise is the most obvious and immediate shortfall but eventually the biggest growth will be in non-technical, non-specialist roles working in strategy and general governance for organisations of all sizes,” Professor Buckland said.
You can get the jump on cyber criminals and cyber security graduate jobs by embarking on the right course of study today.
Learn to defend against cyber attacks with UNSW’s Online Master of Cyber Security.