Cybersecurity experts need to take a more progressive approach to security education and drive a “cultural change” to improve accessibility to high-level security skills, Australia’s newest SANS Institute-accredited Cyber Guardian has advised.
A lecturer in the UNSW School of Engineering and Information Technology and Australian Defence Force Academy (ADFA) who completed his PhD in intrusion detection and exploit payload technology, Dr Gideon Creech was awarded the distinction – one held by just 35 people in the world and just one other Australian – after completing a rigorous certification program that builds on the GIAC Security Expert certification that itself is only held by around 200 people worldwide.
“You have to have a breadth of understanding coupled with a real, demonstrated ability to perform at this level,” Creech told CSO Australia. “You have a very broad focus but you can also go very deep technically when required.” Creech, who is also involved in the Australian Centre for Cyber Security (ACCS), spent much of the last five years developing the industry experience and skills to complete the GIAC and then the Cyber Guardian qualifications.
Yet while he values their demonstration of his technical prowess, Creech says, “probably the best thing” about having reached the Cyber Guardian certification is its ability to help him promote security skills and training to an industry that is crying out for skilled cybersecurity professionals.
“Across the industry we need to be excited about learning,” he said. “We often have people who are very protective of their place in the cyber world and guard their knowledge and their jobs. But this gives me a platform to give back to the community, and to help everybody with their training and security knowing that advice comes from someone who has passed through that certification gateway.”
The construction of cybersecurity-skilled forces has increasingly been recognised as a key part of national defence efforts, with ACCS professor Greg Austin previously arguing that Australia’s “slow and fragmented” cyber defences are leaving it behind countries like the US, which established a separate US Army Cyber Command and Second Army whose remit includes electronic warfare and “cyberspace operations”.
“Australia’s defence forces need to maintain distinct capabilities for cyber warfare at the strategic level,” Austin wrote. “The capabilities need to be unified in both policy and doctrinal terms in a way that lays a clear pathway for mobilization of the country in very short time to fight a medium intensity, cyber-enabled hot war.” Whether they’re enlisted in a formal army or not, Creech believes Australia’s cybersecurity experts should lead the way for the next generation through greater sharing of their knowledge and experience.
And while certifications are only one measure of cybersecurity skills – “just because someone isn’t certified doesn’t mean they don’t have a great level of knowledge,” he points out – such certifications will often get cybersecurity experts “that seat at the table” to influence skills development and other policies. “If we can start to lead a cultural change where there are a lot more hacker spaces, and a lot more accessibility to knowledge, education, and mentoring – it will really help us accelerate that education process,” he explains.
“There are limited numbers of people out there who can do this, and we want them playing at the top of their game. There are a lot of bad people out there and we need all hands on deck.”