Australia’s Cyber Skills Gap Isn’t About Talent. It’s About Pathways.

Australia’s cyber skills gap is often framed as a training problem: not enough courses, certifications, or people choosing cybersecurity as a career. But that framing misses the reality on the ground.

As Director of Cyber at Calleo, I bring more than a decade of experience across cybersecurity, defence, and national security - including service as a Royal Australian Navy veteran and leadership roles spanning high‑impact cyber operations, insider threat programs, and security governance in both government and industry. Across those roles, one conclusion has become increasingly clear: the talent is already here.

What’s missing are the structured, scalable pathways that allow people to progress from motivated starters into experienced cyber professionals who can lead, mentor, and sustain Australia’s cyber capability over time.

That insight was reinforced last week at the Canberra Cyber Hub Career Symposium, where I spent time in one‑on‑one conversations with students fresh out of university and professionals transitioning from entirely different careers. What stood out wasn’t a lack of ability or motivation. It was genuine energy — people eager to contribute, to learn, and to find their place in cybersecurity.

That energy is real. And it matters. But without clear pathways, too much of it risks being lost.

Australia needs up to 30,000 additional cyber professionals by 2030, according to the National Cyber Security Coordinator, and the ACS Digital Pulse suggests the figure could be even higher. The pipeline of people interested in cyber is growing, and education providers are responding.

Yet, in conversation after conversation, the same challenge surfaced: people with training, certifications, and strong motivation are struggling to find meaningful entry‑level opportunities.

This isn’t pessimism. It’s the reality of a genuinely competitive entry‑level market.

At the same time, Australian Public Service (APS) agencies are clear about their need for mid‑tier and senior cyber professionals, while also recognising the strategic value of growing talent internally rather than relying solely on later‑career recruitment.

That creates a core tension: the pipeline is everyone’s priority, but government and industry are not yet solving it together — or at sufficient scale.

Industry has a critical role to play, and many organisations are already contributing through graduate programs and cyber academies.

Programs like CyberCX Academy, independently endorsed as a genuine pathway, show what’s possible when organisations invest seriously in early‑career professionals. But for these programs to create lasting careers, rather than short‑term holding patterns, there must be clearer visibility of what comes next.

This is particularly important for transitions into government environments, where clearance timelines, rigid role structures, and limited portability between sectors create real friction for emerging professionals. Without coordination, talent can stall precisely at the point it should be accelerating.

On the government side, there are encouraging developments.

The APS Data, Digital and Cyber Workforce Plan 2025–30 is a meaningful step, acknowledging both immediate capability pressures and long‑term workforce sustainability. The CyberPath professionalisation scheme, backed by a $1.9 million federal investment and led by ACS, AISA, and partners, is exactly the kind of initiative the sector needs.

The focus now must be on translation.

Frameworks and capability definitions need to become real entry points, particularly for professionals moving from industry into public‑sector cyber roles. That means aligning recruitment models, clearance processes, and development expectations with how cyber careers actually develop in practice.

The most urgent conversation, however, is about the mid‑tier gap.

A cyber professional with five to eight years of operational depth — someone capable of running programs, mentoring teams, and briefing senior leaders — does not appear by accident. They are built through deliberate development, sustained mentoring, and organisations willing to invest before someone is fully productive.



Right now, too few are doing this consistently.

We frequently talk about the shortage of senior cyber talent, but much less about how rarely we invest systematically in creating it. Mid‑tier professionals are where organisational resilience is forged, and where long‑term returns are realised.

For those starting out or transitioning into cybersecurity, the opportunity is real, even if the pathway isn't always linear.

A few things are worth knowing early.

Cyber is an ecosystem, not a single job. Governance, risk, architecture, incident response, policy, understanding where your existing strengths fit changes how you target roles and how you present yourself. A background in law, audit, the military, or project management is not a liability. In many roles, it is exactly what's needed.

Certifications matter at the start. They demonstrate commitment and build structure into your learning. But at a certain point, they stop differentiating you. Employers increasingly want to see how you think under pressure, how you communicate risk, and how you handle ambiguity. None of those lives in a study guide.

The most underrated skill in cyber right now is communication, specifically, the ability to translate technical thinking into language that executives and non-technical stakeholders can act on. Start developing it early.

And invest in your professional network before you need it. In this industry, the conversations you have consistently matter more than the applications you submit occasionally.

Australia has ambition. We have talent. Government and industry frameworks are beginning to take shape.

The next step is making them work together.

If industry‑led academies and graduate programs are deliberately aligned with public‑sector workforce planning — and if government continues turning strategy into accessible entry points — we can move beyond discussion and into delivery.

The question is no longer whether the talent exists.

It’s whether we are prepared to build, together, the pathways that allow it to thrive.

I welcome perspectives from those working on graduate programs, clearance pathways, or mid‑tier development across government and industry. What’s working, and where are the genuine gaps we still need to close? Join the conversation here.