Cyber professionalisation scheme calls for feedback on cyber role definitions

CyberPath, the pilot program designed to professionalise Australia’s cyber security workforce, is calling for industry feedback on its Occupations Framework, which is informing how cyber roles are defined and scoped as part of the scheme.

The CyberPath Occupations Framework aims to create a "clear, scalable, and future‑ready structure" for describing cyber work in Australia, intending to provide the foundation for professional standards, competency models, assessment pathways and national workforce planning. 

The team behind CyberPath - consisting of AISA, consortium lead ACS and partners AWSN and Aus3C -  stated that cyber job titles and descriptions "vary wildly" between organisations, with a Security Analyst in one company perhaps doing completely different work in another.

"The CyberPath Occupations Framework aims to fix this by creating a common language for cyber roles across Australia," the CyberPath post said.

"It’s not a rigid set of job descriptions. Instead, it’s a flexible guide that organisations can adapt to their own context. It provides a simple, structured way to describe cyber work."

Core design principles shaped via international research and previous consultation rounds include grouping similar types of cyber work into functional domains; defining roles based on real tasks, skills, and responsibilities; and alignment with Australia’s national occupation system.

It also includes supporting both specialists and generalists, including people in small organisations who have many different roles; supporting the visualisation of pathways for people moving into cyber from other tech adjacent, as well as non-technical disciplines; and developing a structure that can evolve as technology and threats change.

CyberPath claimed the framework is designed to support people entering or growing their cyber career by "providing a clearer picture of what different cyber roles involve and how someone's skills can transfer", as well as for employers in "being able to map their workforce more easily, write clearer job descriptions and plan capability needs". 

It's also claimed to be designed for educators and trainers, providing a "consistent structure to align courses and programs with industry expectations", as well as giving government and policymakers "better categorisation of data leading to clearer insights into Australia’s cyber workforce needs".

A discussion paper for the industry to respond to has been grouped into six Consultation Themes: framework scalability, fit, and application; standardised role descriptions; functional domains; MVP CyberPath roles; global frameworks; and organisation adoption and scalability.

Interested respondents are encouraged to read the Discussion Paper, select at least one Consultation Theme and prepare a written response by 5:00 PM AEST on 30 June 2026.

What roles should and should not be within scope for professionalisation was one of many areas brought up by attendees at a series of recent town hall consultation sessions about the CyberPath scheme held over March and April.