0.0.1 Welcome — Why Cyber. Why Cloud First.
In one line: before any lesson, here is the case for why this curriculum exists, why it’s pointed at cybersecurity, and why every road in it leads through the cloud.
If you’re reading this, you’ve probably had the same midnight thought a million people in IT are having right now — AI is eating jobs, the ground is moving, where do I even stand? This page is the first answer this vault gives. Not a pep talk. Just the receipts.
The vibe of the moment
Look — the panic is real but the picture is not what the headlines sell. AI isn’t deleting IT. It’s compressing the floor and raising the ceiling at the same time. Boring repetitive work — basic CRUD, simple support tickets, copy-paste sysadmin — is getting flattened. People who can use AI well are shipping more than ever. The folks who freeze are the ones who lose. The folks who pick a direction and start moving are the ones who win.
So this vault picks a direction. Cybersecurity. With cloud as the home turf. And here’s the math behind that pick.
Why cybersecurity — the four-way fight
Anyone in IT staring at the next ten years has basically four lanes to pick from. Let’s lay them on the table side by side.
| Lane | AI pressure | Demand floor | Skill half-life | Australian PR fit |
|---|---|---|---|---|
| Data Analyst | 🔴 Heavy | Soft | ~3 yrs | Weak (224999, VETASSESS) |
| Data / ML Engineer | 🟡 Medium | Solid | ~4 yrs | OK (261313 ACS) |
| AI / ML Engineer | 🟢 Low (you’re the builder) | Volatile (hype-cycle) | ~2 yrs (tools shift fast) | OK but elite-only |
| Cybersecurity | 🟢 Low (AI adds demand here) | Structural floor, mandated | ~10 yrs | Strong (262112, fast-tracked) |
Now the chart for the eye people:
xychart-beta title "Projected Australia IT employment growth 2024 → 2029 (%)" x-axis ["Data Analyst", "Data Engineer", "ML Engineer", "Cybersecurity"] y-axis "Growth %" 0 --> 20 bar [3, 8, 11, 14.2]
Cybersecurity sits at the top of every Australian growth chart for IT. It’s not a vibe — it’s a +14.2% projected growth rate, with 100,000+ unfilled cybersecurity positions projected by 2030. Demand effectively doubles by then.
The structural reasons cyber wins (the part most people miss)
Most career advice stops at “salary good, jobs many.” The real reasons cyber is structurally durable run deeper. Five of them.
1. Threat asymmetry
An attacker only needs one hole. A defender has to cover everything. That asymmetry is not a slogan — it’s the actual math of why security is headcount-hungry in a way pure engineering disciplines aren’t.
flowchart LR A[1 attacker] -->|needs 1 hole| H((Find any single weakness)) D[1 defender] -->|must cover| C1[Network] D --> C2[Identity] D --> C3[Data] D --> C4[App layer] D --> C5[Cloud config] D --> C6[ML pipeline] D --> C7[Endpoint] D --> C8[Supply chain]
You can run a small team of brilliant ML engineers across a whole company. You cannot run a small security team across a whole company. The job is too broad. More seats. Always.
2. AI doesn’t shrink security demand — it multiplies it
Here’s the part that flips most people’s intuition. When companies ship more AI, they need more security people, not fewer. Every new ML deployment opens new attack surface:
- Someone secures the data pipeline
- Someone secures the model serving infra
- Someone monitors for adversarial inputs
- Someone watches for data poisoning
- Someone handles privacy + compliance
- Someone hardens prompt + agent layers
flowchart TD ML[1 new AI/ML deployment] --> S1[Pipeline security] ML --> S2[Model serving security] ML --> S3[Adversarial input defence] ML --> S4[Data poisoning detection] ML --> S5[Privacy + compliance] ML --> S6[Prompt + agent hardening] style ML fill:#ff6b6b,color:#fff
The math compounds in security’s favour as AI grows. That’s the rare profession where the AI wave makes you more needed, not less.
3. Mandated demand, not fashion
AI adoption is voluntary. Cybersecurity isn’t. Across the world, regulators have forced companies to hire security people whether they want to or not — Australia’s Privacy Act, the SOCI Act, APRA CPS 234, the 2023–2030 Cyber Strategy, GDPR in Europe, NIS2, the SEC cyber rules in the US. Mandates create durable demand floors. Innovation creates peaks and troughs. Cyber demand has both peaks (innovation) and a hard floor (regulation). ML/AI demand has peaks but no legal floor.
4. Skill half-life
Here’s the under-rated one. Cyber primitives — networking, cryptography, adversarial thinking, incident response — move slowly. The thing you learn in year 1 is still useful in year 10. ML tooling reinvents itself every 18 months. Ask anyone who specialised in 2018-era ML what their skillset looks like now.
xychart-beta title "Skill value over time (relative)" x-axis ["Year 1", "Year 3", "Year 5", "Year 7", "Year 10"] y-axis "Value" 0 --> 100 line [100, 95, 90, 85, 80] line [100, 70, 50, 35, 25]
Top line: cyber primitives. Bottom line: ML tooling. Over a 10-year career the cyber line bends gently down. The ML-tooling line falls off a cliff every cycle. If you’re building a career and not just a job, that gap matters.
5. The pyramid is wider
ML/AI engineering has roughly three role types — research, applied, MLOps. Cybersecurity has at least a dozen distinct careers:
- SOC analyst
- Detection engineer
- Security engineer
- Security architect
- Threat intel analyst
- Incident response
- Penetration tester
- Application security
- Cloud security ← the big one
- GRC + compliance
- Identity engineer
- Security data scientist / ML-security engineer
More entry points. More lateral mobility. More total seats. More chances to find the niche that fits.
Why cloud first, inside cyber
Now the second pick — if cyber, which cyber? Because cyber is wide, and “cybersecurity” alone is too generic for a curriculum to point at. This vault says cloud first. Three reasons.
Reason 1 — That’s where the work actually is
Every Australian organisation worth working for runs on AWS, Azure, or GCP. SOC tooling, identity systems, threat-intel pipelines, detection engineering — all built on cloud now. On-prem cyber still exists, but it’s the shrinking half of the field. The growing half is cloud security.
pie title Australian enterprise workloads 2026 (estimated split) "Public cloud (AWS/Azure/GCP)" : 62 "Hybrid cloud" : 23 "On-prem only" : 15
If 62% of workloads live in cloud and another 23% are hybrid, 85% of the defenders’ job is now a cloud job in some form. Specialising in cloud isn’t picking a niche — it’s picking the main road.
Reason 2 — Cloud amplifies every cyber advantage from above
Threat asymmetry, mandated demand, skill compounding — every structural advantage cybersecurity has, cloud makes it more extreme.
- Shared-responsibility model = more defenders needed, not fewer (the cloud provider handles the floor; everything above the floor is on you)
- Misconfiguration is the #1 cause of breaches in cloud environments — and misconfig is a human problem AI can’t solve alone
- Compliance frameworks (SOCI, APRA, ISO 27001, Essential 8, SOC 2) are now written assuming cloud — every audit is a cloud audit
- Identity is the new perimeter in cloud — and identity is a never-ending problem
Reason 3 — Cloud is where AI security lives
Here’s the long-game move. Almost every serious AI/ML system is deployed in cloud. Model serving on SageMaker, Bedrock, Vertex AI, Azure OpenAI. Training pipelines on EKS, GKE. Vector DBs as managed services. RAG agents talking to S3. If you want to be in the AI security lane in 2030, you have to know cloud security in 2026. There is no version of “AI security expert” who isn’t first a “cloud security expert.”
flowchart LR F[Cyber fundamentals] --> C[Cloud security] C --> A[AI / ML security] style F fill:#bde0fe style C fill:#a2d2ff,color:#000 style A fill:#ffafcc,color:#000
The ladder is: fundamentals → cloud security → AI/ML security. Each step compounds the last. You can’t skip the middle one.
The cert ladder this vault is pointed at
Just so the path is concrete and not vague:
flowchart LR P0[Phase 0<br/>Foundation] --> P1[Phase 1<br/>Security+] P1 --> P2[Phase 2<br/>AWS Sec Specialty<br/>+ SC-200] P2 --> P3[Phase 3<br/>GIAC GAIA<br/>AI/ML Security] P3 --> P4[Phase 4<br/>Practitioner / portfolio]
Foundation → generalist security (Security+) → cloud security (AWS Security Specialty / Microsoft SC-200) → AI/ML security (GIAC GAIA). Four phases. Each one a real, named, hireable identity at the end.
The Australian angle — why this lands extra hard down here
Now zoom in on Australia, because the case is even stronger here than globally. If you’re a learner anywhere else, skip this section. If you’re learning in Australia or planning to land here, read it twice.
The numbers
- +14.2% projected employment growth for cybersecurity roles 2024–2029 — fastest-growing IT field in the country
- 100,000+ unfilled cybersecurity positions projected by 2030
- Average cyber salary range: AUD 110k–180k, with senior roles clearing 200k+
- 565+ dedicated cybersecurity scholarships for study in Australia
- AUD 9.9 billion committed to cybersecurity in the 2023–2030 National Cyber Strategy
xychart-beta title "Australian cybersecurity demand vs supply (000s of roles)" x-axis ["2024", "2026", "2028", "2030"] y-axis "Roles (000s)" 0 --> 250 bar [120, 150, 190, 230] line [105, 120, 135, 150]
Bars = demand. Line = supply. The gap is the shortage. It’s getting wider, not narrower.
The PR angle
Australia’s skilled migration system has explicitly fast-tracked cybersecurity professionals. The federal government has named cybersecurity a national security priority. The ANZSCO code 262112 (ICT Security Specialist) is on the 2026 Core Skills Occupation List as a named priority — meaning faster processing, better state nomination odds, and stronger 491/190 pathways.
There are even published cases of overseas cyber pros getting visas approved in days after disclosing exploits to government — the demand is that loud.
The structural drivers
Australia isn’t a normal cyber market. Three things make demand here unusually durable:
- SOCI Act + critical infrastructure — energy, water, finance, healthcare are legally required to harden their security posture. That law alone funds thousands of jobs.
- APRA CPS 234 for the financial sector — every Australian bank, super fund, insurer must run a mature security function. Not optional.
- Five Eyes alliance + AUKUS — Australia is a major intelligence-sharing partner, which drives a defence + government cyber spend much larger than the country’s GDP would suggest. Cleared cyber roles pay extremely well and never dry up.
flowchart LR L[Aus law<br/>SOCI/APRA/Privacy Act] --> J[Mandated<br/>cyber jobs] G[Aus gov<br/>2023-2030 Strategy<br/>$9.9B] --> J A[AUKUS / Five Eyes<br/>cleared cyber demand] --> J M[100k role shortfall] --> J J --> P[Fast-track visa pathway<br/>ANZSCO 262112] style J fill:#ffd166,color:#000 style P fill:#06d6a0,color:#000
If you’re building a career in IT and Australia is on the table, cybersecurity is the single highest-leverage pick the country offers right now. The numbers, the laws, the budget, the visa system — they all point the same way.
So that’s the why
Cyber, because the demand is structural and not fashion. Cloud, because that’s where the work is and that’s the road to AI security. And in Australia specifically, because the law, the budget, and the visa system have already decided this is a priority occupation.
This vault is the curriculum that takes a reader from zero to that destination. The next note shows the map.
Where to go after this note
Next: 0.0.2 The 6 topic areas — meet the map.
One last thing — the panic at the start of this page? Real, but cheap. The plan beats the panic every time. Welcome in.