• United States



Samira Sarraf
Regional Editor for Australia and New Zealand

How the Australian Department of Defence is solving the cybersecurity skills shortage

Apr 04, 20234 mins
CSO and CISOHiring

Australian Department of Defence CISO focuses on transferrable skills. Hires nurse, WHS mining worker for cybersecurity roles.

A man and woman sit on opposite sides of an office desk, in discussion.
Credit: Baranq / Shutterstock

The Australian Department of Defence is seeking professionals across very different areas with skills that are transferrable to cybersecurity. They will train those recruits to fill roles as organizations worldwide struggle to find cybersecurity professionals.

Recent research of 400 business leaders and 1,000 employees in Australia, conducted by RMIT Online and Deloitte, found that the digital skills gap — data science analytics, cybersecurity, and coding — is costing Australian businesses $3.1 billion annually.

It is no wonder, then, that Jonathan Dean, Defence CISO, recently hired a nurse and a mining work health and safety (WHS) professional to join the team. “Her transferable skills are: understands how to work well under pressure, understands how to triage, prioritize, work with a team under pressure….” Dean said during the Gartner Security and Risk Management Summit in Sydney. These skills put together with the nurse’s experience working under stressful circumstances such as the emergency room of a hospital, makes her a great team leader for incident response once she goes through training in cybersecurity, according to Dean.

The WHS mining professional transferrable skills included understanding risk practices and paradigms, said Dean. Coming from the mining sector, he also is experienced in having “robust conversations in a sensible way with highly resistant stakeholders — someone that you can actually push forward into the business to have that risk-based conversation about how you need to operate,” Dean said.

“Highly transferable skills, highly relevant. You just need [to be] assessing them and giving them that subject matter expertise on cyber training and so forth.” Training is one thing the Australian Defence Force is well known for. In a story discussing skills for cybersecurity professionals, Telstra CISO Narelle Devine told CSO of the opportunities she had for training which led her to go into cybersecurity.

Tips for those looking to make a career change to cybersecurity

For those doing a degree in cybersecurity, especially those that are coming from a different area that has transferrable skills, don’t wait for the end of the degree to start applying for jobs. Not only Defence but plenty of other organisations are hiring people before they complete their studies and supporting their studies while providing them with hands on training.

For those wanting to start their career in cybersecurity, Dean said that a diploma or degree are good foundations even if not in cyber, but in IT or computer sciences. When the option for elective subjects exists, he suggests taking full advantage of those and to not only focus on cybersecurity but also look for subjects that will provide foundations to understand how businesses work. Those offering skills such as leadership, writing and communicating will all be of great value.

Looking at the security domain it is also important to have an idea of the different jobs and therefore different skills that may be required. “Very different skill sets are required for policy and strategy versus intelligence versus incident response…. Really understand the full gamut of jobs and opportunities that exist in the industry,” Dean said.

Dean has been with Defence for 20 years starting in research and development building cyber defence systems and developing situational awareness. “That orchestration, situational awareness, leveraging AI, machine learning, and so forth, that gave me a lot of skills, analytical thinking of these sorts of things, but probably the key thing it did give me was, as a researcher, the ability to identify a problem, quantify the problem, come up with a solution to that problem. It’s a lot about what we do in security.”

“And the other key piece with research is that ability to deal with uncertainty, which, especially if you’re on the incident response side, that ability to deal with uncertainty plus operational tempo and pressure and pace is quite key,” Dean said.