As a fresh-faced teen preparing to sit his Year 12 exams, Jackson Henry is not what most people might imagine when they hear the word "hacker".
He is what's known in the cyber world as a "white hat", or an "ethical hacker".
"I think the term hacker still carries the conception that a hacker is a criminal, but a hacker can be both ethical and unethical," Jackson said.
"We're trying to find vulnerabilities before threat actors find them.
"So we're going to find them, we're going to patch them, [and] hopefully stay always seven steps ahead of the threat actors."
When Jackson was 15 he gained recognition from the United Nations for discovering and reporting a misconfiguration in their system that exposed thousands of UN staff records.
"We [a small group white hats] found around 100,000 highly sensitive records that could have been weaponised if it fell into the wrong hands," he said.
The ethical hackers reported the issue to the United Nations through its Vulnerability Disclosure Program (VDP).
"When I stumble across something serious and I look at the impact of that if I had bad intentions, there's a certain feeling that you get – it's really good," Jackson said.
Cyber threat 'is very real'
The recent surge in cybercrime has impacted millions of Australians and highlighted the urgent need for more people who, like Jackson, want to work in cybersecurity.
A report commissioned by cybersecurity firm CyberCX found an additional 30,000 workers would be needed over the next four years to keep up with the nation's rapidly changing security needs.
CyberCX chief strategy officer Alastair MacGibbon said the industry needed to recruit a wide range of regular Australians to help fight cybercrime and they did not need to have the hacking skills of someone like Jackson Henry.
"Those type of skills are rare – this person is clearly a unicorn," he said.
"The unicorns are out there, [and] we need more of them. But the reality is the vast majority of people in this industry are not people that at [age] 12 were pulling apart computers and rebuilding them.
"The vast bulk of people we are going to recruit are going to be just average Australians who just want to protect these things that are so vital to us now."
Mr MacGibbon said he was particularly focused on recruiting more women to the industry, which was currently made up of around 80 per cent men.
"The threat actors, criminals, nation states – they are emboldened," he said.
"There is more of them every day, and they are attacking very complex systems that are more complex every day.
"So when you add those two things up, you end up in a more vulnerable situation. And it's vital for us to respond to this cyber security issue.
"It is very real, and it affects governments, big businesses, and the people at home."
Jackson believes the Australian government could expand its use of vulnerability disclosure programs and consider introducing bug bounties in the public sector.
"Bug bounties are similar to VDPs except they offer monetary rewards so people will pay you to submit your vulnerabilities," he said.
In the United States, vulnerability disclosure and bug bounty programs are used by the government to encourage ethical hackers to report vulnerabilities.
"A common complaint is that there is a skills shortage and that there are not enough people to help with this," Jackson said.
"So if we crowd-sourced security and invited Australians and people from across the world to help protect Australia, I think that would be worthwhile."
Federal government reviewing options
In a statement, the Minister for Cyber Security Clare O'Neil told 7.30 the government is considering whether more incentives are needed to support the ethical hacking community to report vulnerabilities.
"[In July], the Attorney-General's Department mandate[d] the implementation of vulnerability disclosure policies," Ms O'Neil said.
"The number of Government agencies that have since implemented vulnerability disclosure policies will be included in the next Protective Security Policy Framework (PSPF) annual report.
"Under the 2023-2030 Australian Cyber Security Strategy, the Government will explore further options to strengthen its cyber posture.
Ms O'Neil said the government was also considering a range of measures aimed at addressing the immediate and emerging cyber skills and workforce challenges that Australia faced.
"Including options to attract untapped talent from under-represented groups and career changers into cyber security career paths," she said.
"We are also looking at a range of options to improve skilled migration policy settings to fill immediate skills gaps in the sector."
Watch 7.30, Mondays to Thursdays 7.30pm on ABC iview and ABC TV
