Cybersecurity expertise is in hot demand, particularly after the $9.9 billion budget spend on Australia's offensive and defensive cyber capabilities, but the new Labor government inheriting the program is likely to face challenges.
Jose Hernandez recently graduated from a 16-week cybersecurity program designed for Australian veterans with little or no prior experience in the field, created by the SANS Institute.
A former communication information systems sailor for the navy, Mr Hernandez had been working under Defence for 16 years but said working in cybersecurity was a "career that I've longed for."
"I actually wanted to pursue [cybersecurity] in defence but the roadmap was too long and decided to do it on my own," Mr Hernandez said.
At around 2017, Mr Hernandez knew he wanted to "pursue a different career" in cybersecurity but the roadmap was longer than expected in defence because he was "punished by performance".
"Because I was operationally fit, it just meant that I was going to go lily pad to another operational unit ... but I think 16 years long and having a young family as well was why I wanted to pursue a career outside defence and have a bit more stability," he said.
Director for the SANS Institute Steven Armitage said representatives from "a lot of Australia's biggest companies" alongside federal and state government agencies spoke to graduates about career prospects.
"The skill shortage is well documented, everybody knows it's there. There's fierce competition for skilled cybersecurity professionals. SANS has always taken the point of view that there's no people shortage," he said.
Since the first week of the program, Mr Hernandez had "people knocking on my door" due to the skills associated with cybersecurity from the SANS Institute.
"Midway through the academy, I decided to go with a company called Securus who specialised in security consulting services in security for defence," he said.
The public vs. private cyber industry issue
The most recent government national security investment was the Coalition's May budget initiative called project REDSPICE, standing for resilience, effects, defence, space, intelligence cyber and enablers.
The $9.9 billion investment over 10 years was put forward to take Australia's cyber capabilities to the next level, which experts said will be an extreme challenge.
Policy director of the ANU National Security College William Stoltz said the project struck him as "incredibly ambitious" and doubted the government would be able to obtain workforce capacity purely through the public service.
"The new Labor government has made a broad suggestion that it would like to reduce the number of consultancies and private firms upon which the Australian government relies ... but that is going to be very difficult indeed," he said.
"There is a very healthy kind of ecosystem of private firms that support ASD and other agencies engaging in cyberspace and I don't see it as feasible to reduce that."
Often the work conducted by cyber consultancy specialists provide "services at the lower level of cyber capability", freeing up resources for agencies like ASD that focus on more complicated work.
Australian Computer Society national board member Matthew Warren said retention of professionals was another issues the government faced as there is "quite a large pay gap between the private sector and government".
"The public service has the problem that they train up the expertise and they then have a retention problem because private companies offer such financial incentives that they were able to poach," Professor Warren said.
"The private sector's also offering a lot more flexibility in terms of hybrid working, which I think fits into the lifestyle of graduates and many government departments are unable to offer those sort of hybrid opportunities."
Cyber stereotypes preventing diverse workforce
Director of cyber intelligence at CyberCX Katherine Mansted said the industry worldwide struggles with workforce shortages, arguing there needs to be more inclusion.
"There is a diversity challenge in the profession, in Australia, women barely make up about 20 per cent of our total cyber workforce," she said.
"It's also a huge opportunity because it means that there are maybe school leavers, graduates and people looking for a career change who come from diverse background who maybe haven't thought about cybersecurity yet."
The stereotype of "men wearing hoodies" is an icon which Ms Mansted said is "not the reality" however is likely part of the reason people are deterred from entering the cyber industry.
"There definitely things that could be done at a policy government industry collaboration effort to [attract people] a bit better," she said.
