Questions asked about relevance, cost of cyber professionalisation scheme

Question about what problems cyber professionalisation is intended to solve is one of a number of questions asked at a series of town hall consultation sessions about the upcoming CyberPath scheme.

The team behind CyberPath - consisting of AISA, consortium lead ACS and partners AWSN and Aus3C - heard from attendees across all Australian states and territories in the sessions that ran throughout March and April.

AISA also said attendees asked about what roles should and should not be within scope for professionalisation, how Recognition of Prior Learning, experience and non-traditional pathways will be recognised fairly; and how pilot success will be measured were also repeated themes of questions.

The CyberPath team shared their thinking, stating they currently saw "no consistent way to assure real-world cyber capability across the sector"; employers, boards, and government not being able to "reliably distinguish competence from confidence using existing signals" ; and degrees, certifications and titles being "imperfect proxies for demonstrated capability".

Other areas of concern raised by attendees across various states included how to avoid  credential inflation and certification overload; how skills like judgement and ethics can be assessed; how CyberPath will provide value to employers and boards; and whether the scheme should be voluntary or mandatory.

The consortium claimed that "strong community support exists for starting with a voluntary framework", with mandatory licensing widely viewed as "premature" at this stage.

The group acknowledged that, in response to questions about the cost and wage impacts of professionalisation, that "potential cost burden on individuals and small-to-medium enterprises is acknowledged as a real concern".

Affordability and access concerns were also raised, particularly for practitioners who may need to self-fund participation, with employer incentives and "innovative funding models" currently being explored as potential mitigations.

CyberPath currently in "design phase"

AISA said that foundational work on Governance and Program Foundations has been completed, establishing the principles and guardrails for the program.

CyberPath is now progressing the Occupations Framework, which is informing how cyber roles are defined and scoped in a consistent, risk‑based way.

The six core pillars of CyberPath and where design activity is currently focused.

Workshops are being facilitated at all AISA SecDays to gather industry input into the CyberPath Framework. BrisSec will host a workshop to support industry consultation, helping shape the first professional roles as part of the Occupations Framework of the CyberPath pilot.

ACS won an Australian Government grant of $1.9 million back in November to co-design and pilot CyberPath.

The scheme is a 24-month pilot program designed to professionalise Australia’s cyber security workforce, bringing together industry leaders, educators and professionals to shape a national approach to cyber security career development and standards.