Cyber career change

By Tom Snowdon

David Lacey never wanted to be a cybersecurity expert. He wanted to be an accountant. He was interested in numbers – in solving problems, looking for irregularities. The world of IT and cyber activity had never really entered his mind.

But then he went through a career change. He joined the army, working his way into intelligence roles, where his natural abilities for flagging threats were nurtured.

It was a turning point in his career that led him to take on some of the most senior roles in specialised crime-fighting organisations in Australia.

He now regularly advises governments and industry players about all matters relating to identity, cybersecurity, law enforcement and national security, partly through his role as Managing Director of IDCARE – Australia and New Zealand’s first national identity and cyber support service.

Professor Lacey also leads UniSC’s Institute for Cyber Investigations and Forensics – a training ground he established for future cybersecurity professionals, taught online by some of the most distinguished leaders in the field.

However, it’s not to his knowledge of computers or the online world that Professor Lacey attributes his success – or anyone else’s success in cybersecurity – it’s to an ability to communicate.

“There’s an emphasis on the C in ICT,” Professor Lacey says.

“The cybersecurity profession has not benefited at all from stereotypes around who the typical IT person is.

“What the industry needs is people who can communicate what they’re seeing happen in an online environment to an audience who is often non-technical – whether it be decision makers or executives in organisations.

“We need people who can explain what organisations need to do to mitigate risk.”

The industry is going to need a terrific lot of these new workers, too. A Deloitte Access Economics report projected a need for 60,000 more cybersecurity professionals by 2030 in Australia alone.

Another report, from the Australian Cybersecurity Growth Network, predicts the industry will triple in size to be worth a staggering $6 billion by 2026.

“It’s an industry that’s crying out for more people because it’s evolved in response to the digitised economy and threats to that economy,” Professor Lacey says.

“The result of those two things is this new emerging profession that is having to play catch up.”

Professor Lacey says anyone who studied the arts, criminology, or law disciplines would already have the qualities needed in future cybersecurity workers.

“Most of our students are career changers,” Professor Lacey says.

“In terms of backgrounds, we’ve got a pretty mixed bag of students – people who have come from education, law enforcement, bartending, arts’ graduates, criminology and law.

“Our student cohort is largely representative of what you’ll find in the broader industry base.”

Leah Mooney – a course coordinator and lecturer at UniSC's Institute for Cyber Investigations and Forensics – is among those who found their way into the cybersecurity industry via law.

Before 2012, she was a senior lawyer at multinational law firm Minter Ellison, specialising in insurance and risk management. But after returning from maternity leave, it was time for a career change.

Ms Mooney’s early move into cybersecurity put her at the forefront of the industry. She was one of the few females working in the male dominated field – an irregularity the industry is still trying to correct.

“The cybersecurity industry at that point was still immature,” Ms Mooney says. “Cyber-insurance was relatively new to Australia. There were some blue-chip insurance providers that offered policies but for the most part it was relatively new. Whereas now, you’d be hard pressed to find an insurer who didn’t offer cyber-insurance among their suite of policies.”

Ms Mooney set out to make herself a “thought leader” in the cybersecurity space, presenting at conferences, writing articles – taking any opportunity she could get.

Recognising the multi-faceted legal framework surrounding cybersecurity, Ms Mooney’s initial focus on cyber insurance developed into legal expertise in privacy, technology, media and communications. However, she realised there were limitations to working as a sole operator in the complex world of cybersecurity – a field that requires collaboration with experts from other disciplines.

“At the point I started doing data-breach response work, I realised a lawyer couldn’t do that job on their own,” Ms Mooney says.

“I needed to be part of a specialised team, so I started working with other cybersecurity response professionals.”

Ms Mooney now wears many hats. She still consults for legal firm Minter Ellison, and is an Executive Director and Company Secretary at IDCARE. She is also a senior legal officer at UniSC, specialising in cybersecurity and privacy. And, of course, she is one of the course coordinators and lecturers at UniSC’s Institute of Cyber Investigations and Forensics.

“I have a portfolio career now,” Ms Mooney says. “To specialise in this area, I have to work across a number of organisations to get the right mix of expertise. It’s a juggle – and it has its own challenges – but it’s incredibly rewarding and flexible, which is very appealing.

“There’s something very gratifying about walking straight from the situation room into the classroom.”