Cyber Security Careers in Australia – Market Overview and Salaries

Blog Riki Cyber Security Market Overview

Cyber security (sometimes called information security) is experiencing a skill shortage, which means it’s a discipline offering healthy remuneration, stability, and long-term growth. Here’s an overview of the current market, salaries, and career pathways.

In this guide:

  • Cyber security in a nutshell

  • Technical skills and certifications for cyber security roles

  • What to expect from a career in cyber

  • Market insights and salaries for cyber security roles

  • How to land your first role in cyber security

Cyber security in a nutshell

Cyber security is a very broad field, and includes a few major verticals – Security Engineering, Security Analyst, Incident Response, Architecture, Governance Risk and Compliance, Offensive Security, Application Security. 

In a nutshell, cyber security specialists protect systems, networks, programs, devices and data from various cyber-threats, breaches, damage, and theft by unauthorised access. 

A career in cyber can therefore be varied, challenging and rewarding. As a professional in this space, you might create and enforce security policies for organisations,identify and neutralise cyber threats, or undertake offensive security activities, such as penetration testing.

Technical skills and certifications for cyber security roles

Cyber security is one of the few areas in IT where you can make a start without formal certification. 

Getting industry certifications can help your cv stand out when being reviewed by a HR team or a recruiter, however you shouldn’t expect that just having a certificate will get you a role. From my experience, hiring managers will prefer to hire a highly passionate person over a highly certified person who has a punch the clock type mentally.

Technical skills can be taught, attitude and passion can’t. 

If you are in an alternate role in IT, there are pathways to roles that don’t require technical skills. There was a recent post addressing this, from James Turner from CISO lens which articulated this particularly well. 

Below is a list of common certifications I see for candidates making a start in the industry.

  1. Comptia Security+

  2. Cisco CCNA

  3. Certified Ethical Hacker (CEH)

  4. Offensive Security Certified Professional (OSCP)

(If you’re completely new to IT, you might value Coursera’s handy list of entry-level IT certifications to get you started.)

While technical skills can always be taught, the qualities that most managers look for in their cyber security candidates are passion and a curious, adaptable, can-do attitude.

What to expect from a career in cyber

A career in Security can be equal parts rewarding and challenging, with day-to-day role requirements varying based on the chosen discipline. Here’s an overview of three roles that sit within cyber security. 

Security Engineer

This role often includes configuring and automating the first line of defence including firewalls, Intrusion Detection and Prevention Systems (IPS/IDS), Security Information and Monitoring Systems (SIEM) amongst others

Once configured, these devices need to be tuned for the security environment, python is generally used if automation is built into the environment.

A security engineer could also be a subject matter expert (SME) on any one of these technologies e.g., an SME on the Security Information and Event Management (SIEM) platform, Splunk would be involved with fine tuning the alerts to reduce the number of false positives that are being generated.

Security Analyst

Security analysts are the frontline defenders of the security environment. They use various tools to analyse, assess, monitor, and investigate vulnerabilities and suspicious activity. In more mature environments, they might use a SIEM like Splunk, Azure Sentinel, Rapid 7, Exabeam, or Sumo Logic. The SIEM will pull data from multiple sources in the security environment and record a log of events.

When suspicious activity is detected, a SIEM system might generate an alert for the security analyst to investigate, and instruct other security controls to stop an activity’s progress.

Offensive Security 

Offensive security is perhaps considered one of the sexier roles in cyber security. There are many titles but are most known as penetration testers or red team consultants. If you have seen Mr. Robot – that is a good description of what someone in offensive security does day-to-day. 

Offensive security specialists are given permission to try to break (“hack”) into a company or its IT environment to find vulnerabilities. This could be software-based systems, the IT infrastructure, or at times can also incorporate physically attempting to gain access to premises.

Market insights and salaries for cyber security roles

Cyber security in Australia is in high demand as the industry is in a significant maturation phase. I suspect there will be large growth in Application Security as a discipline, as it is still an emerging field, and every company runs a significant amount of software. 

The shift to public cloud has further complicated making an application secure, which is a big reason for this being a role to keep an eye on.

Roles and salaries

There are many roles, levels, and attractive salaries on offer for cyber security specialists this should give a ballpark range on a few of the roles:

  • Governance, Risk and Compliance Consultant - $80,000 to $200,000

  • Penetration Tester - $80,000 to $165,000

  • Security Analyst - $80,000 to $160,000

  • Security Architect - $140,000 to $200,000

  • Security Consultant - $100,000 to $180,000

  • Security Engineer - $100,000 to $180,000

How to land your first role in cyber security

If you’re looking to break into cyber security, be mindful that the first role will be hardest to get.

The link above is to an article Jacob Larson from CyberCX wrote, it does a great job of articulating the challenges and more importantly has some strategies around how to get that first break.

Your passion and attitude will be key to your success, so it’s a good idea to try various disciplines and attempt to find your area of interest. 

Networking is also super important, so get along to one of several meetups that happen in most major cities. Meetups are a great place to get a feel for what people are doing within the various disciplines (plus they generally have free beer and pizza – and who doesn’t love a freebie?)

A few Sydney based meetups to keep an eye out for:

I’m always on the hunt for qualified security professionals. So, if you’d like to chat about the current market and opportunities – get in touch!