The federal government must look beyond salary figures and promote its unique workplace advantages if it hopes to solve a critical talent drain threatening national security.
Although large public digitisation initiatives receive huge budget injections each year, Australian Information Security Association board member Scarlett McDermott said the human element is frequently left behind, leaving the agencies vulnerable to cyber threats.
To fix this, she said the public service needed to lean heavily into its often-overlooked non-financial advantages to draw elite talent away from the private tech sector.
According to Mrs McDermott, the public service offers superior leave packages, stable superannuation, better work-life balance and the rare opportunity to work on projects of national significance. With these, the bureaucracy can reshape its recruitment pitch.
"The jobs that we're talking about in private industry that are really highly paid, they're also very intense jobs," Mrs McDermott said.
"They do not leave a lot of room for work-life balance, and the expectations are incredibly high."
Since 2023, a majority of federal agencies have been identified as having a critical skills shortage in the Australian Public Service Commission's State of the Service reports.
In those agencies, digital and ICT deficiencies were the most widespread and fastest-growing blind spots, with cyber security remaining the single most dominant shortfall, flagged by about four in five affected agencies.
Emerging technologies compounded the strain as more than one in two agencies reported a critical deficit in the training and development of artificial intelligence (AI) models.
This internal talent gap has come at a time of increased cyber threats.
The latest report from the Australian Signals Directorate (ASD) detailed an unprecedented surge in digital hostility, with a cybercrime complaint now filed in the country every six minutes.
The nation also endured a multifold surge in denial-of-service attacks, alongside a double-digit increase in severe incident responses.
Federal government networks were targeted in a third of all severe national cyber incidents.
Addressing this shortage has been made more difficult through a recruitment bottleneck where standard public service hiring loops regularly drag out for three to four months because of strict NV1 and NV2 security clearance requirements, causing top-tier technical candidates to abandon the process.
Mrs McDermott said solving this gap required a structural maturity model known as shifting left - training existing developers, data analysts and even non-technical generalist staff to build basic cyber protocols directly into their daily roles for a higher level of digital literacy.
Demographics presented another significant hurdle, with women making up less than a fifth of the cyber security workforce.
Mrs McDermott said fixing the gender gap required looking beyond early STEM pipelines to focus heavily on mid-career transition pathways and workplace inclusion.
"Many women come into technology mid-career, so we need to be looking at support for career changes into technology as well," she said.
"Cyber security has got a real retention issue when it comes to keeping women in the workforce, so we do need to look beyond just diversity, but actually really look at inclusion."
The head of the Australian Cyber Security Centre at the ASD, Stephanie Crowe, said that the broader defence ecosystem relied on adaptive, diverse staff who can pivot quickly to emerging threats like AI, rather than just raw coders.
Ms Crowe said modern cyber teams required a balance of human attributes, including professionals who manage stakeholders, face customers and clearly articulate the cost benefits of security investments to executives.
Relying entirely on pure technical staff risks leaving agencies structurally exposed in public or executive environments.
"You have to have a balance in your workforce," Ms Crowe said.
"At ASD, we try to achieve that balance, because I wouldn't expect my deep technical experts to be out there talking publicly and with customers. There's different skill sets to do that."
Ms Crowe herself is proof that a deep technical background was not the only pathway into high-level cyber security leadership.
She originally entered the ASD graduate program with a bachelor of Asian studies, building her technical literacy entirely through institutional training and on-the-job learning.
For aspiring women and generalist public servants eyeing the growing sector, Ms Crowe offered a direct piece of advice.
"Don't be afraid of the tech, and never be afraid to ask questions," Ms Crowe said.
"You will find that technical people are more than happy to tell you the intricacies of what they do."
