{"id":225659,"date":"2026-06-03T21:04:00","date_gmt":"2026-06-04T01:04:00","guid":{"rendered":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/03\/australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need\/"},"modified":"2026-06-04T00:10:15","modified_gmt":"2026-06-04T04:10:15","slug":"australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need","status":"publish","type":"post","link":"https:\/\/testing.news-you-need.com\/index.php\/2026\/06\/03\/australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need\/","title":{"rendered":"Australia\u2019s cybersecurity workforce problem: language that repels the people we need"},"content":{"rendered":"<p><a href=\"https:\/\/www.aspistrategist.org.au\/australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need\/\">Australia\u2019s cybersecurity workforce problem: language that repels the people we need<\/a><\/p>\n<p><a href=\"https:\/\/www.aspistrategist.org.au\/australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need\/\">https:\/\/www.aspistrategist.org.au\/australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need\/<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-06-03 21:04:00<\/a><\/p>\n<p>Source Domain: <a href=\"www.aspistrategist.org.au\">www.aspistrategist.org.au<\/a><\/p>\n<p>Author: <a href=\"\"><\/a><\/p>\n<p> Using an unordered list, summarize the following article with between 4 and 8 key points. Australia has a cybersecurity workforce problem, and part of the explanation is hiding in plain sight: the language of the field actively repels the people we need. Last year, I was on a panel for the Canberra Cyber Hubs Career Symposium, discussing career pathways with an audience of high school students. When one panelist mentioned working as a penetration tester, a male student in the audience started sniggering. I remember thinking little of it at the time. But later I reflected on the term itself: why did we name that job \u2018penetration tester\u2019? When examined, it carries connotations that have nothing to do with the work.I have nothing against penetration testers. We need more of them. But the naming choice is symptomatic of something larger. Language in cybersecurity is deeply masculine or militarised. Consider the standard vocabulary: man-in-the-middle attack, kill chain, brute force. The list goes on. The problem is not merely aesthetic. Militaristic language creates the professional culture it describes \u2013 one that reads as homogenous, combative and accessible only to those fluent in combat jargon.This framing was, in part, a deliberate institutional choice. In the early 2000s, the US Department of Defense shifted from information warfare to the cyberspace domain. By the late 2000s, cyberspace was officially defined as a \u2018global domain\u2019 within the information environment. The move was strategic: it gave the military legitimate authority to operate there, just as it does in physical spaces. But it also handed cybersecurity a conceptual vocabulary that has since shaped professional culture far beyond defence institutions and narrowed who feels entitled to work in the field.That narrowing has real consequences. It feeds the hacker-in-a-hoodie stereotype and perpetuates the misconception that cybersecurity belongs to those who write code and think in adversarial terms. This ignores the reality of modern cybersecurity practice, where effective defence sits at the intersection of governance, risk, psychology, law and public policy. It overlooks the reality that, ultimately, a field that defines itself through combat metaphors alone will struggle to recruit \u2013 and retain \u2013 the multidisciplinary talent that the complex, challenging and changing threat environment demands.The definitional problem runs deeper than culture. A study conducted by the University of Sydney found that even experienced cybersecurity professionals could not agree on the field. Women interviewed were more likely to include e-safety \u2013 including stalking, image-based abuse and digital surveillance \u2013 as a core cybersecurity concern, while male respondents were more likely to exclude it.That divergence is not merely academic. That is because if practitioners define the field differently, they model threats differently, and they leave gaps.Language also shapes who enters the profession in the first place. Research from Monash University examining IT and software engineering job advertisements found specific patterns of linguistic bias: male pronouns, references to \u2018rockstar\u2019 candidates, and analytical terms statistically associated with male applicants.Researcher Carol Cohn has documented the same dynamic in defence intellectual culture. Despite genuine expertise, she found that speaking in plain English rather than \u2018techno-strategic jargon\u2019 caused her interlocutors to treat her as uninformed. The barrier was not knowledge but rather language used as a credentialing mechanism, one that sorted insiders from outsiders before the argument began.Australia faces a sustained cybersecurity workforce shortfall. Addressing it requires more than pipeline programs and graduate schemes. It requires interrogating the professional culture those pipelines feed into, starting with the language that defines it. That means professional bodies, government and educational institutions revisiting how they define the field, how job standards are written and what vocabulary they treat as the baseline of competence. Given cyberspace is a global domain, the language we use to govern it should reflect that \u2013 and the full range of people capable of defending it.<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Australia\u2019s cybersecurity workforce problem: language that repels the people we need https:\/\/www.aspistrategist.org.au\/australias-cybersecurity-workforce-problem-language-that-repels-the-people-we-need\/ Publish Date: 2026-06-03&#8230;<\/p>\n","protected":false},"author":1,"featured_media":225661,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.aspistrategist.org.au\/wp-content\/uploads\/2026\/06\/GettyImages-1458045238.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35],"class_list":["post-225659","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker"],"_links":{"self":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225659"}],"collection":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=225659"}],"version-history":[{"count":1,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225659\/revisions"}],"predecessor-version":[{"id":225662,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/225659\/revisions\/225662"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/225661"}],"wp:attachment":[{"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=225659"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=225659"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/testing.news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=225659"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}