Fixing the cybersecurity skills gap in Australia

The cybersecurity skills gap has been a hot topic for years in Australia. But while recruitment and retention challenges grab the headlines, there’s a harder truth we don’t often address: we’re not doing enough to support young Australians trying to break into the field.

The big issue? There’s no clear pathway from education to employment in cybersecurity. Too many bright, motivated young people are left frustrated and end up choosing other industries that feel easier to navigate. Until we come together to fix these entry points, creating clearer, more accessible routes into the sector, the skills shortage will only get worse.

The shortcomings of Australian initiatives

Australia has a big cybersecurity skills problem. By 2026, the country could be short 30,000 qualified professionals. Key areas like incident response, digital forensics and threat intelligence are struggling to find talent. This isn’t just about jobs — it’s a national security risk.

The government has made some progress with initiatives like the Cyber Security Growth Centre (AustCyber) and the launch of the Australian Cyber Network (ACN) — a not-for-profit set to pick up where its predecessor, AustCyber, left off. The education system has also begun to mobilise, with many universities and TAFE colleges launching new cybersecurity degrees and courses. These efforts are raising awareness and getting more students into cybersecurity courses.

However, once these students leave school, many struggle to find a clear pathway into cybersecurity careers. The excitement generated early on fades as the necessary follow-up support to guide them into the workforce is often lacking.

For wider cybersecurity programs to truly succeed, they must not only focus on education but also provide a well-defined pathway to employment. Without this support, the industry will continue to lose talent, and the cybersecurity skills gap in Australia will widen further.

Internships and apprenticeships

When it comes to creating opportunities to enter the cybersecurity industry, there is a tendency for government programs to focus on large and well-established companies. However, small and medium enterprises are well-suited to providing new entrants with a broad and rounded experience of different roles.

Having the opportunity to experience a variety of roles and disciplines is particularly valuable within internships and apprenticeships. While formal education is essential, real-world experience is what transforms students into effective professionals. Internships provide an invaluable bridge between education and employment through hands-on experience and mentorship.

I’ve seen this value first-hand with Illumio’s internship programs. We make sure our interns have a lot of opportunities to learn and apply their skills, flex their creativity, and just generally experience a working business environment. By creating internships for areas like incident management, where we know there is a greater shortfall, we can start to fill the most critical gaps. The key is making these opportunities highly visible and accessible to students so that they have a clear and direct path.

The Australian Government should incentivise businesses to create these opportunities through tax breaks and vendor partnerships. This is especially true for SMEs that often lack the budgets to easily fund programs themselves.

Structural gaps in cybersecurity career paths

Unlike fields such as accounting or law, where there is a defined progression from entry-level positions to senior roles, cybersecurity generally lacks a defined career development framework.

The dynamic nature of cybersecurity means creating a clear roadmap is more challenging than in many other fields. Skills in accounting or law remain stable with periodic refreshers, but cyber professionals face rapid changes driven by technologies like cloud and AI. Cybersecurity skill demands can shift dramatically within a year, requiring constant effort to stay current.

This lack of structure impacts newcomers and exacerbates retention issues. Promising talent often leaves for industries with clearer career paths and long-term incentives. A formal career progression model with defined milestones would provide clarity, helping professionals stay and grow in the sector. Employers would benefit from a motivated, well-prepared workforce.

Lessons from other countries

While the skills shortage is a global problem, some other countries have taken more proactive steps that Australia can learn from. The US, for example, has implemented long-term retention strategies that not only attract talent but also keep professionals engaged throughout their careers. These countries focus on offering clear career progression, ongoing training, and support systems that help maintain a skilled workforce over time.

Australia’s focus on recruitment, without equal attention to retention, risks losing skilled professionals. Clear career structures and long-term support could transform cybersecurity from a short-term option into a lasting career.

Getting cyber-skills development back on track

The pathway from cybersecurity education to employment in Australia is fractured, with many talented individuals falling through the cracks. While we should celebrate efforts like ACN that are making strides in raising awareness, we need to address the fundamental lack of guidance for young people seeking to enter the industry.

Establishing a clearly signposted path for graduates to enter the sector through internships and apprenticeships will go a long way in helping connect these talented and hungry young people with companies crying out for skilled cybersecurity practitioners. Until we fix the path, the cybersecurity skills gap has little chance of closing.

*Michael Adjei is Director of Systems Engineering at Illumio.

Image credit: iStock.com/Kindamorphic