Shrinking brains trust risks cyber defence

Australia's cybersecurity capabilities may be at risk due to a lack of PhD-qualified professionals.
Written by Darren Pauli, Contributor

Australia's cybersecurity capabilities may be at risk due to a lack of PhD-qualified professionals.

Paper money

(Paper money extreme macro image
by Kevin Dooley, CC2.0)

Experts in the IT security sector say a nation's cyber capabilities are dependent on the skills of its professionals and students, notably specialist skills honed in post-graduate PhDs.

But the percentage of Australian resident students in security-related PhDs has almost halved over the last 10 years.

Resident students in Queensland University of Technology's IT security doctorates make up less than 10 per cent of total enrolments, a fall from about 50 per cent since the turn of the century. QUT's IT security doctorate program is the nation's largest.

Professor Ed Dawson, senior advisor in the university's Information Security Institute, said that the decline means the government will find it harder to recruit skilled professionals and will face heightened competition in the job market from the private sector.

"The shortage will only increase, and at a time when we need more highly-trained security staff. It's something the government will need to consider," Dawson said. "[PhD] students create opportunities for our nation's industries."

Dawson said that PhD skills notably in demand by government include network and control systems security, and forensics.

The same concern exists in RMIT's masters of science in information security, and was recently the topic of discussion between course managers.

Its program advisor, Mark Ames, who was once a security employee within the US National Security Agency said that course directors had discussed how to encourage local security professionals to complete PhDs.

"The US, China and the EU are recruiting people for their cyber-security initiatives ... if Australia wants to get there, the government must do what it can to make people aware that taking advanced degrees is bankable," Ames said.

"There is a vicious cycle in that industry does not realise the value of someone with an advanced degree, and so not many do them and so it goes ... [but] these students have a broader and deeper knowledge of security operations."

Mike Rothery, assistant secretary in the Federal Attorney-General's Department, said that the government is active in recruiting and hiring talent for its Cyber Security Operations Centre, which is located within the shadowy Defence Signals Directorate.

The centre has almost doubled its headcount to more than 90 staff since opening in January, and is set to contain 130 staff by 2015, according to Fairfax.

However, graduates are lured to work by generous pay-cheques.

Telstra security architect Luke Antoniou said that he turned down offers to complete a PhD to join the workforce.

"I personally didn't see too much relevance to get a PhD in security, because essentially I have obtained what I was after — a good job in security," Antoniou said.

He joined the telco after completing an undergraduate degree in security, and was further trained within Telstra's internal graduate program. Antoniou is also completing the Certified Information Systems Security Professional program.

Telstra's graduate program sees new security personnel teamed with experienced mentors, who rotate during the course.

Editorial standards