Macquarie’s newly transformed curriculum will empower our students for the jobs of tomorrow. In this series we meet the expertise behind some of the future-focused degrees being offered from 2020, starting with the Bachelor of Cyber Security.

Christophe Doche is the Executive Director of the Optus Macquarie University Cyber Security Hub and architect of Macquarie’s cyber security degree programs. He recently sat down with 2SER’s Sean Britten to explain why Australia desperately needs more cyber professionals. 

---

How would you characterise the current need for cyber security workers?

The need for cyber security workers is huge. It’s a big problem, both in Australia and worldwide – we are losing the battle against cybercriminals at the moment.

The cost of cybercrime is estimated to be $4.5 billion in Australia last year. Worldwide, the cost was estimated to be US $450 billion in 2016 and is projected to reach US $2 trillion this year.

So the risks are there. The costs are enormous. And at the same time, we don’t have enough people – there’s a shortfall of skilled people of about 1.5 to 2 million jobs worldwide.

The image that pops into a lot of people’s minds when we talk about cyber security would be Russian hackers interfering in the last US elections, or fears that China could do the same here in Australia. Is the web becoming the new battleground for nations?

Absolutely. It is the battleground right now. It’s much more convenient to do a ransomware attack than it is to go and rob a bank with a gun.  Why would you send troops when you could send a virus?

In 2010, for example, there was a virus called Stuxnet that was used to take out nuclear capabilities in Iran. It’s very hard to know who was responsible for the attack – was the US, was it Israel? We’re still not sure. Similarly, a couple of years ago, before Russia invaded Ukraine, they first took out all the critical infrastructure with a cyberattack.

So, is digital the new battleground? Absolutely, and it’s only going to get worse.

How equipped is Australia, as a country, to deal with this new battleground?

I would say that Australia is not any different to other countries in the world – struggling with these very complex issues.

What we see is that people in Australia are not very prepared. I talk to a lot of people and I think it probably comes from the fact that we live in a relatively safe country – we are on an island, separated from the rest of the world,  and we tend to translate our physical security into digital security, which is completely not applicable. Digitally, we’re at the doorstep of Russia, of China. So we’re not at all safe in the digital world, and our behaviour needs to change.

There are some positives – for instance, the NSW Government has a new Cyber Security policy that’s a first step in the right direction. We’ve seen lots of investment coming from Federal government, with the launch in 2016 Cyber Security Strategy which was the first step to develop this industry.

So, there’s lots of work to do, but I see lots of positives as well.

Currently, most current cyber security workers have come from different areas of IT. Does this present a problem, not having a specific security background?

I think the best mix includes some strong technical capabilities, but that’s not enough. Because cyber security is not just an IT issue – it’s a business risk. So, you have to add something else – it could be law, business acumen, financial risk understanding. criminology, psychology…

Psychology is very interesting because the human factor is crucial. Studies have shown that more than 60 per cent of breaches have come from a human error – whether it is intentional or an accident ­– from the people working in the organisation. If you understand the way humans behave, you have a chance to design safer systems.

All these characteristics [of cyber security] lead to a very broad range of careers, and people from a very broad range of backgrounds can be successful in these industries.

The good thing about the Cyber Security Hub at Macquarie is that all disciplines are connected, so we can teach both the technical and soft skills in an integrated way. For example, in our Introduction to Cyber Security unit, students are taught by academics from three different disciplines – computing, business and criminology. We really want to tackle cyber security as a complex and interdisciplinary issue.

To learn warfare, people would often play war games. If we’re talking corporate and governmental warfare here, I’m wondering if there’s a comparison there…?

Absolutely. Simulation is a very powerful way to make people realise the impact of a potential breach. We’re working on an event at the end of the year where we will do exactly that – bring people from corporate to go through a full-day simulation of an attack, and then learn from that.

You’re training students to hack, in order to teach them how to defend against hackers. Is there a fear that they could cross to the ‘dark side’ and become black hats themselves?

There is absolutely this fear – it’s real. We are equipping students with scary skills.

One way to respond to that is to bring the question of ethics absolutely every time, everywhere – we reinforce the importance of ethics at every opportunity.

But actually, what I’ve seen is quite the opposite. We’ve managed to rescue a few students who might have crossed that line in the past. But everything changes once they see that they can apply those skills for the greater good, once they realise that there is a possible career in what they enjoy doing. They see the incredible demand. We have industry speakers coming to our lectures and presenting their work and company to our students and they say, “we have ten jobs to be filled tomorrow – we need people right now.”

Given the large gap in the cyber security workforce, how are you going about attracting students into this area?

We’re quite successful – or programs have grown very rapidly. In 2017 we had 70 students across the whole year and this year we have 140 in Session 1 alone. So, there’s a lot of interest.

The tougher question is how to attract more females. The good news is we went from 10 per cent to 20 per cent female in our programs, but it’s about the tireless work of explaining the opportunities and having role models that can show them there is a pathway. Out of our six Optus-sponsored scholarship holders, four are women, and we have PhD students and of course academics that are women. We can use these good stories to bring more women into the mix.

There will be enormous rewards for any student who is brave enough to take the leap.