Your Guide to Cyber Security Careers in Australia

Cyber security professional
Cyber security professional

Australia needs more cyber security professionals. That’s the message from the Australian Government – we need 17,000 more people working in cyber security by 2026. And it’s putting its money where its mouth is with $470 million to grow a cyber skilled workforce as part of Australia’s $1.67 billion Cyber Security Strategy 2020.

But this isn’t the usual call out to those with IT skills to upgrade. AustCyber, the Australian Cyber Security Growth Network highlights the need for a cyber-literate workforce in every single workplace. Whether you’re an intern, manager or board member, you must be conscious of cyber risk. It’s important for all of us to engage in daily cyber hygiene practices to keep online information secure.

The need for cyber hygiene and cyber security professionals is emphatically reinforced by Professor of Cyber Security at UNSW, Richard Buckland.

“It’s like the gold rush, or when the doors open at the Apple store and everything is half price. Every single area of life is impacted by cyber security and is not yet ready.  Military, espionage, financial, consumer, research, government, transport, social, romantic, corporate, news, art and music, space travel, global warming, energy, education, privacy, police, emergency response. You name it – it depends on cyber security working and it’s currently significantly underprepared.”

Professor Buckland is helping to improve our preparedness through UNSW’s Master of Cyber Security.

Australia’s cyber security landscape

Until recently there wasn’t really any cyber police to call and report a cyber crime. That was until NSW Police established their Cybercrime Squad in early 2017. Cybercrime commander Detective Superintendent Matt Craft recalls that the new nature of their work created some challenges for building planners.

"When police properties were building our floor, they asked 'Where do you want your dock [for prisoners]?'. I said 'I don't want a dock, we're cyber. What I do want is a server room," he told The Sydney Morning Herald.

They’re probably already thinking about enlarging that server room. In 2019 one in every three Australian adults felt the sting of cyber crime. On average, someone reports a cyber crime to the Government’s ReportCyber website every 10 minutes.

In business, the frequency of cyber crime increases. Telstra takes the cyber pulse of Australian companies every year in its Security Report. In 2019, it revealed that 65% of businesses had experienced an interruption due to a security breach in the past year. The two most common causes were phishing and web application attacks.

What this means is that demand for cyber security professionals is high and the salaries on offer reflect that. AustCyber’s Cyber Security Sector Competitiveness Plan shows that cyber security professionals are paid an average of $12,000 more than their IT colleagues. In management jobs that premium jumps to $20,000.

Technical skills for cyber security

Jon-Anthony de Boer was a software engineer at Telstra until he upgraded his career to become a part of the DevOps Security team at Telstra. He started with courses in secure coding in several languages, which for cyber security includes C, C++, Python, Javascript, PHP and SQL. He also deep-dived into the cyber security industry wherever he could.

"I read great blog posts from the likes of Tanya Janca, listened to podcasts and kept across security news from the likes of Bruce Schneier and Clint Gibler,” de Boer said.

In addition to broad programming skills like de Boer’s, cyber security professionals benefit from an understanding of the architecture, administration and management of operating systems. A recent report in the US highlights that these technical skills are often missing from the CVs of applicants for cyber security roles.

Non-technical skills for cyber security

During industry consultation for Australia’s Cyber Security Strategy 2020, the Government found that “human behaviour is almost always part of the problem.”

Phishing emails are one of the most popular forms of cyber attack because employees at any level can be tricked into clicking on a link. That’s why interpersonal and communication skills are so valuable in cyber security professionals.

In addition, Professor Buckland sees psychology as one of the top five non-technical skills for cyber security.

“Understanding humans, our strengths and weaknesses, is an important skill.  Humans lie behind every weakness, bug, exploit and attack. You should also have curiosity – leading to an understanding of how computers, software, and systems work under the hood and creativity to think of new solutions. Unlike most fields, cyber is new every day.”

“Scepticism is a useful skill. You should be questioning everything and not taking things for granted. And you should have communication, teamwork and leadership skills,” Professor Buckland said.

Careers in cyber security

It’s no exaggeration to say that a career in cyber security can take you anywhere. And with its broad skill requirements and universal applications, cyber security professionals come from all backgrounds.

Here are five careers in cyber security to consider.

Chief Information Security Officer (CISO)

Narelle Devine arrived at the role of CISO after 20 years in the Royal Australian Navy. She also completed Masters degrees in systems engineering and computer science at UNSW.

The Chief Information Security Officer sits at the top of the cyber security hierarchy. They take responsibility for an organisation’s vision, strategy and programs to protect information assets and technologies.

In her first CISO role at Services Australia (formerly the Department of Human Services), Ms Devine oversaw Centrelink’s welfare payments system. IT News reports that she was “responsible for protecting the personal and financial security of 26 million Australians, managing 280,000 authentications every day and protecting the $190 billion in payments the department makes every year.”

Ms Devine has recently moved on to her second CISO role as Telstra’s CISO for Asia Pacific.

The role of CISO is usually found in large organisations and government departments, such as Victoria’s Department of Health and Human Services. They recently advertised for a newly created CISO role with a salary of up to $183,601.

Cyber security analyst

Cyber security analysts are the front line of defence in an organisation’s cyber security team. In quiet times they monitor network access through logs and real-time dashboards. If a breach occurs, they’re ready to lead the response – defending information and infrastructure from attack.

Cyber security analysts need a range of technical skills. Penetration testing is used to analyse networks and systems with the goal of identifying weaknesses before cyber criminals find them. With computer forensics they analyse data from logs and reports to identify when and where breaches have occurred. They also use reverse engineering to find out the threat posed by a bug or malware.

Cyber security analysts can expect to earn an average salary of $76,790.

Cyber security engineer

Cyber security engineers design and build the networks and computer systems that cyber security analysts monitor. They also monitor the cyber security of an organisation to advise on software, hardware and processes that should be introduced.

Helen Oswell is a cyber security engineer at a company in England that designs technology solutions for other businesses. Her average day involves designing tools and writing proposals to solve client problems.

“My favourite part of the role is designing tools and implementing them – for example, working on a vulnerability management tool in a cloud environment,” Ms Oswell said.

Cyber security engineers can expect to earn an average salary of $98,453.

Cyber security specialist

After years of working as a cyber security specialist, Kylie McDevitt is now the director of a security research and engineering team at the Australian Cyber Security Centre (ACSC). Ms McDevitt came to cyber security after working as a radio engineer in telecommunications with a Bachelor of Engineering. She’s also completed a Masters in Computer Networking.

One of the key responsibilities of a cyber security specialist is to plug security in at the development stages of software systems, networks and data systems. This might involve reviewing security and providing recommendations. It could also require the programming of customised defence systems and protocols.

To keep her cyber security skills sharp and indulge her passion for tech, Ms McDevitt founded BSides Canberra, which is the largest hacker forum in Australia. That’s one way to keep your finger on the cyber security pulse!

Penetration tester

A hacker forum might be a good place to find a penetration tester – often referred to as ethical hackers. In the early days of cyber security, penetration testers were often hackers who decided to use their powers for good. These days they are more likely to study penetration testing and learn to think like a hacker without actually being one.

Ben Tudor is a Penetration Testing – Senior Lead in the Cyber Security team at Telstra. As a young electronic engineering graduate, he worked in mobiles network operations before sliding across to cyber security. Ben says his penetration testing team are working on areas as diverse as 5G, software defined networks and big data products.

“A key focus area at the moment is the movement towards Internet of Things (IoT) – and the development of new assessment methodologies to meet this growing area,” Tudor said.

Penetration Testers can expect to earn an average salary of $89,711.

In the end, we’ll all be cyber security professionals

AustCyber and the Australian Cyber Security Strategy 2020 are encouraging workplaces to embrace cyber hygiene. It’s something Professor Buckland believes we’ll see before too long.

“Understanding cyber will be part of every job, like using phones and word processors are now. Currently technical expertise is the most obvious and immediate shortfall but eventually the biggest growth will be in non-technical, non-specialist roles working in strategy and general governance for organisations of all sizes,” Professor Buckland said.

You can get the jump on cyber criminals and cyber security graduate jobs by embarking on the right course of study today.

Learn to defend against cyber attacks with UNSW’s Online Master of Cyber Security.