“We are, quite simply, over-credentialed and under-experienced": Interactive CEO breaks down the cyber skills shortage
Alex Coates discusses the current hurdles cybersecurity presents organisations.
Cybersecurity continues be the top priority for CEOs and boards, and according to Alex Coates, CEO at Interactive the sustained demand is colliding with a workforce that hasn’t been developed fast enough or deeply enough to meet it.
“We are, quite simply, over-credentialed and under-experienced,” she told CRN Australia.
“We’ve done well at building awareness and qualifications. This is really about the need to give people hands-on experience in the cybersecurity domain – to put them into the real work that we live in every day.
“It’s not enough to have a certification if you haven’t operated in a live, high-pressure cyber environment.”
At a national level, Coates noted that there are growing capability gaps in critical infrastructure environments and in AI-specific security skills.
“If left unaddressed, these gaps increase risk to essential services that citizens and cities rely on and can amplify the impact of cyber incidents when they occur,” she said.
The ever-popular AI is widening the skills gap, not closing it.
According to Adapt, 75 per cent of Australian CISOs across a wide range of industries say they are not well prepared to securely adopt AI.
“That slows the pace of AI innovation, but it also exposes a deeper issue – a gap in governance, automation and model security skills,” Coates said.
“Even for organisations that have the budget and the tools, many are struggling to move because they lack people who can use these technologies safely and effectively. That’s where the gap is most painful.”
From Coates’ perspective, she said there is no role in our company as a technology provider where it makes sense not to be both AI-native and cyber-aware.
“The two are increasingly inseparable,” she explained.
“Cybersecurity is a profession in its own right and requires deep, specialist expertise, but there’s also no excuse for cyber not being ingrained into every role across an organisation. I can’t imagine a future where that changes.”
She added the same is true of AI.
“Cybersecurity and AI are becoming pervasive capabilities, skills that every role, at every level, needs to develop,” she said.
Impact on SOCs
CISOs are struggling with the lack of funding and resources, Matt Boon, Senior Research Director at Adapt said.
“CISOs are still dealing with insufficient staff, persistent skills shortages and the drag of legacy systems and complexity,” he said.
These challenges put pressure on CISOs to resource an internal security operations centre (SOC), pushing leaders to outsourcing a SOC.
“Interestingly, these same pressures have also led to SOC investment being deprioritised in favour of governance, identity and vulnerability management,” Boon noted.
“This isn’t a sign that SOC is unimportant, but rather that leaders are being forced to triage their focus and invest where they believe they can make the most immediate impact with the resources they have.”
As some organisations begin to outsource their SOC, the CISO Edge survey highlighted some clear signals.
According to Boon, it is helping organisations deal with immediate skills and staffing shortages.
“Giving teams access to tooling and expertise they would struggle to build internally as quickly,” Boon added.
Coates at Interactive said the real benefit of outsourcing is capability and visibility.
“When you work with a trusted local partner, you gain access to patterns of behaviour across the cyber landscape, not just what’s happening inside your own environment,” she explained.
“You benefit from industry-wide threat trends and insights that are very difficult to replicate inhouse at scale.”
At the same time, Boon said there are some warning signs.
“SOC continues to rank as the lowest strategic priority (on a scale of 1-10), which suggests many organisations are still operating in a reactive posture rather than building long‑term resilience,” he said.
“There is also a risk that heavy reliance on outsourced models slows the development of internal capability at a time when sovereignty, response speed, and organisational learning matters more than ever.”
Coates ended on a positive note for the sector, “The encouraging news is that the talent is out there.”
“This generation of young Australians has more access to test, trial, and learn about technology than any before them. Our responsibility, must be to build the pathways to let them in,” she ended.