NSW Health is offering internships in ICT architecture and information security under a partnership with the ACS Foundation.
It’s a first for NSW Health, which is also working alongside NSW Ambulance, a government organisation inside the health network that initiated a similar program last year.
“It is such a specialist field to be the chief architect or the chief information security officer. It takes many years and it’s a long career path to get there,” Gilbert Verdian, chief information security officer at NSW Health told CIO Australia.
Verdian said programs like this help people get into this field early in their career, assist with the skills shortage, and create a workforce capable of protecting and defending governments and industry.
NSW Health currently employs 10 dedicated information security specialists in Chatswood, Sydney with 17 local health districts across the network also employing their own security staff.
Verdian said the intern program supports the NSW government’s revised digital information security policy, which was released in 2015. NSW Health has created its own Privacy and Security Assurance Framework, which includes robust technical and manual controls to monitor the health of the network and respond to emerging threats.
Verdian said that although NSW Health has not had any serious security incidents, it does experience normal scans, probes and spam associated with connecting to the Internet just like any other organisation.
The evolving threat landscape is driving a huge need for information security specialists, he said.
“It’s getting easier for [hackers] to conduct complex threat campaigns against organisations. There’s a whole economy of ‘the dark arts as a service’ from the dark web. It’s easy to execute and hard to protect so we are putting a lot of effort and investment into protecting critical infrastructure, particularly health information.”
“We are being as proactive as banks and we are investing heavily to continuously improve [our security posture],” he said.
Verdian highlighted that health departments and healthcare organisations hold the most valuable data in the world. Stolen health records can sell for more than US$100 each on the black market compared to credit card and other personal data which sells for US$0.50 to US$20, he said.
Last year, NSW Ambulance had a hiring freeze due to unexpected operational costs, which prompted chief information and technology officer, Andrew Crawford, to introduce an internship program. Crawford used internships in the past when he was an executive at AMP, Westpac, and Suncorp.
NSW Ambulance partnered with Macquarie University to attract interns. It also worked with a Sydney college under the Department of Immigration and Border Protection’s ‘Professional Year’ program. Students that complete this program can be eligible for migration points towards permanent residence in Australia.
The department’s internship program was capped at three months and since then, three people have been working full time at the department for the past 12 months and two have moved on to other roles outside the department.
Crawford said he is working closely with Verdian to place interns.
“I am supporting Gilbert. We are sponsoring an intern into his area through this program. We are doing things together, I am trying to be a good customer,” he said. "We are sitting on the panel together and he is helping me screen the candidates.”
NSW Health employs more than 160,000 staff, which means that the IT requirements and need to harden systems is immense, said Crawford.
“NSW Ambulance is becoming a buyer of services; just like any other commercial entity out there, I am looking for solutions that are efficient and I don’t necessarily have the capabilities in-house,” he said.
NSW Health is attending the forthcoming ‘Big Day In’ event at the University of Technology, Sydney in March. The event is a careers conference designed for high school and university students who are interested in a career in technology.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.