Careers with STEM: Cybersecurity 2019

Page 1


TERM 4, 2019


Discover a day in the life of an ethical hacker p6 Are you cyber smart? Take our quiz! p12


Penetration Tester, CBA





want to be a tech hero? Our digital world calls for a new style of ‘hero’ to keep us safe online. This industry is called cybersecurity and it is booming


need to fill 18,000 more cybersecurity jobs by 202 6, and that global spending on cybersecurity will sur ge by 88% between now and then. The great news for anyone interested in this career area is that cybersecurity has a diverse range of opportunities. We’re not all ‘ethical hackers’ trying to break into systems before the bad guys do (although that is one job – they’re called pen testers), there are other less tech-focused rol es like writing policy and communicating sec urity information. That’s not to say comput er science skills aren’t crucial – they’ll be the bedrock for any successful career in cybersecurity.

– where e’re living in the digital age a digital has almost everything we do re time mo ing nd spe element, and we’re has tion olu rev ital online. This dig ortunities and enabled opened up countless opp rk s – from the way we wo some amazing innovation . ate nic commu and shop, to the way we opportunities and se the all h wit ng alo t Bu e – the risk of people sid ker benefits comes a dar ulating our with bad intentions manip That’s why m. har us do to gy technolo n of keeping sio cybersecurity – the profes n safe online atio orm ourselves and our inf now. ht rig a are ng mi – is such a boo –a According to AustCyber -for-profit not ded fun ntme ern gov grow Australia’s founded to champion and there is a skills cybersecurity industry – ey predict we’ll shortage in this field. Th

The great news for anyone interested in this career area is that cybersecurity has a diverse range of opportunities”

opinion, is the ability But just as critical, in my llenge assumptions and cha ns, to ask tough questio a ity. You’ll also be let in on to have a sense of curios d nee you so n, atio inform lot of secret and sensitive hone these abilities can you If hy. ort stw tru to be lls, then you’ll be in for and keep up your tech ski you can truly say you’re a rewarding career where place for everyone. making the world a safer al Manager, Cyber Brendan Hopper, Gener ealth Bank of Australia Security Centre, Commonw

What’s inside? ed to P4 Everything you ne ity know about cybersecur P6 Keeping Australia’shackers biggest bank safe from P8 Schools Cyber Security Challenges P9 Meet the cyber superheroes P11 Securing TV land P12 Get cyber quizzed







E R U T U F T R A M CYBER S Cybersecurity is a booming career area that helps us stay safe online. Here’s why it’s such a big deal right now

Cybersecurity is everyone’s business stralia about $1 billion d on line fraud – cost Au up LandMark Cyber crime – hacks an ny, proper ty va luation gro pa com e on 9, 201 y Ma last year. In a cyber attack. ult of a data breach from res the as n llio mi $7 t White, los victim of an online re than money. Being the mo ut abo is ety saf er cyb But e woman was jailed for . In June 2019, a Melbourn ng ati ast dev be can m sca r Lincoln Lewis, faking to be Australian soap sta g din ten pre for rs yea o tw gh social media. One n sta lking people throu his identity on line and the hing) committed suicide. m (which is called catfis of the victims of the sca out trusted on line about cyber safety, check If you have any concerns stralian Au te Stay Smart On line, the ber Security sources such as the websi Cy s ool yber and the Sch stC Au n tio isa an org nt governme O. lle Price, AustCyber’s CE Challenges, says Miche about the economy has ng thi ery sted adu lt. “Ev tru or r che tea a ask o, Als rk or school, or the local ether we’re at home, wo a digita l component. Wh of being on line. of the risks and benefits cafe, you need to be aware e and being aware to defend yourself on lin Ma king sure you’re ready s Michelle. is critical right now,” say of careers in cybersecurity


By , Australia will need 18,000 mor e

cybersecurity workers

Your 6-day plan to staying safe online urity Centre The Australian Cyber Sec ying safe sta recommends six steps to e: on line, one day at a tim

Day 1

password Create a strong, unique hentication aut or and turn on two-fact ng asi rch pu for your ban k and ount acc e ogl Go ID, accounts, Apple nt. ou and email acc

Day 5

Day 2

password and Create a strong, unique tication for turn on two-factor aut hen g apps. your social and messagin

Day 6

Day 3

Turn off automatic conne ction to wi-fi and on ly conne ct to trusted wi-fi networks on your mobile phone, device, home com puter and laptop.

d turn on Add a PIN/password an r mobile phone, automatic updates for you d laptop. an device, home computer


Day 4

on your Install security software me ho , mobile phone, device computer and laptop.


Complete the security check-up for your Gmail, Facebook and Lin kedIn.


what jobs are there in Cybersecurity?

r social posts, Data is all around us – ou ases, music and rch pu e search histor y, on lin ces leave a stream entertainment preferen ita l footprint. So, of data that forms our dig s work everywhere. cybersecurity specia list ty – there are 52 There’s also a wide varie from, according to different careers to choose of the main ones... AustCyber. Here are a few

Major cyber industries

•Defence/governmen t •Finance •Telecoms •Large tech compan ies

Application security

Computer forensics analy sts

Work with law enforcem ent agencies to track cybercrime and with wo rkplaces to investigate after a major cyber incide nt.

Cyber intel analyst

Study the latest cyber bre aches and attacks, monitoring communicati ons on the dark web in order to develop a pic ture of the current cyber-threat landscape.

Pen (penetration) tester

elopers to ensure Work with application dev software. they’re creating secure

Tests electronic and com puter systems on ly (occasionally hardware). They have a more restricted scope of what they are allowed to test than the Red Team (see below).

Bug bounty hunters

ncers work outside These independent freela lnerabilities in the vu companies and search for h companies. tec by d software built and owne

Red Team

Medium cyber players

re •Major in frastr uctu) (electricity, water •Insurance nt ns •Tra port/govern me •Sma ller tech compan ies

The Red Team tests the readiness of a company by looking for weak point s in computer systems, networks, staff and/or pro cesses. They attack systems, bad processes and procedures and people’s bad habits (such as opening/clicking on fake emails).

Security engineer/cyber detection engineer

Write code to automate detection of cyber threats by looking at tho usands of computer logs to detect anomalies.

Where to study?



Cyb Bachelor of Computing and berraBachCCS Canberra, Science specialising er put Com Bachelor of Science, IT or inBachCyberSec in Cybersecurity, urity, TAFE NSW, Cer tificate IV in Cyber Sec TAFECertIVCyberSec hnology (Cybersecurity Diploma of Information Tec y, Bootcamp), Coder Academ

TY JOBS cs+CYBERSECURIana lyst: Business intelligence 98K AU$ 58K–$122K / NZ $58K–$ : lyst ana rity ecu Cybers 87K AU$49K–$119K / NZ $53K–$ r: inee eng Security 104K* AU$ 58K–$137K / NZ $43K–$ to ng ordi *Source: salaries acc

y and , as well as law, psycholog Students skilled in STEM a to are h wt gro ess this new job communications can acc FE TA s. eer car g ging and excitin find rewarding, challen rity, ecu ers cyb in up ll ski ways to and unis are offering new ate xim ly up for graduates. Appro and employers are lining rity as alia now offer cybersecu ha lf of all unis in Austr degrees. IT or computer science a degree or as a major in

How can I prepare now?

There’s plenty of ways to get inv

olved in cybersecurity. Start here: The Schools Cyber Secu rity Challenges provide high school teachers with resources to support the teaching of cybersecurity concepts and inform stu dents of career opportu nities in the field. Check out: projects/cyber-challenges The Optus Cyber Securit y Experience takes the students into an interactive cor porate cyb ersecurity situation where people from the cybersecurity team are introduced as the situ ation unfolds. Check out: If you’re at uni, the Cyber Security Challenge Au stralia is a ‘hacking’ competition run by an alliance of Au stralian Government, business an d academic professiona ls. Check out: cybercha llen – Heather Ca tchpole




Bank safe

rking to protect the wo s ist ial ec sp ity ur ec rs be Meet two cy its millions of customers Commonwealth Bank and


Edmond Buzby Digital Forensics

From chemistry to computer science

A world of opportunity in the banking sector opened up after Edmond Buzby studied computer science


dmond Buzby is just like the forensics heroes in TV shows like Bones or CSI, only he searches for digital evidence of crimes, collecting and preserving anything he finds for police and the legal system. This evidence may then be used in court proceedings and government enquiries. As an eDiscovery and Digital Forensics Associate at Commonwealth Bank of Australia (CBA), Edmond’s work is very important to the bank and its customers. “A lot of the work I do relates to high-profile and public matters, and investigations faced by the bank.”

Mix and match to find your perfect STEM career Edmond became interested in cybersecurity during his computer science (CS) degree. He initially started a chemical engineering degree but he decided it wasn’t for him so he changed to CS after he particularly enjoyed an engineering computing course. “Never be afraid of doing something new or completely different,” says Edmond. “Change subjects, change degrees if you have to. Nothing is set in stone, so feel free to follow your passion if you find yourself stuck in a rut.” Edmond believes the need for STEM-qualified people in the banking sector isn't going away, which presents an enormous opportunity for young people. “Getting ahead and choosing a STEM degree sooner rather than later is going to hugely accelerate your career,” he says. “You can study computer science with no prior programming knowledge, as long as you’re enthusiastic and willing to put in the effort to learn.” QUENTIN JONES

Never be afra of doing something newidor completely different”

Bachelor of Computer Science and Technology, University of Sydney


Summer Intern, CBA

eDiscovery & Digital Forensics Graduate, CBA


eDiscovery & Digital Forensics Associate, CBA


A day in the life of an ethical hacker hacker and Trying to think like a agons is all playing Dungeons & Dr play) for in a day’s work (and e-Salvador CBA grad Rhiannon Ne as a pen tester in the hiannon Nee-Salvador’s role tralia’s (CBA) graduate Commonwealth Bank of Aus s, it’s . Often called ethical hacker program is an important one how and ere on to figure out wh the job of experts like Rhiann tem. organisation’s computer sys an a hacker might break into n sio ero the acy and preventing “I am passionate about priv on says. of our digital rights,” Rhiann es that inspired her to of It was Rhiannon’s love gam and game development. She try courses in programming a video games journalist worked as a video editor and ree. But what does a day before enrolling in an IT deg ually look like? in the life of a pen tester act us through : lk wa We asked Rhiannon to


to access my t act like full, separate virtual machines (apps tha them throughout the computers ) to run tests on delete a virtual day. I can create, copy or machine in a few minutes.

9:30am: I boot up my laptop

Rhiannon Nee-Salvador Pen Tester

ermine which tests I do change tests to run. The kinds of working on, but I’m tem depending on the sys lications that access I mostly deal with web app k employees. internal systems used by ban site to see what it 11:00am : I will poke around the work also involves thing. My does and if I can ‘break’ any L and other web code and HTM capturing traf fic, analysing I find. writing reports about what from all the critical and 12 :30pm : I need a brain break lunch and play cards s I’ll have creative thinking! Most day leagues. col my h wit es or board gam . We try to use the same 1:30pm: More system testing rs, which means my work tools as real-world attacke tools! computer is full of hacker for a walk; it’s ver y 3:00pm: Tea break or we go and about as much as flexible. It’s good to be up the sitting I do! possible to counteract all about the work other 3:30pm: I research and read me ideas for my nex t tests. testers have done – it gives head to the gym or play 5:30pm: Finish work. I might friends. – Claire Harris Dungeons & Dragons with


10 :00am : Team meeting to det

Diploma of Languages (Indonesian), Monash University

I am passiona about privacy and te preventing the erosio of our digital rights” n

Bachelor of Arts (BA) in Philosophy, Monash University

Master of Information Technology, Swinburne University of Technology


Video Games Journalist

Enterprise Services Graduate, CBA



e g n e l l a h c e h t Rise to

The Schools Cyber Security Challenges are bringing cybersecurity into the classroom – preparing students for this fast growing, crucial field

nt secure online is so importa nderstanding how to stay the work data moves into as more of our personal and ian them up to speed, Austral p kee digital environment. To ut abo n have the chance to lear high school students now en to oms. Students in years sev sro clas cybersecurity in their ude incl ch whi ges interactive challen 12 can par ticipate in four as h suc ics top cal well as techni personal data securit y, as securit y. k wor net and cryptography versity Academy (ACA) at the Uni ing put Com ian tral The Aus ges to ools Cyber Securit y Challen of Sydney developed the Sch ts den stu ersecurity concepts to suppor t schools to teach cyb es. ut career opportuniti and to let students know abo ia y Officer at National Austral urit Sec ef David Fairman, Chi ght insi an ts den stu llenges will give Bank (NA B), says the cha ats about and what sor t of thre is rity ecu into what cybers issues se the uss disc to w them they will face online, and allo with others. a threat adversary or hacker “It also teaches them how ir system capabilities for the thinks and how they exploit s. own interests,” David add


• Bachelor of Information Technology (Software Engineering / Dat a Communications), Queensland University of Technology • Global CISO, Royal Ban k of Canada • Masters of Business Adm inistration (MBA) and Masters of Project Manag ement (MPM), University of Southern Que ensland • Global Head of Securit y Architecture, Royal Bank of Scotland Investme nt Bank • Chief Securit y Officer, National Australia Bank

on Cyber skills you can bank and in the financial and

high dem Cybersecurity skills are in by NA B, challenges are suppor ted ACA the – banking sectors s vice ser bal glo and ac k, Westp ANZ, Commonwealth Ban company BT. urit y and has moved from an IT sec David says cybersecurity strong for broader skill set. “We look technical focus to a much and n me acu want good business technical skills but we also with a ple peo t tha he explains, adding a little bit of psychology,” d. fiel the in g kin wor ound are also legal and /or privacy backgr rted sta He . rity ecu ers cyb d” into David says his career “evolve ce as an electronic war fare For Air ian tral Aus al Roy out in the hnology hel Bac or of Information Tec specialist. After studying a urit y. sec IT a communications and par t-time, he moved into dat and g livin n eer highlights has bee One of David’s biggest car for d fiel g itin exc s cybersecurity is an working overseas. He say as w gro will es niti career opportu people to get involved in and its digital transformation. es tinu con ld the business wor career, nities for people to grow a “It gives incredible opportu ges,” some pretty exciting challen to travel globally and have burgh David adds. – Nadine Cranen


To get there:

David Fairman career milestones

Helping schools stay cyb er safe: the ACA provides resources and suppor t for schools to teach kids abo ut staying secure online



r e b y c e h t t e e M superheroes

Security Engineer, Google

rity mindset is important cu se a g vin ha d an fe sa r be Being cy rheroes are working round pe su r be cy few a t Bu . ne yo for ever d online the clock to keep us protecte

1 Hack-proofing Google

Security analyst, Westpac

For her day job, Kathy Zhu detects cyber criminals’ attempts to hack Google thy Zhu says her role hile she’s into coding, Ka the world ’s biggest as a security engineer at h company is about information-focussed tec ica techn l. way more than just being ff! have to do hands-on stu “It’s ver y practical – you g. hin ryt know a bit about eve For security you need to be can rt pa b activities... every Hardware, software, we hacked,” Kathy says. as a Google security Kathy’s pat h into her job jects” en interest in STEM sub engineer began with a “ke my ing do s wa I en wh o coding in high school. “I got int s. say she it,” ed lik I much degree and rea lised how m Westpac Graduate Progra the ed join she i un After d rte sta she , security team. Then and took a turn in their her t me d an ey SecTa lks in Sydn attending meet-ups like s like learned about what it wa “I re. current manager the s. say she ’!” job am at’s my dre in Google and thought ‘th ge. er challen But getting it was anoth s and for. It took me two month ly app to gh “It was tou HSC! There was a lot of I found it harder than the in myself at a fast pace.” information – I had to tra the d now it’s her job to keep Kathy scored the gig an the in “I’m . from cyber attack Google tools we use safe ’s ple peo ect e, so I try and det detection side of the rol she says. attempts at hacking us,” h know existed back in hig n’t did she It’s a career When oy. enj ls gir re mo n to see school, and one she’s kee , use t billions of people will you are creating tools tha lly rea is ht “diversity of thoug and that need to be secure Heather Catchpole important,” she says. –

Technical graduate, Westpac Bachelor of Information Systems, UNSW






b Policing the wesetig ating


s is inv AFP agent Janis Dalinus safe online ep ke how AI can help


anis started out as a softwa re developer, before he made a career move. “Th e money was great and the job interesting but it wasn’t me,” he says. Janis joined the Australian Federal Police (AFP) before taking some time off to complete a Masters of Information Technology, qualifying him to become a digital forensic examiner. Janis’s job involves examin ing electronic evidence – sifting through a lot of dat a, including graphic and offensive material that can be distressing for officers tion Masters of Informaive rsity Un sh na Mo gy, Technolo

NG, Bachelor of COMPUTI Monash University

Cyber champion Michelle Price heads up AustCyber, the Australian Government’s cybersecurity champions

n. As ernment-funded organisatio ustCyber is a non-profit, gov ia’s tral Aus in wth to drive gro CEO, Michelle is on a mission ses s we need more local busines say she and y acit cybersecurity cap . and dem g win gro to meet the and a bigger local workforce in the Indo-Pacific region on ion trill $1 nd spe will “People t 10 years,” she says. cybersecurity over the nex online, is to ensure people are safe AustCyber’s broader mission ors act d “ba true passion lies, keeping and that’s where Michelle’s from doing harm”.


Bachelor of Arts / Eco Business Law / mark nomics / ng, Macquarie Universeti ity Director, Corporate Risk and Str ategy, Austr al Customs Service ian

“There are many job types that go after these people. It’s like the digital form of the police or the digital form of being a good neighbour – protecting each other helps protect all of us,” she says. Day-to-day, Michelle’s role is to speak publicly about why cybersecurity is an important business risk, making sure people buy Australian-made cyber protection and ensuring the Australian companies that work in cybersecurity are globally competitive. – Heather Catchpole

Bachelor of Design Visual Communicatio/ n (honours), UTS

Senior Advisor, Cyber Pol Department of the icy, Prime Minister and Ca binet


CEO, AustCyber

Peter Kydas was the president of a unique club at his uni, teaching students about cybersecurity careers

so new that schools areers in cybersecurity are ching up on creating and universities are still cat half of Australian und aro curriculum content. While private colleges) and Es universities (as well as TAF uni student , rity ecu ers now offer courses in cyb se in the erti exp y urit sec Peter got most of his . club RMIT cybersecurity learning from industry The club is more than just t). Members group together (although that is a critical par ges to learn how to problem on ‘capture the flag’ challen skills. They also take part solve and gain ethical hacking ge (see page 8). in the Cyber Security Challen Bachelor of Electronics Engineering / Computer Science, RMIT


Senior Advisor, CyberSecurity, ANU

Cyber captain



ic Ex aminer, Senior Digital Forens Police Austr alian Federal

AILECS Lab, Acting Co-director rs Monash Unive ity

tomation, PhD in Intelligent Au Monash University


to sort through manually. The work inspired Janis to start a PhD investigating how trawling the dark web could be automated using AI. He received an Australian Public Service data fellowship for his PhD, enabling him to collaborate with experts at CSIRO’s Data61. Janis says his PhD was a step towards fixing the “disconnect” between universities and police and he is now acting co-director of a new lab at Monash University looking at other ways AI can be used in law enforcement and community safety. “We do two very different jobs but we can learn a heck of a lot from each other,” he says. – Nadine Cranenburgh

Past president, RMIT CyberSecurity Club


The club also helped Peter (who is currently finishing up a computer science and eng ineering degree) get a foot in the door with global consult ing company EY. “The RMIT cybersecurity club does weekly meetings and presentations on cybers ecurity trends as well as technical workshops. This was a really good introductio n to the field,” he says. But the re’s work to be done on educating parents. “My mu m thinks it’s a fad and doe sn’t know why I’m going into it!” “Today's younger generation s have grown up with computers and can adapt quit e quickly to emerging technologies.” – Heather Cat chpole Recruit, EY Graduate Program


Screen time

bersecurity went far beyond cy d re ve co dis le tee -S ox nn When Ash Le otypes, she was sold the Hollywood hacker stere

To get there:

It’s impossible to describe what a typical day looks t like because I don’ have one”

and Steele was into gaming rowing up, Ash Lennoxs, “so say she ,” me to se ke sen computers. “They just ma get something out of a I was pretty sure I would at.” ce. I just didn't know wh degree in computer scien wanted she at wh ow kn n’t did ll In her final year, Ash sti what nd fou her degree. Then she to do when she finished . rity ecu lecture about cybers she was looking for in a but the l With the Dragon Tattoo Gir e “I’m a big fan of Th ng to thi no s ha ies hackers in hood Holly wood portraya l of e tur lec t tha m fro ch learnt so mu do with cybersecurity. I .” ‘That’s what I want to do’ and I wa lked out thinking ing dy stu of lue va d the Ash says she also learne t. ght like, and being patien mi u yo nk thi u yo tty something pre t bu e tim nted to do for a long “I had no idea what I wa t tha st tru to same. You’ve got much everyone feels the you’ll work it out.”


Bachelor of Computer and Information Sciences, AUT

After finishing a Maste rs of Information Securi ty and Digita l Forensics at Auckland University of Technology, Ash started working as a Security Analyst with New Zeala nd ’s state-owned TV network, TV NZ . “It’s impossible to descri be what a typica l day loo ks like because I don’t have one,” says Ash. “It’s a dynamic role that changes every day and I love that variety. Our team works across the TV NZ network and infrastructu re. Our goa l is to ma ke TV NZ as secure as possi ble from cybersecurity threats. I’ve never consid ered the dark side of hacking. Holly wood ma kes hackers look cool bu t my conscience is too ethica l for that.” – Rober t Tighe

Master Of Information Security and Digital Forensics, AUT


Security Analyst, TVNZ



Test your cyber skills!

think like Do you have what it takes to


a cybersecurity professional?


A Accept – the more the merrier

e with A Combine your pet’s nam ate thd bir your lly B Use something that’s reaused ’ve you t tha hard to guess somewhere else sword C Make a new, strong pas tor era gen ord sw using a pas




B Only accept if they know someone you know C Don’t accept unless you know them personally

Mostly As You’re cyber sorry You gave your best ‘friend’ on Facebook your password and now you’ve been hacked across all platforms – someone’s stolen your mum’s credit card details, the school’s computers have all been frozen and worse, there’s someone pretending to be you online! The consequences of not staying secure online can be pretty devastating. Luckily, you can improve! Start by using strong passwords and never sharing personal information. Then check out the cyber security information provided by the Australian Government or the Australian Computing Academy – you’ll not only keep your personal information safe, you’ll also find out a tonne about being a great cyber citizen.

Mostly Bs You’re cyber savvy


A Open it quick! Might be

important B Don’t open it but leave it on your phone just in case C Don’t open it and block


the sender



A Deal with it later

You’re halfway to becoming the cyber savvy citizen you need to be. Keep these cyber tips in mind to stay safe at all times: 1. Don’t lose your phone/iPad/laptop – there’s a mine of personal information in there. 2. Don’t share passwords. Like, ever. 3. Don’t click anything suss – in emails, chat rooms, social posts or texts. ‘Phishing’ is the name for someone sending a link that can literally expose you to identity theft in one click. 4. Don’t friend people you don’t know – especially if you use location-sharing platforms like Snapchat. Keep in mind what you DON’T want people to know about you from social media (like your address and phone number) and stay safe. 5. Be wi-fi aware – if you’re not on a private network, you’re exposed to hackers.

B Borrow a friend’s phone and call the bus company C Launch your remote lock and location features you activated when you set your phone up

Mostly Cs You’re cyber smart




it be? tly. How dangerous could A Share with them permanen just for an hour B Share your location but ’t know. D’uh ation with anyone you don C Just don’t share your loc

*In 2017, the criminals behind the WannaCry cyber attack froze hundreds of thousands of computers across 150 countries – including those at hospitals, railway networks and government systems – demanding ransom in the form of cryptocurrency



Congrats! You have the mindset you need to keep your own information safe – and others! Keep promoting privacy amongst your friends and family, and stay secure in the knowledge that you’ll never expose your study/school/work to a WannaCry-style cyber hack*. Bonus – consider studying cybersecurity to get in-demand opportunities for diverse roles across multiple industries! Or check out some more profiles of cyber specialists at – Heather Catchpole

More tips: