Australia’s cyber talent shortage
Alastair MacGibbon: The top cyber security adviser to the Prime Minister
Australia is facing a severe shortage of cyber security specialists, says Richard Byfield, head of Datacom Technical Security Services.
“There’s just not enough talented personnel,” Mr Byfield says. “It’s a major concern. How are we going to get enough people to build the capacity of cyber security practitioners in Australia, and a strong industry to be able to defend our national interest?”
He admits the Government is trying to address the gap. “I think we're fortunate to have a tech savvy PM, and the recent Cyber Security Review is a start. But right now we just can’t find good staff.
“We interview people who look good on paper, but it soon becomes obvious they just don’t understand network security. We need to do more to build the skills.
“We will soon have a Cyber Ambassador, we have a Minister for Cyber Security, and we've got a specialist Cyber Advisor to the Prime Minister, Alastair MacGibbon, who's got street credibility. The recognition that we have to have these people is a good start, because this is a growing problem.
Mr Byfield says the talent shortfall is global, and not limited to Australia. “In fact, Australia definitely has the potential to be a leader in this space, particularly in Asia Pacific. We should be able to export expertise. You can do penetration testing, for example, from anywhere.
“But you want to have a level of comfort, that the company and the individuals doing it, need to have integrity and credibility. That’s a big opportunity for cyber security services for Australia, exporting to Asia.”
Datacom TSS is doing its best to build that expertise. The company is the independent data security arm of New Zealand-based tech services company Datacom. Founded by Mr Byfield in 2010, it has become one of the leading specialist security outfits in Australia.
Before founding Datacom TSS, Mr Byfield worked in the Defence Signals Directorate (now called the Australian Signals Directorate), the government’s specialist electronic signals intelligence and data security agency. He and a few of his colleagues uncovered what they believed to be a gap in the market.
“We realised that the commercial world wasn’t able to do some of what the Government had been doing in the information security space. In the commercial arena there is a very large grey area between the classified and unclassified world.
“We saw the mining industry get targeted in 2008, during the mining boom, and when we talked to a few big multinationals, we saw that a lot of them had poor information security. I had always thought we did security poorly in government, but we soon realised that the corporate sector wasn't very aware of the threats, and that government was pretty good in comparison.
“We felt we could make a bigger difference outside of government, helping the economic interest of the country by setting up a business to help private sector. They were using a lot of commoditised securities services, but they were of limited value – you need to be protected on an ongoing basis, at all times.
“The biggest threat, to industry as well as government, is asymmetric attacks against us from nation states."
“There’s a lot of it going on, and it’s growing. In certain countries, there's not a big distinction between the corporate and the state.” He doesn’t mention anyone by name, and simply smiles at the suggestion of a large country in north Asia.
Mr Byfield and his team decided to approached Datacom with the idea of setting up a security division. “Datacom didn't have a security capability. We offered to build one.”
Mr Byfield knew Datacom well from his three year secondment to DSD’s New Zealand equivalent, the Government Communications Security Bureau (GCSB). Datacom also saw the opportunity, and Datacom TSS was born in Canberra 2011. It now has 22 permanent staff and 12 to 15 long-term subcontractors.
New Zealand based Datacom has become one of Australasia’s largest ICT services company, with offices throughout Australia, New Zealand and South East Asia. With more than $1 billion in annual revenues and 4500 staff, it remains a privately held company.
New Zealand Post was a major shareholder, a legacy of its banking arm’s IT operations being rolled into the company in the 1990s, but it sold its holding to New Zealand’s largest superannuation fund in 2012.
“We operate at arm’s length from Datacom as much as we can, but whenever it makes sense to work together we do,” explains Mr Byfield. A prime example is Datacom’s massive contract with the Australian Department of Health, a $242 million deal it won in April 2015 when it replaced IBM as IT services vendor.
“We’re now responsible for Health’s total security outcome.”
Despite his concerns about the shortage of cyber security specialists, Mr Byfield remains optimistic. “The environment is good. There is talent coming through. The Government does seem to understand.
“If we can't make it work with the current Prime Minister, I think we're going to struggle beyond that. I've got a lot of high hopes, because he does know this space fairly well. He's built businesses, he's an innovator himself.
“I’m a big advocate of public / private sector partnerships. Since I left the public sector I have to admit I’ve become much more price aware, because that’s the language everyone talks.
"I've been out now for five years, and I've been trying to work out how we can all work together collaboratively for the benefit both parties and the benefit of the country. It's not easy, but we can do it.”