Database and financials software behemoth Oracle says it has been forced to go offshore to source cybersecurity talent for permanent positions in Australia, complaining a local labour shortfall is causing delays and driving up costs for local research and development.
To make matters worse, computing courses at Australian universities are compounding the vendor’s woes by not offering the right courses to their students, with only the University of Queensland cited as supporting “research and teaching in areas that are important to Oracle Labs Australia.”
The bleak picture for the local cyber skills landscape is contained in Oracle’s submission to the Department of Home Affairs’ 2020 cyber security strategy consultation.
The vendor argues its local instance of research and development arm, Oracle Labs, is being buffeted by a global cyber talent shortage.
“Unfortunately, this group has been directly affected by this workforce shortage, as they struggle to scale highly technical teams comprising Australians,” Oracle’s submission says.
“They have turned to filling permanent positions and internships with candidates who received advanced degrees from institutions outside of Australia, which comes with additional costs such as those associated with relocation and obtaining visas, along with the delay in recruiting internationally.”
The talent pipeline is also thin, Oracle reckons – at least for its own purposes – with tertiary courses here copping a spray.
“We find that the computer science programs within Australia do not offer students relevant courses, so Oracle Labs Australia trains its engineering staff in-house when they join, and recruits researchers from overseas,” Oracle said.
“Oracle collaborates with academics throughout the world, including in Australia. A large grant tied to cybersecurity and The University of Queensland's School of Information Technology and Electrical Engineering, supports research and teaching in areas that are important to Oracle Labs Australia. However, this does not appear to be a scalable approach to address the larger problem,” the submission continues.
Universities are similarly unhappy with the state of play, but argue a major part of the problem is a lack of definition around what a cybersecurity professional actually is at both an industry and national level.
“A key difficulty in the provision of training and education for cybersecurity is the ill-defined nature of a ‘cybersecurity professional’,” the submission from peak body Universities Australia contends.
“Given the broad fields of education, skills and occupations involved, defining the key elements would enable the strategy to connect with the relevant stakeholders.”
Universities Australia also argues that a research lens is missing from Australia’s current cyber settings.
“Research is currently absent from the strategy. A rapidly evolving field like cybersecurity requires a responsive research ecosystem to both identify and understand current and emerging challenges.
"Research also enables the training of highly-skilled cyber specialists, and is an important input into commercial opportunities to support Australian industry," Universities Australia’s submission said.
The Group of Eight alliance of research universities also wants cyber qualifications properly sorted out and embedded into the education system at a number of levels.
According to the G8’s submission, the government needs to “work with the higher education sector to develop a comprehensive awareness, education and training strategy to promote good practice across the Australian community, and to develop a suite of robust cyber security qualification options across all levels of education.”