The NSW government is still yet to fill around a quarter of the roles in its expanded cyber security unit, Cyber Security NSW, almost two years after pledging funding to quadruple its size.
Cyber Security NSW, which has existed in its current form since mid-2019, is responsible for the government’s cyber security policy, incident response and efforts to help lift cyber hygiene.
It also operates the government's cyber security vulnerability management centre in Bathurst, which monitors systems, and provides early identification and remediation of known vulnerabilities.
In August 2020, Customer Service Minister Victor Dominello allocated $60 million to Cyber Security NSW from a $240 million investment in cyber security over three years (now $315 million).
The funding – which comes from the $2.1 billion Digital Restart Fund (DRF) – was to be used to create an “army” of cyber experts over three years, with as many as 75 new roles to be created.
Such a workforce was to allow Cyber Security NSW to expand the state’s cyber defences, including by extending support to small agencies and councils – considered some of the most vulnerable.
But in response to questions on notice from a round of budget estimates hearings in March, the Department of Customer Service revealed that 22 positions at Cyber Security NSW remained unfilled.
Current staffing levels sit at 76 permanently filed positions, as well as five contractors, the department said.
A Department of Customer Service spokesperson told iTnews that the challenge finding staff was down to a confluence of factors, not only the skills shortages in the cyber security sector.
“Cyber Security NSW has undertaken a period of rapid growth and is actively advertising and recruiting for a number of positions,” the spokesperson said.
“Roles are vacant due to a variety of reasons, including the prioritisation of roles to be recruited, internal promotion which creates a vacancy in the... original role and normal labour turnover.
“It is also critical applicants meet the high standards of a CSNSW role. On occasion Cyber Security NSW has been unable to find a suitable applicant and have re-advertised the position.”
Despite the staffing challenges, the department said there had been no impact to the services offered by Cyber Security NSW.
“Cyber Security NSW has been scaling up its services since funding was received from the DRF and services have been continuously increasing as the function grows in size,” the spokesperson said.
“This has not resulted in any impact to the services offered.”