"Sir, I don't want to be put in a class with 25 other boys".
When Dr Glenn Murray heard these words, it was an ‘aha’ moment for him - the realisation that to get girls interested in cyber was going to take more than just ‘making it interesting’.
Despite cyber being a relatively new field, only some 10 years old and without decades of societal conditioning behind it, a significant gender divide persists — and Dr Murray has taken it on as his personal mission to right that wrong.
Cyber before it was called cyber
Dr Murray started working in this world well before we had a name for the task of catching criminals who perpetuated their crimes in cyber space.
After spending nearly two decades in the Australian military, working on working on initiatives such as electronic warfare, he left the military and took a deep dive into the world of critical infrastructure.
He became acutely aware of the highly vulnerable infrastructure across Australia for which there would be catastrophic consequences if compromised - a premonition that has since come true in recent years with examples like the Medisecure cyber attack in November 2023, which put 12.9 million people at risk.
Dr Murray went on to complete a PhD in cyber and critical infrastructure with a focus on hospitals. To this day, his PhD thesis is embargoed - and will continue to be until 2033.
Dr. Murray has now been appointed to the East Metro Hospital Service (EMHS) Board. This appointment is a powerful acknowledgment by EMHS that, given the rising threat landscape, cybersecurity expertise is absolutely necessary at the highest level of governance. It marks the first time someone with dedicated cyber knowledge has joined the board, underscoring the vital need for robust cyber resilience within critical infrastructure organisations.
The critical infrastructure problem
Protecting critical infrastructure from cyber criminals is a whole different ball game to what most people would recognise as ‘typical’ consumer cyber security.
“If my credit card gets stolen, I cancel it and get a new one. If my medical data is stolen - it doesn't change for life," says Dr Murray, in a stark explanation of the significance and impact of cybercrime in this arena.
The stakes are distinctly different in critical infrastructure - it’s not just money that can be compromised, but lives and national security.
With stakes this high, only the best talent should be called in to combat the threats that are already here and those still emerging - and this is at the heart of why Dr Murray believes we need diversity in cyber security now more than ever.
The gender gap investigation
Several years ago, Dr Murray set out to answer the question ‘at what stage did we say cyber was for boys?’
He first began this investigation at a Year 9 careers day. He later ran a classroom experiment where he delivered separate sessions, one for boys and one for girls, to see if removing 'the gender' would encourage higher levels of female participation.
Sure enough, it did, and the experiment was a success, with a strong incentive: he has helped create a cybersecurity pathway for girls that involves a combination of TAFE and university courses, leading to six-figure salaries.
The skills shortage paradox
The next problem? Qualified graduates are leaving university ready and willing to work, but unable to find jobs.
This isn't surprising when entry-level positions are asking for five or more years’ experience. Naturally, employers are recruiting from the IT industry, which is still considered interchangeable with cybersecurity, despite the latter being a wholly different area of practice.
“We don’t have a job shortage, but rather a skills shortage,” argues Dr Murray. "It's like saying auto-electricians and mechanics are interchangeable. They both work on cars but that’s where the similarities end.”
Despite many advances, the IT industry is still heavily male dominated, further perpetuating the myth of cyber being ‘for boys’.
Cyber holds the keys to the castle
Cyber security is relatively immature as a field, having only been around a decade with no defined role standards. And by Dr Murray’s own admission, "The cyber person in any organisation has keys to the castle," which is why those organisations are overly cautious in who they appoint.
Take for example REDSPICE (Resilience, Effects, Defence, SPace, Intelligence, Cyber, Enablers), which is an Australian Signals Directory initiative to place 1,900 cyber experts nationally, with an anticipated 200 slated for WA.
The question Dr Murray asks is where are they coming from?
“We here in Western Australia are uniquely positioned at the forefront of cybersecurity education, thanks in no small part to Edith Cowan University (ECU).
“ECU is an innovative pioneer in the ‘cyber’ space and with the synergies it has created with partners, government and industry, the university is firmly placed as a leader in the sector.
“However, as we celebrate its incredible achievements, we must also acknowledge a significant challenge: a high percentage of these highly skilled individuals, crucial to filling Australia's talent gap, face a lengthy and complex process to obtain citizenship, and for some, permanent residency or citizenship may not even be a possibility.”
The human element: why diversity matters
Social engineering — one of the more insidious forms of cyber-attack — has repeatedly shown that humans are always the weakest link.
“We are naturally inclined to trust people unless they give us a reason not to," says Dr Murray.
The antidote to this, he believes, is diversity. The variation in minds working on cyber problems is key to keeping us safe, since different perspectives are capable of catching different threats.
What businesses should know
Ultimately, Dr Murray believes that cyber needs to be seen as an investment instead of an overhead, and that there is urgency for this shift to happen.
After all, our society, including critical infrastructure, the economy and national security, depends on diverse cyber talent.
“The opportunity is primed right now, for us to break down barriers before they become entrenched and this responsibility lies with business leaders, educators, and parents collectively,” he says.
And the time couldn’t be better, while the still fledgling field of cyber is young, to change the trajectory for our girls.
–-
Cecily Rawlinson is the Director of CyberWest Hub, Western Australia’s central force for advancing cyber security. The Hub is committed to strengthening the state’s cyber industry, developing a future-ready workforce, and raising cyber awareness across all sectors of the economy. For more information, you can get in touch with Cecily at director@cyberwesthub.au.
Dr Glenn Murray is one of many experts that exist in Perth to support companies with their cyber security and data privacy challenges. CyberWest Hub is connected to a range of local experts - find out more at https://www.cyberwesthub.au
