The success of security firm, stratsec, in taking out the top honours at this year’s Telstra Business Awards highlights a security skills shortage, according to IBRS analyst James Turner.
While congratulating stratsec for the achievement, Turner said that in a market with a skills shortage, “it makes perfect sense that a dedicated firm like stratsec has stepped up and done well”.
“I'm actually very pleased with some of the dedicated security consultancies we have here in Australia. stratsec and Securus Global are the two standout ones for me. They have good bench strength so they are not relying on one or two stars and, from what I've seen, great cultures,” he said.
“Another example of the security skills shortage comes from a conversation I had in Canberra last week; I was talking to a senior manager in a government organisation and we were discussing the national gene pool for high level computer security skills. We're in a really tricky situation now, where if a bank wants to fill out its headcount in this space, they have to poach from either the other banks, or from government. There are not enough good security people to go around.”
The comments come after reports emerged in June that some AusCERT staff had applied for positions at the new government-sanctioned CERT Australia, which are also located in Brisbane.
Observers at the time said staff may be lured to the new agency — described as a rival by some industry insiders — and that it would be difficult to source and train replacements.
With the Federal Government also ramping up its cyber security operations, including the launch of a Cyber Security Operations Centre (CSOC) under the Defence Signals Directorate (DSD), anecdotal evidence shows available experienced security talent is hard come by and is even harder to keep in the public service due to the salaries on offer in the private sector.
Turner added recent research had shown there was a “glaring capabilities gap” when it came to Public Key Infrastructure (PKI) skills.
“There are a very few organisations that can claim to have any skill depth in this space, and the rest are all coasting on smoke and mirrors,” he said. “Some of the large overseas outsourcers consider themselves well stocked if they have more than two or three people with good PKI experience here in Australia. This is more a function of the lack of PKI projects to date. When a PKI project kicks off, we will be buried in overnight experts.”