Cyber vs Privacy jobs: Are we repeating the same mistakes?

Listen to SecureCIO Podcast with Dr Jodie Siganto talking about privacy jobs

As a keen observer and researcher into the Australian cyber security skills shortage for many years, I’ve more recently been following the trajectory of privacy jobs in Australia.  It was great to chat with Claire Pales on #TheSecureCIO Podcast about our research and some of the implications for cyber and privacy practice. In particular, although there are some differences there are also many similarities which lead to the inevitable question: will we make the same mistakes in privacy as we did in cyber security?

Initially for AISA and then as part of on-going research, I tracked job ad’s for cyber security positions in Australia, comparing the data from the ad’s to survey responses from cyber security practitioners. More recently, the team at Privacy 108 has been doing the same for privacy and data protection positions.  This analysis helps match the evidence from job ad’s against the reported experience of professionals.

There were many similarities in the analysis of cyber and privacy jobs. These include:

  • Experience is the key requirement in almost every advertised position. There are very few entry-level jobs.
  • There is little consistency in job titles or descriptions of the skills required for different positions. Almost every job had a different title and different expectations re sills.
  • Most positions are in either Sydney or Melbourne with very few regional jobs.

However, there are also some key differences:

  • In cyber security, there was little evidence of upward pressure on wages or high turn-over of staff (traditional indicators of a skills shortage). However, there are signs of increases in salaries and staff churn in the privacy space.
  • The biggest advertiser for privacy jobs is government. This is consistent with privacy being a more obvious compliance issue for government agencies, with statutory obligations to be met.
  • While security positions tended to be either technical or compliance focused, legal practitioners have a greater role in privacy.

What does this mean?

To help develop the privacy skills and capabilities required by Australian organisations and to help position Australia as a lead in the Asia Pacific there are some things we can do. These include:

  • Developing a privacy roles and skills framework;
  • Engaging employers, recruiter and educators to understand and agree on the different roles and skills requirements for privacy across their organisations;
  • Developing training and skills programs to meet the skills requirements identified, with clear career paths providing entry into the privacy profession.

My episode is live this month (April 2020). Catch it here or wherever you get your favourite podcasts. For information on my episode and all of the guests, head to

Download a copy of our latest report on privacy jobs here.

Download a copy of results from our survey of privacy practice in Australia here.

At Privacy 108, we are passionate about privacy and data protection. We work with organisations to ensure they collect, use and secure all information in a way that is both compliant and meets community expectations. Privacy 108 is a law firm. Our team of lawyers can provide specialist legal advice on privacy and security issues.