How Australia's 457 Visa Changes Will Impact Cybersecurity

CISO , Governance , Risk Management

How Australia's 457 Visa Changes Will Impact Cybersecurity Cybersecurity Professionals, Already at a Premium, May be Harder to Import How Australia's 457 Visa Changes Will Impact Cybersecurity

Computer security companies in Australia may find it harder to recruit following the government's changes to a visa program widely used to fill high skilled technology positions.

See Also: 2017 Predictions on Data Security: Insights on Important Trends in Security for the Banking Industry

Last week, Prime Minister Malcolm Turnbull announced the abolishment of the 457 visa program, which was introduced 20 years ago as part of changes to make the country more internationally competitive. Technology companies are one of the biggest sponsors for 457 visa applications.

"The changes don't bode well for the government's plans to foster a homegrown cybersecurity industry." 

The visa intended to help fill jobs for which no native Australians were qualified for and allow freer movement of multinational executives. But critics charge the program has been prone to abuse and deprived qualified Australians of jobs.

As in the U.S., U.K. and Europe, immigration is political hot potato in Australia. A once-fringe political party, One Nation, has gained strength through a racially tinged, anti-immigration platform, which has put pressure on Turnbull's Liberal Party to appear responsive. As a result, the government's press release was seasoned with a dash of populist flare: Putting Australian Workers First.

But some are viewing the government's changes as designed more for political effect than meaningful labor market reforms. About 95,000 people are working under 457 visas, which is less than 1 percent of Australia's 12 million-strong work force.

The Australian Computer Society, the country's largest IT professional group, endorses the changes. In 2014, the ACS contended that immigration data showed the ICT industry was overly relying on 457 visas.

"Skilled migration in all its forms should be a source of competitive advantage for any country, says ACS President Anthony Wong. "It should never be at the expense of the domestic labor market and attracting full workforce participation."

New Visa Class

A new Temporary Skills Shortage visa, which will come into effect in March 2018, is replacing the 457 visa. The TSS is a belt-tightening of some requirements already in place for 457s. But it also arguably makes Australia a less attractive locale overall by reducing the number of people eligible for long-term residency, and eventually, citizenship.

The government removed 200 occupations from 650 that used to be eligible for 457 visas. Most, however, are not IT-related. The new rules also impose stricter English language requirements and require employers make stronger justifications for importing labor.

"These changes are significant and are expected to impact the majority of businesses that currently access the subclass 457 visa program," writes the consulting firm KPMG.

Other changes could affect whether people view Australia as a place to invest part of their working career. A 457 visa allowed people to work in Australia for four years. After two years, employees could apply for permanent residency. Two years later, they could apply for citizenship.

The TSS program creates two new visas. One is valid for two years and the other for four years. The two-year visa has no route to permanent residency or citizenship. When that visa expires, applicants will have to reapply for a four-year visa to get on that path.

Many occupations that could touch on computer security have been moved to the two-year visa, including ICT security specialist and certain kinds of software engineers. And as in many places, capable computer security specialists are notoriously difficult to find in Australia.

Market Distortion

Sydney-based entrepreneur Carlo Minassian, who founded Earthwave, a security operations center specialist firm that he sold to Dimension Data in 2013, says some 70 to 80 percent of the company's specialist employees came from overseas on 457 visas due to a lack of qualified local candidates.

"The [information security] skill does not exist in Australia," says Minassian, who recently launched the security startup LMNTRIX. "Our education system has not grown fast enough to meet the demand of the skills we need today."

The shortage has had the effect of distorting the labor market, Minassian says. Cybersecurity professionals who would only make AU$120,000 (US$95,000) in other places could command AU$200,000 or more in Australia.

"The more rare the skills, the more difficult people are to find and the more competition," he says.

With 457s, employers were, in theory, required to show they will pay the visa holder a market wage. That was intended so employers don't look to overseas for cheaper workers.

But the distorted salaries for information security professionals in Australia makes it hard for companies to justify a lower wage, even if an applicant is willing to take the job. It also puts companies, especially startups, at a competitive disadvantage because they must spend more on labor.

The changes don't bode well for the government's plans to foster a homegrown cybersecurity industry. Last year, the government announced a $230 million cybersecurity strategy, which includes a component to encourage information security startups (see Is Australia Spending Enough on Cybersecurity?).

Adrian Turner, CEO of the Data61 research agency, told InnovationAus: "Generally, Australia needs to make it easier and not harder, for IT and cybersecurity talent to come and work in the country."