We recently sat down with Jakub Zvěřina to discuss the new Australian Cyber Workforce Playbook. Jakub is one of the masterminds and authors behind this document, providing us with great insights and advice relevant for organisations looking to build cyber capabilities, and those who are looking to find a career in the cyber sector. Accordingly, if you are a student or thinking about a career swap, this Playbook is specifically designed to be your go-to resource and map to help understand the opportunities that exist in the cyber profession, what approach organisations are taking, and what they’re looking for as they build their cyber capabilities. As Jakub told us, the goal was to create something that helps organisations and individuals at different points of growth to "visualise their own journey" in an industry that is moving faster than ever before.
What’s Inside it for You?
The Playbook is a co-designed, all-encompassing resource which brings together insights from over a hundred industry leaders, including case studies from a multitude of organisations. No matter if you’re searching for a graduate/entry-level job or a career change, the Playbook helps you understand the industry dynamics, tactical skills and the cyber landscape such that you can be job-ready from the very beginning.
Roles vs. Occupations: Finding Your Place
When you’re looking for work, you might get caught up in rigid job titles that don’t highlight the nature of your employment to the greatest extent. Jakub suggests that the focus should instead be on specific roles and capabilities instead.
"I use the word ‘role’ deliberately; I don't like using the word occupation," Jakub explains. "Cybersecurity itself isn't a job, it's about a hundred jobs. [The aim is to] break some of those stereotypes around the hoodie and the hacker, and articulate all of these different opportunities [and skills]."
SFIA is the Skills Framework for the Information Age, and is a globally recognised, standardised framework for defining and describing employable skills within the IT industry. By using SFIA, the Playbook provides a clear way to understand your own strengths, as well as plan for future progressions, in order to identify the types of tasks and style of work you’re best suited to. Additionally, it can help you identify how your existing skills may map into current cyber roles, if a lateral move is something you’re interested in, or how expectations of responsibilities will change as you move upwards. The Cyber Workforce Playbook is then completed with a huge repository of cyber role profiles and skills following this exact framework in the Appendix – a resource definitely worth checking out.
Diversity by Design
If you’ve ever felt like you don’t "fit the mold" of a typical tech professional, Jakub’s and the Playbook’s outlook on Diversity, Equity and Inclusion is refreshing. The main takeaway is that diversity brings more than just a ticked box into an organisation. It brings about a new wave of innovation.
"We need to have workforces that reflect the communities that we're protecting," says Jakub, since after all "innovation drives competitive advantage and brings diverse thinking to protecting our communities."
He emphasises that for neurodivergent students or those from diverse backgrounds, the key is finding a workplace that creates a supportive environment. He suggests a "soft induction" where you can tell your team: "Here’s how to get the best out of me and here’s how to get the worst out of me." It’s about normalising different ways of thinking, so that you can bring your specific talents to the table without fear of burnout.
"It’s important to build awareness within your team. Every individual is different and stereotypes often lead to poor communication, and ineffective ways of working. For new entrants, this can be challenging, but it’s important to be vulnerable and open as a new starter. Conversely, as a people leader, you need to create a safe environment for those conversations to happen."
Standing out in a Crowd
You’ve likely heard that the industry is "running a marathon that’s moving faster and faster." To keep up, Jakub notes that although a degree may be one of the pathway into cyber, nowadays, employers value those who are passionate about a commitment to lifelong learning. Moreover, whilst there is a broad range of non-technical cyber security roles, if you’re interested in the technical roles, you need to learn to bridge the gap between theory and practice.
"How do you stand out? Although I don’t like the word passion as it’s a little bit clichéd, the overarching theme remains the same. The question is: how do you demonstrate your willingness to learn, your trainability? We can train most technical skills ... but that intrinsic drive, we can't train that."
To prove your "trainability," Jakub suggests building a diverse portfolio outside of formal learning. He recommends participating in community events and initiatives such as Bug Bounties, Capture the Flags and contributing to GitHub repos, as potential options, dependent on the role you are going for – especially those within the technical domain.
For non-technical roles, you’ll find that many life skills are directly transferrable to cyber roles directly. For instance, in crisis communications - skills such as those gained whilst volunteering in emergency services, are equally important for showcasing your talent and potential. These demonstrate to employers you have that "vested interest and passion for protecting our communities," which is so essential to stay ahead of the game and stay invested in a fast-paced industry.
Ultimately, Jakub highlights that your career in cyber is a marathon; it’s not a sprint. You need to play the long game, and acknowledge that even if you have the foundation to get your foot in the door, you also have to be committed to continued growth. This continued growth will come both through exposure to the trade craft itself, as well as an open mind and lifelong learning. By getting to know people, demonstrating commitment to learning, and showcasing how you work best, you can help your career skyrocket. The Playbook can help you walk through it step-by-step and is there to ensure you don’t have to run this marathon without a headstart.
With the Playbook forming a foundation for cyber workforce strategy in Australia, the next chapter will be a cyber professionalisation pilot scheme called ‘CyberPath’. This will further break down and refine different roles and pathways, as well as all of the skills, knowledge, and abilities that underpin critical cyber capabilities.
EOIs are currently open to help co-design and shape what a professionalisation scheme in Australia could look like. You can register to be part of the consultation process here:
https://www.acs.org.au/campaign/cyberpath.html
