While there are many problems in cybersecurity that the world has to grapple with, the biggest problem, according to Professor Richard Buckland, is there are simply not enough people with cyber skills.
Buckland is a director at the SECedu Institute, which is part of the University of New South Wales (UNSW) School of Computer Science and Engineering.
The good news, however, is that he believes the problem can be solved.
"I don't know anyone here, that employs people, that has enough cybersecurity-capable people -- and if so, you must pay them lots of money and stolen from somewhere else," he told UNSW and CommBank's Australian Cybersecurity Education Summit on Friday.
See also: Global cybersecurity workforce gap hits 3m, APAC feels the biggest pinch (TechRepublic)
According to Buckland, there are four things that need to be thought about, with the first being that the STEM -- science, technology, engineering, and mathematics -- funnel is too small. He said there's such a small amount of people that are even considering doing something security-related.
The second issue, he said, is a lack of capability within universities to teach cyber.
"When they're at university, we don't really know how to teach them, we're not really very good at teaching it," he said. "And three, when the students graduate, they need to have work-ready skills ... a lot of my students go and they are the only security person in the company ... the buck stops with them."
The fourth issue Buckland detailed was the mainstream nature of something that is so niche.
"The fourth problem of security which worries me the most is it's no longer a technical problem. So this shortage of people, the shortage of hands, the shortage of people who can solve technical problems ... cybersecurity, the digital world, the threats of it, affect every human on the planet; it affects children and parents and grandparents," he continued.
"Children are giving up data and losing data privacy now in ways they'll never get back. People are being scammed and elderly people are losing their superannuation.
"I think it's like crossing the road ... I think cybersecurity is like knowing good nutrition; it's a set of skills that we need to have and unlike nutrition and crossing the road and all those other parts, I think we know those things, because those changes appeared slowly, and we sort of adapted to them slowly, and mankind sort of deals with these things, and our parents model it, and there's enough knowledge floating around so we can work it out -- cyber has appeared so abruptly, out of the blue."
Buckland said there is no one outside of the experts, among the "normal" population, that knows anything.
See also: Cheat sheet: How to become a cybersecurity pro (TechRepublic)
The professor said universities are bad at teaching cyber, mostly because the idea of what a good student is, should be turned on its head where cybersecurity is concerned.
"I think the biggest problem -- and there are many that unis aren't so good at teaching cybersecurity -- is to be a good cybersecurity student, you have to be able to ask questions, you have to be sceptical," he explained.
"You have to be a person who doesn't accept what they're told."
Repeating a quote he had heard previously, Buckland said, "When they tell you to write between the lines, turn the paper sideways, and write right across the lines, that's the sort of person we need".
"The education system is sort of -- the ecosystem, not just universities, everywhere -- just teach[ing] at scale, we sort of do it a bit like factory chickens, we try and get everyone treated the same, doing the same thing ... everyone has to go by the rules everyone has to say the right answer," he said.
Buckland said teachers usually want compliant students that seek to please, but it's the "troublemakers" that they should actually want -- the ones that are harder to teach.
"So how do you produce rascals? Often these people haven't even done well at high school because they didn't want to please the HSC system -- often to please the HSC system, you almost have to give up some of this sense of being cheeky," he said.
There is only so much the education system can do, however, with the next step being a peer-based mentoring situation.
"We get the students to teach each other, create a warm and loving community of students who care for each other, and who look out for each other," Buckland said.
"They follow this philosophy of paying it forward. So the older students help younger students, and the younger students, when they grow up, help the next generation of younger students. When they move into industry, they all know each other .... I hope they help each other."
- AustCyber to figure out what 'cyber skills' actually are
- Artificial intelligence, cybersecurity talent top list of hard-to-find skills
- Tech skills in most demand this year: data, cloud and cybersecurity
- There isn't a cybersecurity skills gap: Rik Ferguson
- RMIT partners with NAB and Palo Alto Networks for new cybersecurity course
- NAB and La Trobe partner to lift Australia's cyber capabilities
- 3 reasons why the tech talent shortage is overblown (TechRepublic)