Interactive has highlighted its Work Integrated Learning programme with Edith Cowan University as a pathway into cyber security jobs, saying the scheme has placed 20 graduates over the past five years.
The programme places students in operating security environments before they finish university. One participant, Tarquin Bick, entered the sector through the scheme and joined Interactive partner Slipstream Cyber as a Cyber Defence Analyst. He later became Team Leader in the Security Operations Centre before moving into a Penetration Tester role.
The arrangement comes as Australian organisations face pressure on both cyber resilience and staffing. In a survey of mid-to-large organisations cited by Interactive, 23 per cent said they run a fully in-house security operations centre, while 41 per cent fully outsource the function to managed service providers.
The same survey found that three-quarters of organisations do not consider themselves well prepared for artificial intelligence. Interactive linked that result to a broader shortage of staff with practical cyber security experience.
Official reporting points to the scale of the problem. In the 2024-25 financial year, 84,700 cybercrime reports were submitted to the Australian Cyber Security Centre, an average of one every six minutes.
Interactive chief executive Alex Coates said the labour shortage reflects a mismatch between formal qualifications and practical experience.
"Australia is over-credentialed and under-experienced in this area," Coates said.
"You can't solve a cyber skills shortage with degrees alone. People need to get hands-on - to break things down and fix them again - and that's what the industry has been missing," Coates added.
Workplace training
Interactive's partnership with Edith Cowan University is intended to address that gap by placing students in live work settings. The model aims to give graduates exposure to operational demands before they seek permanent roles.
Bick said early-career workers in cyber security need to accept mistakes as part of learning. His comments reflect a broader debate in the sector over how quickly new entrants can become effective in roles involving live threats, incident response and testing.
"You have to make mistakes to grow. Fear of failure stops progress, so my advice to anyone starting out is don't wait for the perfect role or the perfect moment. Jump in, learn from your errors, and keep going," Bick said.
He also argued against narrowing career options too early. Cyber security hiring often separates roles into areas such as forensics, governance, risk and compliance, defence and testing, but employers increasingly value staff who understand how those functions connect.
"Don't box yourself into one area of cyber. Every role, whether it's forensics, governance, risk, and compliance or defence, gives you skills that will help in the next one. It's all connected," Bick added.
Skills gap
The shortage of experienced cyber professionals has become a recurring concern for businesses, public bodies and education providers. Employers have long reported difficulty filling roles that require technical knowledge as well as judgement formed under operational pressure.
Interactive said regional and vocational routes should form part of the response alongside university education. Coates argued that employers need to play a larger role in creating environments where people can learn on the job, rather than expecting fully formed candidates to appear in the market.
"Every employer, large or small, needs to start thinking differently about how it develops security literacy," Coates said.
"Regional and vocational pathways can help ease the shortage, but it requires a commitment from industry to create the environments where that learning can happen," Coates noted.
The emphasis on practical training reflects a broader shift in recruitment across technology and security roles. Companies are placing more weight on demonstrable experience and adaptability as threat volumes rise and teams face a more complex mix of outsourced services, internal operations and AI-related demands.
For Interactive, the university partnership offers a concrete example of that approach. For graduates, it provides work exposure that can shorten the gap between study and a full-time cyber security role.