Security for young people in Australia
Security for young people is something I care about. We need to make an investment whether it be time, money or support or university outreach, to get younger people (preferrably students) to see security as a viable, exciting and worthwhile career. The real question is, how?
Shortage of staff in a $2bn+ niche industry. Great incentives, can be thrillingly fun and of only medium stress (which is a pretty good stress level considering other jobs). Why aren't comp sci students flocking to security? Why is it so hard to find skilled infosec people. I personally feel as if education is the problem. We're slowly working towards a higher focus on security in University. But that's slow. We have CySCA, but that's once a year and doesn't teach much as much as it looks for talent. I guess the write ups are a great learning resource, but do many students not already interested in security look at them?
I would like to suggest three potential solutions to this problem.
- The creation of official security societies within computer science courses across universities.
- Proper. Technical. Security. Degrees.
- Bug bounties.
If we are able to make societies where comp sci students can comfortably participate and learn - they might, just might, think of security as a full time gig.
If we can create proper technical degrees for information security (sidenote: have you seen the frieking course outline for the masters in "cyber" security? - sponsored by the NSA). This degree is pretty much been nominated as the de facto best technical security degree. We do have a few degrees in Australia that teach information security, but none I've seen that go in technical depth like the one I linked above. I think it's a great start though.
If we can raise awareness for bug bounties and how low the barrier is for participation, perhaps we can get a few more students (of any age) to participate (in the slightest) in this industry. I am trying personally, but there's still a lot of work to do.
For problems one and two, I feel that there is still a lot of work to do and we're slowly getting there. But this post was more just a brain-dump and a way to express my thoughts and passion in why we need to work harder to get more people to think that security is a worthwhile career.
If you're student right now, check out the following:
 SecTalks (monthly security meetups in Sydney and Perth) and Ruxmon (Melbourne, Sydney, Brisbane)
 Your local universities security society (if there is one)
 HackerOne and Bugcrowd
 Technical infosec courses around Australia.
or... just contact me, and I'll see what I can do to help you out.