New not-for-profit Australian Cyber Network launches

The Australian Cyber Network, a new not-for-profit focused on industry uplift and maturity, launched in Canberra today.

With cyber-crime on the rise, and the nation facing an expected shortfall in the cyber security industry of more than 80,000 workers by 2030, the ACN aims to address this challenge through education, building capability, and advocacy.

Cyber Daily was lucky enough to have a chance to sit down with the ACN’s co-founder and CEO, Linda Cavanagh, and co-founder and chair Jason Murrell (both pictured) to talk about their motivations for the new organisation, what came before, and why building generational skills matters.

As AustCyber was winding down, with its contract running out in June, and at the time in the hands of Sydney-based start-up Stone & Chalk – which Murrell pointed out is not a cyber security company – both Cavanagh and Murrell wanted to do more with the AustCyber mission and were put in touch via a colleague.

“It was funny, Linda and I both had a mutual acquaintance, Kathleen, who worked with both of us, I think, at AustCyber,” Murrell said.

“And I’d sort of said to Kathleen, ‘What’s happening, I’d love to try and rebirth this’. And she said, ‘I’ve been speaking to Linda, and Linda wants to do the same thing’ – why don’t you guys have a chat together and see what you can do, and the stars couldn’t have been better aligned.”

Murrell was with CyberAware when it was starting up, and saw several other companies come up at about the same time, but he feels there’s not been a lot of movement in the industry since then.

“What happens is… We always say it’s easy to start a business. That’s the easy part,” according to Murrell.

“The hard part is when you’ve got to really scale up and find customer fit, and pivot, and do all the different things, like VC funding, and a lot of those things just weren’t happening.”

A lot of cyber security businesses, Murrell feels, are “good at technically doing a business, but they don’t know how to run a business, or how to market or sell or do those sorts of things”.

Another aim of the ACN is to create a single entity that is an umbrella for a lot of different use-cases, without the effort ending up completely siloed.

“The government would say, ‘Hey, AustCyber, can you look after this piece of work’, and often it should have been talking about other bits of work, and in the community actually doing more collaboration,” Murrell said.

“And what was happening is it was tending to get given to one entity or a few entities, whereas what Linda and I see is that there’s more of an opportunity to go ‘Here’s a piece of work that needs to be solved for, that can’t just be solved by one company’.

“We’re looking at it as more of a helicopter view over the top of the industry,” Murrell said.

He feels like there’s a place for an industry body more akin to the SES, which can “come in and actually help and assist with what needs to be done”.

The ACN also wants to focus on education as a key area, by breaking down and, hopefully, simplifying the pathways from education into employment. According to Cavanagh, there are a “whole host of opportunities there”.

“Part of what we want to do is bring the educational professionals together, which includes the government, and all of the industry bodies,” Cavanagh said.

“We actually need to look at the professionalisation of this industry, not just from a regulatory perspective, but also from an education perspective as well.”

For Cavanagh, it’s about balancing expectations of what people expect when they want to get into the industry and getting the right people through the door.

“There are people that have a good ICT background, but just need a little bit of an upskill in cyber security – so what is that base threshold that industry actually needs to be able to have an efficient and effective cyber security professional before they get into a special discipline,” Cavanagh said.

On the other hand, as Cavanagh pointed out, you might have another person complete “a Cert 4 in cyber security and expect that they’re going to be doing penetration testing.”

“So there’s a whole host around that education piece that we really need to fix for industry, and for government.”

Solving that education puzzle is, however, just one of the challenges that face the ACN and its team. We, perhaps optimistically, asked Murrell what he thought was the number one challenge facing the industry today, and he could not pick just one – but he’s keen to tackle them all.

“Well, there’s multiple ones,” Murrell admitted. “Unfortunately, that’s a load of questions.”

On the start-up side of things, gaining trust is a real challenge.

“Coming from a startup background, to get procurement in your own country is very difficult, right? So, and usually, to get any traction in the market, you need to be trusted by a big brand, whether that be government, state or federal, or at council level, [or] larger corporates that most people know the badges of,” Murrell said.

“To get into these sorts of environments where your service can be required and used but is rarely trusted… That’s the hard part.”

Part of the issue is that we often inherently distrust success stories in Australia, especially when compared to other nations, such as the United States.

“The tall poppy syndrome, in some ways, is alive and well,” according to Murrell.

“You know, if you do start to get too successful here… And to be successful, truly, you need to be offshore. That’s a problem, right?”

Another issue is that Australians, in Murrell’s opinion, are far too trusting, which is why we’re prone to fall for scams and other criminal tricks.

“I think we get scammed a lot because of the ‘She’ll be right, mate’ attitude, and ‘It won’t happen to me, and I don’t have to worry about that’,” Murrell said.

“That’s actually because we’re very friendly, so if someone asks us to do something, we’re more likely to say yes than any other country in the world. So I think, you know, we need to start that education process a lot earlier, you know.”

But for Murrell and Cavanagh starting cyber security education earlier also folds back into the vocational challenge.

“We teach kids to brush their teeth and put a seat belt on, but we’re not doing anything there,” Murrell said

“And if we teach cyber earlier, then that opens up a career pathway that they’re now technically proficient in.”

For Cavanagh, getting industry working together to help the entire nation is the true core goal for the ACN.

“Our focus is on bringing together the best minds, from startups to established companies, to build a cyber security network that reflects the real challenges and opportunities in Australia,” Cavanagh said.