As cyber threats increase and digital infrastructure becomes more complex, the demand for skilled cybersecurity professionals continues to grow. In response, organisations are turning to more varied talent sources, including those changing careers later in life and students opting out of traditional university paths. This approach is intended to rapidly expand the workforce but it may also require shifts in public perception, education and immigration policy to succeed.
CyberCX, one of Australia's largest cybersecurity firms, is expanding its training programs to meet demand. Its six-month academy program recently drew 77 applicants for each available place. Half of the applicants had a university or TAFE background and the other half came from industries such as healthcare, engineering and the arts. This rising interest suggests increasing momentum among those seeking stability in a high-demand field even if their backgrounds differ.
There is concern that too few young people view cybersecurity as a practical career option. Academics at Deakin University say school-leavers often have limited understanding of what cybersecurity professionals actually do. This has led to calls for targeted awareness programs, similar to military recruitment campaigns, to help students see the sector as real and future-ready.
Immigration rules are another potential barrier. Some tech leaders claim current policies prevent skilled workers, especially those with children on the autism spectrum, from relocating to Australia. These rules may be locking out valuable contributors during a time of growing need for talent.
Over the long term, the nature of cybersecurity roles is expected to evolve alongside new technologies. At one major bank, the security team has doubled in size since 2021 while AI has made many tasks more efficient. Rather than replacing jobs, these tools are changing them. More cost-effective and quicker solutions are being delivered by roles such as prompt engineers who combine security expertise with AI fluency.
The broader message is becoming clearer. Cybersecurity is no longer a field just for specialists. Organisations are thinking more about how to improve basic security awareness across all sectors, from healthcare and education to finance, so more people can help protect critical systems.
