Emeritus Professor William Caelli
Queensland University Of Technology
Professor William J (Bill) Caelli, AO is an Emeritus Professor of the Queensland University of Technology and an Adjunct Professor at Griffith University. He has over 53 years industry, research and education experience in information and data network technologies of which over 43 years have been in cybersecurity in Australia and overseas. His interests lie in areas of cryptology and its application, trusted systems and networks and management/policy/legal aspects of information security as well as cyber-conflict studies. He was a Co-founder of ERACOM Pty Ltd (originally Electronics Research Australia Pty Ltd) in 1979 as well as the Foundation Director of the Information Security Research Centre (ISRC) at QIT/QUT in 1988. The ISRC was one of the world’s first dedicated interdisciplinary cybersecurity education and research centres, later incorporated into its Information Security Institute (ISI). At the invitation of the then Attorney-General of Australia, he became an inaugural member in 2003 of the IT Security Expert Advisory Group (ITSEAG) established under the Australian Government’s Trusted Information Sharing Network (TISN) He later was a Director/Founder of International Information Security Consultants Pty Ltd (IISEC). He has been a member of IFIP’s Technical Committee 11 (Information Security) since 1984, being its Chair for 6 years ( and was a Board Member of the USA’s Colloquium for Information Systems Security Education (CISSE) based in Maryland, USA, for over 6 years as the only non-US citizen ( In 2007 he was made the world’s first Fellow of (ISC)2 ( He received the "William Hugh Murray Founders' Award" from the USA’s Colloquium for Information Systems Security Education (CISSE) “for his outstanding contribution to information assurance education” and in 2017 he received the CISSE “Founders’ Medal”. He has published extensively in the area and has been a consultant nationally and internationally, including participating with Rand Corporation activities in the USA and Sparkasse Information Zentrum in Germany. He received his PhD in 1972 in Nuclear Physics from the Australian National University and was made an Officer in the Order of Australia in 2003. His latest book, with Prof Janczewski of the University of Auckland as editors, entitled “Cyber Conflict and Small States” was published in 2016. Bill-Caelli-AusCERT2018-08-wjc-slidesnotes

Cybersecurity Education in Australia - Where to for 2018?

The claimed “job crisis” in cybersecurity, both in Australia and worldwide, has been widely reported with global vacancy figures of over 1 million positions quoted by Forbes magazine/CISCO as follows: (URL “A report from Cisco puts the global figure at one million cybersecurity job openings. Demand is expected to rise to 6 million globally by 2019, with a projected shortfall of 1.5 million, says Michael Brown, CEO at Symantec, the world’s largest security software vendor”. Both the USA and UK have responded over varying time periods with marked support for cybersecurity education at the traditional university level, e.g. the USA’s “Centers of Excellence (CAE)” and the UK’s “Academic Centres of Excellence (ACE)”programs with substantial financial backing from government. A similar, but very much smaller, response has come from the Australian Federal Government, the ACCSE. This presentation considers the situation in Australia in 2018 in relation to education/training needs for cybersecurity professionals and looks toward the near future. It draws upon previous papers/presentations at the 2017 conference of the USA’s “Colloquium for Information Systems Security Education (CISSE)” and the University of NSW (ADFA) “Realigning Cyber Security Education” workshop of November 2017 supported by the office of the Australian Prime Minister and Cabinet. Cybersecurity education and training efforts in Australia may be broadly divided into differing sets of activities, viz.Traditional / Non-Traditional Tertiary Academic Institutions:
  • University postgraduate programs
  • University undergraduate programs
  • TAFE programs (Technical and Further Education)
  • RTO programs (Registered Training Organisations)
  • MOOCs (with University/tertiary institution affiliation)
  • MOOCs ( without university/tertiary institution affiliation)Industry Certification:
  • NFP (Not-for-profit) organisations
  • ICT industry enterprisesThis presentation, while alluding to all the above offerings, concentrates on the first three of these, viz. the main tertiary academic offerings. Recent discussion has been directed at so-called “work ready” requirements for students and the role of the traditional tertiary institutions, particularly universities. This presentation considers that sentiment when related to cybersecurity expertise against recently re-stated goals of Australian universities versus the goals of TAFE as well the responsibility of employing industry/businesses themselves in regard to on-the-job training.The presentation identifies the various parameters needed to assess cybersecurity education in Australia, including:
  • Levels of funding available at Federal, State and industry levels,
  • Availability of suitable, experienced and educated teaching staff along with programs for the continued maintenance and upgrading of their skills,
  • Teaching versus research programs in cybersecurity,
  • Provision of necessary levels of suitable laboratory equipment and systems with associated support staff.In particular, this presentation presents an assessment of necessary curricula in the area in an Australian situation whereby practically all ICT hardware/system software components and many service provisions are imported or hosted overseas necessitating the ability to assess supply chains in relation to cybersecurity imperatives and emerging legal requirements such as “breach notification” requirements, etc.