Business Excellence (Part 3): Roles, skills shortages, intermediaries and disparities

Edward Farrell

Several weeks ago a job advertisement for a role that we’re also on a government panel for came out. A job was advertised with a $130–160K for a salaried role by a company that sounded as a copy-paste of the very role presented. Given our own access to the panel, familiarity of the client and noting our utilisation notes from Part 1 of our business excellence series, we calculated that the salary for the intermediation role by the Job advertisers (pejoratively referred to as “body shopping”) was at best exploitative with a 30–40% profit margin.

Our analysis of the numbers is available via the following spreadsheet.

The TL;DR is that assuming a day rate of between $1,100 and $1,550 excluding GST as well as utilisation rates, an annual profit of between $16,000 and $211,000 could be secured by the intermediary after the aforementioned salary. We assess this figure was likely to be between $40,000 and $120,000 for what is about 30 minutes of resume forwarding.

This is disheartening, however is commonplace amongst the Australian economy; we find that interdicting, rather than contributing or executing, is a get rich quick scheme.

An overview

Training a technical resource is time intensive, costly and mentally demanding. Assuming a series of set training requirements, it will take between 6 and 18 months for a baseline knowledge, skills and experience to become the cyber security professional who has the requisite attributes and aptitude to develop in this space, as well as the requirement for ongoing learning. Compare this with the entry barrier for the intermediary roles, which ranges from well developed established relationships (which takes years of skill and talent) through to effective mimicking abilities developed from 4–8 hours of watching ted talks as well a basic awareness of Microsoft word combined with the lack of need for regular training updates, and there’s an incentive to be lazy.

Cyclical contribution to supply and demand

In the case of our intermediating role discussed above, 30 minutes of resume shifting as well as additional support tasks equates to about a week or two of work will result in a sustained income that, when executed 3–4 times, will translate to a very comfortable salary. Why bother becoming a competent technology professional when a similar amount of income can be generated with less professional development?

I would contest that in its current form, this not only kills innovation but creates an unhealthy demand. As individuals are attracted to the role that requires the least resistance, like most pyramid schemes more “tech” staff are required to sustain the intermediary or grow their wealth, which can best occur by overestimating projects, creating unnecessary complexity (which is counterproductive in cyber security), increasing time requirements or artificially inflating demand through influence. As economics dictates that there can only be so many people generated in a period of time to meet the skills requirement, which results in a notional “skills shortage” even though an analysis of requirements might identify that “less is more.” Worst yet, there is also the risk that increased salaries might mean that the demand is met by individuals wholly unprepared for the role, which in turn will increase workloads, increase the transactions required to complete services and all at a cost to the end user and a profit to the intermediary.

How can this be remediated

The diseconomy of scale funnily enough is an effective detractor and anyone suitably experienced on the client side of the relationship who has encountered this sort of behaviour will actively avoid. In my own experience, the act of control and influence exerted by such intermediaries is incredibly off putting and enough to walk away from; and we’ve found that most clients we deal with actively avoid the white noise.

There are a few strategies that I would advocate to assist with dealing with this problem:

  1. Avoid having the “bigger is better” mentality, and conduct self appreciation on the resources that are genuinely available and required for a project.
  2. Evaluate the firm you’re corresponding with, and who the point of contacts are and key players. Are you paying for service or salesmanship?

Basic economics, as alluded to in part 1 of this series, we’re seeing the return of “smaller” organisations (Volkis, Aurian and Pam O’Shea come to mind) that are countering the economically ineffective approach.


I’d recommend another analysis I did, where I’d assessed the scale of recruiters to practitioners. Similar to part 1 of this series, the numbers should be taken with a grain of salt but are reasonably reflective of the marketplace.

We’re here to help

Let Mercury safeguard your business while you focus on growing it.

Reach out to us for a tailored cyber security consultation that aligns with your unique business needs.