Academy Xi Blog

Market update: Penetration Tester demand and salary in Australia, 2022

By Academy Xi

Share on facebook
Share on linkedin
Share on twitter

Cyber attacks are rapidly rising with a 125% increase in 2021, costing businesses an average of $4.35 million USD per breach. The demand for ‘ethical white hat hackers’ has never been higher, as corporations double down on getting their cyber defences sorted. Discover where ‘Pen Testers’ fit into the big picture.

Penetration Tester Demand 

It is anticipated that an additional 16,600 cyber security professionals will be needed nationally by 2026, including penetration testers.

Penetration Tester Salary

The average annual salary for Penetration Tester jobs in Australia ranges from $120,000 to $170,000.

Penetration Tester Skills

Industry-focused, practical training will ensure you’re equipped with the right skills and mindset.

The pandemic undoubtedly added rocket fuel to the levels of cyber crime, with ransomware and data theft being the forerunners. As a result, businesses are seeking cyber professionals in-house and as contractors en masse. 

Recent research commissioned by CyberCX and conducted by independent think tank, Per Capita, reveals there will be a staggering lack of qualified cybersecurity professionals over the next four years, to the tune of 30,000 unfilled positions nationwide.

If a future in penetration testing has been calling you – now is the time to act.

What do Pen Testers do?

what do pen testers do Australia

Penetration Testers, often referred to as ‘Pen Testers,’ are responsible for running pre-planned and authorised simulations of cyber attacks, carried out on IT infrastructures to evaluate current levels of security. 

Running such a simulation can reveal any system vulnerabilities which need addressing to bolster the framework and make it more resilient against hackers.

This proactive approach to cyber security can involve using a range of hacking tools and techniques, with the pen tester acting in the role of hacker in an attempt to find any system holes that a real cyber-crime could exploit. 

Pen Testers need to document their entire process to develop a penetration test report, which can be shared with relevant stakeholders to highlight the current state of security and where different levels of action or monitoring are required. 

Daily responsibilities will vary depending on the industry and organisation, but some common tasks include:

  • Researching different attack strategies and tools
  • Reviewing code for potential vulnerability 
  • Automating testing approaches to increase efficiency
  • Ongoing documentation of any compliance threats
  • Development of pen testing methods
  • Conducting ongoing testing after security improvements 
  • Generating reports of findings 

Are penetration testers in demand in Australia?

It is anticipated that an additional 16,600 cyber security professionals will be needed nationally by 2026, including Penetration Testers.

The table below demonstrates the cyber security workforce need and shortfall forecast for Australia by 2026.

Penetration tester salary in Australia

As with many occupations there are a range of factors that can impact earning capacity such as experience, location, training and qualifications.

The average annual salary for Penetration Tester jobs in Australia ranges from $120,000 to $170,000, with Canberra, Sydney and Melbourne based roles being the highest paid.

Be mindful that we are talking in-house positions and there are likely many that can be performed remotely, from wherever you’re located.

Junior pen tester salary

Depending on the industry and organisation, some entry level Pen Tester salaries can start at around the $90,000 mark.

Senior pen tester salary

Those with more industry experience can command salaries of $175,000 and up as Penetration Testers. 

Can penetration testers work as a freelancer?

Yes. Freelancing can provide freedom and flexibility, but it isn’t recommended as a starting point for your pen testing career. By taking on in-house positions within cyber security, you will gain a breadth of experience, meet a range of people within the industry and ultimately ‘cut your teeth’ with the pros. Venturing into freelance before establishing a solid foundation can prove to be a lot more challenging, as you will likely not have the industry contacts, which can be helpful when securing your initial clients. 

What skills do you need to be a penetration tester?

penetration tester skills Australia academy xi

First and foremost, a willingness to be continually learning is an important attribute for anyone wishing to delve into the world of penetration testing, or cyber security in general. 

The playing field is forever changing, requiring constant research and investigation. Specifically, key skills include knowledge and a working understanding of:

  • Coding
  • Programming languages (Python, Ruby, Java, Perl, BASH)
  • IT security technologies
  • Threat modelling 
  • Penetration testing management platforms
  • Computer networks and capabilities
  • Components of different networks
  • Security assessment tools
  • Remote access technologies
  • Vulnerabilities and exploits beyond tool suites

In addition to the above skills, it’s also important to have excellent communication skills, both written and verbal, so you can present your findings effectively and with impact to all relevant stakeholders. 

Similar specialisations and career paths

  • Information security analyst
  • Security software developer
  • Security architect
  • Security engineer

How to become a penetration tester Australia

Pen tester demand and salary australia

Ensuring you have industry-ready skills is definitely required to break into penetration testing. While it is not uncommon for pen testers to have tertiary qualifications, such as a Bachelor of IT or computer science, it’s actually hands-on industry experience that will be appealing to most employers.

By fast-tracking your training with industry-built, practical and outcomes-focused courses, you will graduate job-ready in a fraction of the time it would take you to complete a degree, getting you out into the working world at pace.

Our Cyber Security Engineering: Transform course will ensure you are equipped with the skills needed to enter the world of penetration testing with confidence. The course can be completed part-time in 10 months, with practical learning, expert mentoring and 1:1 career coaching.

If you have any questions, our experienced team is here to discuss your training options. Speak to a course advisor and take the first steps in your penetration testing journey.

Academy Xi Blog

Network security: The different types of network protection

By Academy Xi

Share on facebook
Share on linkedin
Share on twitter

A set of technologies and processes that are used to protect the integrity of a company IT infrastructure from potential cyber threats is known as network security. Let’s explore the different protections available on today’s market.

It’s no secret that major corporations are being plagued by cyber attacks on a regular basis, with ongoing media reports covering the breaches. However, many breaches are occurring that the general public may not be privy to.

While the Australian government is taking an honest look at its cybersecurity frameworks and policies, companies cannot rely on these initiatives alone. 

What is certain is that network security should be a top priority for all businesses, particularly those who hold significant quantities of personal data for their clients, customers and staff, or any other sensitive information that might be attractive to a hacker.

In this article we will take a look at the following:

  • What is a network security key?
  • Benefits of network security
  • Types of network security protections
  • How to get into Cyber Security

What is a network security key?

What is a network security key

To access a local area network, a code or password is required. The most common everyday use for this form of protection are personal Wi-fi network keys, used to access your home internet connection. The goal of having a network security key is to create a secure connection which is only accessible for authorised users.

Benefits of network security

While there are many benefits to having quality network security in place for any business or organisation, some of the biggest pluses are as follows:

  • Risk mitigation

Network security will ensure your business is compliant with any regulations and support your organisation if a breach does take place.

  • Modernises workplace IT

Many businesses who didn’t have network security in place pre-pandemic quickly became well versed on the topic when they were pushed to implement it for remote teams. Network security allows colleagues to collaborate from afar without risk to company systems and data.  

  • Information protection 

No surprises here, but one of the key benefits of network security is minimising risk of unlawful data access. Clients, customers, staff and any other stakeholders need to know that businesses are doing what they can to protect their data.

Types of network security protections

Thankfully, there are a range of network security protections available these days. However, as hackers devise more sophisticated breach techniques, all options need to be regularly tested and updated with the latest versions to stay on top of emerging threats.

  • Firewalls

A network’s first line of defence, firewalls are set to monitor potential incoming threats and are measured against a set of rules established by network administrators. Think of a firewall like a bouncer for your network. 

  • Email security

Deemed as being the most common network security threat, email security applications essentially work to block any incoming threats. These threats most frequently appear in the form of links, which if clicked, download malware, or ignite a phishing attack.

  • Data loss prevention (DLP)

If you’ve ever found yourself unable to upload, download, forward or share a file while working within an organisation, this could be data loss prevention technology (DLP) in action. DLP intentionally disables individuals from being able to share information, particularly if it is classified, with anyone outside of the network.

  • Behavioural analytics

Network administrators use analytics tools to gain a picture of how users typically behave within the system. These tools also enable any unusual activity to be identified, as it could be the beginnings of a possible security threat. By identifying unusual behaviour early on, administrators are able to mitigate issues before they become a larger threat.

  • Application security

Every time a new application or third-party system is integrated into a network, it is vital that it is vetted to avoid the possibility of infiltration from another unknown and potentially unlawful network. This vetting process is the essential aspect of application security. 

  • Antivirus and anti-malware software

You’re likely familiar with some of the anti-virus and anti-malware software on the market. The role they play in network security is to continuously scan and monitor the network it is installed in, spotting any suspicious activity. This in turn adds a level of protection against potential cyber threats.

  • Access control

While many users may need to be able to access a network, not everyone will need the same level of access. Users need to be classified into groups, with each having predetermined levels of access to relevant sections of the network. This will apply to the individual user, as well as to the devices connected to the network.

  • Cloud network security 

Increased efficiencies and productivity are the drawcard for businesses moving to the cloud, but this shift also presents data risks. Cloud computing security needs to be integrated and often includes encryption-based measures. 

How to get into Cyber Security

Whether you’re looking to upskill or reskill, practical, hands-on training is the fastest way to get into Cyber Security

We offer flexible training options to suit your lifestyle, with our Cyber Security Engineering: Transform course seeing you graduate job-ready in only 10 months.

Training with Academy Xi will enable you to develop a full suite of must-have skills for the world of Cyber Security, giving you the chance to:

  • Develop Cyber Security technical and critical thinking skills
  • Perform risk assessments and implement countermeasures
  • Deliver security reports to stakeholders
  • Access industry-experienced mentor sessions
  • Present your project to an expert panel at an industry showcase
  • Prepare for the CompTIA security+ exam
  • Access 24 weeks of guidance from a Career Support Program that helps 97% of graduates straight into industry roles

Want to discuss your training options? Speak to a course advisor today and take the first steps in your Cyber Security journey.

Academy Xi Blog

The Optus and Telstra cyber attacks and the importance of Cyber Security

By Academy Xi

Share on facebook
Share on linkedin
Share on twitter

Being labelled as ‘one of the worst data breaches in Australian corporate history’, the recent cyber attack on Optus has left many anxious customers in its wake. This article explores the recent Optus and Telstra attacks and why Cyber Security is so important. 

It has been a double whammy recently for Australian telco companies getting blindsided by cyber attacks, resulting in millions of Australian Optus customers lining up to get licences, passports and medicare documents reissued to protect their personal data and to prevent identity theft. Telstra, only days later, also experienced a data breach involving the data of 30,000 employees being leaked.

For good reasons, Cyber Security is now taking centre stage and becoming a major concern for everyone in Australia, from individuals through to major corporations.

What is a cyber security attack?

Whenever a system or network is accessed by a third party without proper authorisation it is referred to as a cyberattack, with the individual or team behind the breach referred to as a hacker or cyber attacker. 

Cyber attacks can have a number of undesirable outcomes for companies, including anything from data theft impacting customers, through to internal embezzlement and loss of money. The sting on the business bottom line, reputational damage and loss of customer base are just some of the negative effects a cyber attack can have on a company.

Types of cyber attacks

types of cyber attacks

Increasingly, there are more varieties of cyber attacks being created by hackers and discovered by Cyber Security Professionals. While there are several types of attacks commonly carried out, here’s the top three.

  • Malware

A malware attack is a frequent go-to for hackers and refers to the malicious software viruses including ransomware, spyware and trojans. 

The basic tactic of malware is to seek out vulnerability in a network or system. Generally it will be triggered by a user clicking on a link, which sets off the download of an email attachment. In the case of ransomware, a user’s access to different components of their network or systems will be blocked.

Spyware comes in the form of software, which when downloaded can steal all of a user’s data, often without user knowledge, with trojan viruses posing as genuine software and resulting in the same outcome.

  • Phishing 

Another heavily used approach by hackers is known as phishing. Cyber criminals essentially pretend to be a known and trusted contact, writing and sending emails to users. If the user opens and reads the email and clicks on the link within it, this will result in the hackers gaining access to the user’s accounts and associated data. Malware can also be installed via this tactic. While some attempts at phishing may be very obvious, there are many becoming more sophisticated and harder to detect. 

  • SQL injection 

Cyber criminals are increasingly using Structured Query Language (SQL) injection as their doorway to gaining system access to manipulate databases. Administrative rights can also be accessed with this approach. 

Essentially, the hacker injects code into what they determine to be a vulnerable search function box on a website, which if not protected, will force the system server to display important data. 

The Optus Cyber Security attack – what went wrong?

Word on the street is Optus accidentally gave public access to an unprotected API, causing the vulnerability in its network. Human error, system faults and other ‘unknown reasons’ are also on the hit list for what went wrong as the investigation continues. 

The reality for Optus and many older companies is that they have a combination of original computer systems from when they were first established, alongside much newer systems. The mish-mash of old and new can often lead to inconsistencies in security measures, which can lead to higher rates of network vulnerability.

The Telstra Cyber Security attack – what went wrong?

Just days after the Optus cyber security breach, Telstra was making headlines with the data of over 30,000 past and present employees being leaked. It has been reported that it was a third party who ran a rewards program for the organisation staff which was attacked.

Data scraping is the approach that’s claimed to have been used during this latest round of telco hacking, which is when old information is grouped together in the hope it can be sold as current data. The cause of the breach is still being investigated, but resulted in basic data such as names and email addresses being leaked. 

The importance of Cyber Security

The recent cyber attacks on Optus and Telstra underline why Cyber Security is a must-have for companies of all sizes with. As well as protecting them from reputation-destroying data breaches, a strong Cyber Security posture will shield businesses from massive financial losses. 

For Australian businesses, the average price tag of a data breach is $3.35 million (a 9.8% increase year-on-year). Beyond this initial cost, the financial impacts of a cyber attack are reported to last several years after the attack, while there are other long-term detrimental effects, such as the reputational damage and potential loss of customers. 

All this means safeguarding company data and investing in quality Cyber Security measures is crucial. With ongoing digital transformation across all industries, the demand for Cyber Security professionals greatly outweighs supply.

How to get into Cyber Security

Completing practical, hands-on training in cyber security is a great way to take your first steps on this career path. Whether you’re already an IT professional seeking to upskill, or keen to launch a tech career from scratch, ensuring you have the essentials under your belt is the best way forward. 

Our Cyber Security Engineering: Transform course will give you technical skills and strategic mindset that today’s Cyber Security Professional needs, taking you from beginner to job-ready, and also coming with access to a Career Support Program that helps 97% of graduates straight into the industry. 

If you have any questions, our experienced team is here to discuss your training options. Speak to a course advisor today and take the first steps in your Cyber Security journey.

Academy Xi Blog

A beginner’s guide to Cyber Security, 2022

By Academy Xi

Share on facebook
Share on linkedin
Share on twitter

Are you new to the world of Cyber Security? This beginner’s guide will give you the latest information about one of Australia’s fastest growing industries and help you kickstart a lucrative career as a Cyber Security Professional.

Why is Cyber Security important?

A cyber attack can be launched from any location and normally involves a cyber criminal gaining illegal access to data, or causing damage to online devices, networks, or systems. Believe it or not, an average of 185 cybercrime reports are made in Australia every day – that’s more than 1 report every 10 minutes! 

Average cyber crimes a day in Australia infographic

Businesses of all sizes can become the victim of a cyber attack, often resulting in serious consequences for customers. A Cyber Security expert at the University of New South Wales, Canberra has estimated that cybercrime costs the Australian economy as much as $42 billion each year. 

Optus and Telstra were the subjects of well-publicised cyber attacks in 2022.  These breaches resulted in the disclosure of private customer Information, including email addresses, Medicare card details and driver’s licence and passport numbers. 

Cyber Security is the strategic application of controls, processes, software and technologies to protect networks, systems and devices from cyber attacks. 

Why are Cyber Security Professionals important?

In a world where more and more of our business and social lives are carried out online, the role of Cyber Security Professionals is growing in importance and stature.

Cyber Security Professionals are responsible for implementing security best practices and countermeasures to eliminate, or at least drastically reduce the risk of cyber attacks.

Cyber Security expert working on a computer

Common types of cyber threats

Modern cybercriminals are highly inventive in their attack methods, always striving to find new ways to infiltrate and abuse online resources. Some of the most common types of cyber threat include:

Phishing – This involves sending fraudulent emails purporting to be from reputable companies, which are used to convince people to disclose personal information such as passwords and bank details.

Malware – Short for malicious software, malware is a file, program or piece of code that’s designed to disrupt, damage, or gain unauthorised access to a computer system. Malware can be programmed to perform just about any illegal action that a hacker wishes. 

Ransomware – This is a particular type of malware that’s used by hackers to block access to a computer system, or threaten the publication of private data unless a sum of money is paid to the cybercriminal. 

Viruses –  This is a type of malicious program or code that’s designed to spread from one computer to another. A virus attaches itself to a legitimate program to execute its code and normally harms the system by stealing, corrupting or destroying data. 

Trojans – A Trojan is a file or program that appears to be legitimate and safe, but is actually malware used to steal data or spy on victims. Many Trojans will also download additional malware once they’ve been opened or installed.

Adware – This is a form of malware that hides on your device and serves you advertisements. Some forms of adware will also monitor your online behaviour, gather data without your permission and target you with specific ads.

Man-in-the-middle-attack This involves a hacker secretly intercepting and relaying messages between two parties who believe they are communicating directly with each other. As a type of eavesdropping, this often involves the victim passing sensitive information to the attackers.

Who could be a cyber threat?

These days, cyber threats can originate from a range of sources and involve many different kinds of ‘actors’ (in Cyber Security jargon, an ‘actor’ is the person responsible for committing a cybercrime). Some of the people who are most commonly responsible for perpetrating cyber attacks include:  

  • Lone hackers
  • Corporate spies
  • Hacktivists
  • Terrorist groups
  • Hostile nation-states
  • Criminal organisations
  • Disgruntled employees/ex-employees

Best practices to counter cyber attacks in 2022

Best Cyber Security Practices infographic

You don’t have to be a fully-fledged Cyber Security Professional to implement a high level of Cyber Security. A few simple steps that anyone can follow to secure their workplace or business include:

  • Enable multi-factor authentication. Multi-factor authentication is a security measure that requires two or more proofs of identity to grant access.

As well as passwords and passphrases, multi-factor authentication relies on:

    • Random pins
    • Biometrics / fingerprints
    • Authenticator apps
    • Emails
    • SMS messages
  • Use strong, varied passwords and passphrases. In cases where multi-factor authentication is not available, a strong password or passphrase can be the last line of defence between hackers and your online accounts. 

Passwords and passphrases are most effective when they are long, unpredictable and unique. It’s best to include a mixture of letters, numbers, punctuation and symbols.

  • Use anti-malware software. Anti-malware is a type of software that protects computers and systems from malware, such as spyware, adware, and worms. Anti-malware scans your system in real-time to filter out all types of malicious software. It will also block any suspicious installations that attempt to change your computer’s settings or access unauthorised areas of your network. 

Types of Cyber Security

Cyber Security takes many forms and to cover all of its bases, an organisation should develop a comprehensive plan that addresses all of these major types of Cyber Security:

Network security – Network security is a broad term that covers a range of processes and technologies used to defend a network. This involves a set of rules and configurations that are implemented to protect the accessibility and confidentiality of a computer network and its data.

Application security – This is the process of using security software, hardware and best practices to protect computer applications from external threats. Incorporating application security into the life cycle of an app enables development teams to design more secure end products. 

Infrastructure security – This is the practice of protecting critical systems and online assets against cyber threats. This typically covers hardware and software, such as end-user devices, data centre resources, networking systems, and cloud resources.

Cloud security – Also known as cloud computing security, cloud security is a series of security measures designed to protect cloud-based infrastructure, applications, and data. Cloud security measures ensure user authentication, data and resource access control, and protect the privacy of data.

Mobile security – Mobile security is the protection of smartphones, tablets, and laptops from threats associated with wireless computing. In a world where many people work remotely, mobile security has become increasingly important. Security measures include multi-factor authentication, data encryption and the ability to wipe or lock stolen devices.  

Data security – Data security is the practice of protecting digital information from unauthorised access, corruption, or theft throughout its entire life cycle. An example of data security would be using encryption techniques to prevent hackers from using your data even if it’s breached.

Cyber Security career prospects in Australia

The Australian Cyber Security market is forecast to increase in value to US$5.8 billion by 2024, growing at a rate of over 8% annually. As a result, the demand for skilled Cyber Security Professionals in Australia has never been higher and is set only to rise. Seek is currently advertising 1,959+ roles nationally.

Cyber Security career prospects in Australia infographic

For a detailed breakdown of industry statistics, the latest trends and your earning potential as a Cyber Security Professional, read our full Cyber Security Market Update.

How to get into Cyber Security in Australia

When it comes to breaking into the Cyber Security industry, there’s no bypassing the need for a formal certification. 

Cyber Security is a highly technical field that calls for proficiency with the latest technology and software, while you’ll also need a firm grasp of Cyber Security best practices, risk assessment, threat intelligence and governance. To add all these skills to your toolbox, you’ll need formal training. 

There are a range of options when it comes to earning a certification in Cyber Security, including university degrees which normally take three years to complete. For those looking to transition into the industry more swiftly, short and condensed bootcamp-style courses can be a great option. 

What Cyber Security courses does Academy Xi offer?

Our new Cyber Security Engineering: Transform course gives you the skills employers are searching for and takes you from beginner to job-ready in just 10 months. 

You’ll develop a full spectrum of Cyber Security skills and get the chance to:

  • Develop the technical and critical thinking skills required of today’s Cyber Security Professionals
  • Perform risk assessments and implement countermeasures
  • Deliver Cyber Security reports to management and stakeholders
  • Access 1:1 sessions with an industry-experienced mentor 
  • Present your capstone project to a panel of experts at an industry showcase
  • Prepare for the CompTIA Security+ exam and earn a globally recognised certification*

Best of all, you’ll get access to 24 weeks of guidance from a Career Support Program that helps 97% of graduates straight into the industry!  

Want to discuss your transferable skills and course options? Speak to a course advisor today and take the first steps in your Cyber Security journey.

Search our website

Find the right course