NZ’s digital skills deficiencies
At 114 pages, the Digital Skills Aotearoa report landed with a thud in the inbox (OK, so we got a link to it, but you get the point). It is an extensive read, but really the whole thing can be summed up in one sentence: There are not enough New Zealanders with the right digital skills.
Primary school kids not being interested in tech. A scarcity of teachers with IT skills. Low female, Māori, and Pacific Island participation. Employers looking offshore for talent (not quite so possible now given the pandemic) rather than in New Zealand.
Numbers can tell a story, and the stats at the front of the report from 2019 are revealing:
- 3,265 students graduated with computer science, IT, or software engineering degrees.
- 352 students were able to get internships after 2,699 registered for the opportunity.
- Meanwhile, 2,683 visas were approved for IT professionals to immigrate to New Zealand.
If you do secure a role in IT, it is likely to be well paid. The national median salary for digital technology workers in 2019 was $92,250. Compare that with the overall national median salary of $54,080 (from Stats NZ salary, median earnings for all paid employment). A couple of sweeping conclusions:
- IT professionals earn, on average, over 40% more than the national median.
- New Zealanders in general are not well paid.
NZX taken to task over cyberattacks—and lackadaisical planning
The Digital Skills report also provided a list of the fastest growing skills in six countries, including New Zealand. The data is from a LinkedIn Talent Pool Report undertaken for NZ Tech. The top skills for New Zealand are Microsoft Azure, followed by Python—but there is no mention in the top 10 of cybersecurity. It didn’t make Australia’s top 10 either. But you bet your bitcoin it’s on list for the UK, the US, Singapore, and Ireland.
This is a shame because, having read the Financial Markets Authority (FMA) report on the NZX’s woeful cybersecurity issues, there is a clear need to up the game in this area. As it notes upfront:
The threat from cyberattacks is growing rapidly. Attacks are becoming more prevalent and more difficult to defend against. All entities, private and public, face this threat and need to evolve rapidly to counteract it. The pace of change is such that standing still or planning patiently for the future exposes organisations and the information they hold. For entities providing critical infrastructure, the impact of attacks on their customers, suppliers, or markets can be significant. This is a major challenge for all of us and has rapidly risen to the top of many organisations’ risk identification and crisis planning.
The report then goes on to outline the failures at NZX, which include that it “did not have adequate capability across its people, process, and platforms” and “crisis-management planning and procedures were basic and did not address known points that could cause disruption in the event of failure.”
But while tech can be bought and crisis management plans created, one of the main issues for NZX appears to be cultural, and that is much harder to tackle: “We consider there are internal cultural factors that have contributed to NZX’s failure to have adequate technological resources, which in turn has at times resulted in an inability to operate in a fair, orderly, and transparent market,” the report notes.
Throughout the report, it appears that NZX is reluctant to admit fault, and the FMA notes that NZX doesn’t accept all the report’s findings although it is working to resolve the issues.
This comment from the report on the DDoS attacks is telling:
NZX considers that it could not have foreseen, and therefore been prepared for, a DDoS attack of the magnitude that occurred and that the magnitude of the attacks was unprecedented in New Zealand. We consider a DDoS attack was foreseeable and that an attack of sufficient magnitude to take down the servers was at least possible and should have been planned for.
There is also the sense that IT is seen by the NZX as an operational function—that it is tactical, not strategic. The FMA recommends that the NZX hire a head of IT security, a head of architecture, and a chief risk officer. Many will be surprised to learn these roles are not already in place.
For its part, NZX released a statement on the release of the report, with CEO Mark Petersen acknowledging “the FMA’s conclusions that, in certain respects, NZX breached its market operator obligations in relation to its technology resources.”
“NZX accepts that it did not meet the high standards it sets for itself in key areas of technology resources. We also agree that improvements are required and we are committed to delivering these improvements via an action plan that will be agreed with the FMA. We will work constructively with the FMA through that process and engage closely with the broader capital markets technology ecosystem,” he says.
Jobs for the robots
People are what make tech work (at least until the Singularity), but even so, it’s often easier if you can take them out of the equation. The Christchurch City Council has this week issued an expression of interest for vendors that can provide and implement a robotic process platform.
Among desirable attributes, the platform must be able to:
- Work with multiple applications, user interfaces, and platforms.
- Provide error reporting and effective debugging ability.
- Be a robust and intuitive development environment.
The motivation for replacing people with robots is to free the former from drudgery, as the council explains in its EOI document:
The Christchurch City Council has an abundance of processes that can stretch across the whole organisation; they are highly repetitive, use multiple systems, are mundane and an inefficient use of employees’ time. These employees can spend many hours performing these processes, which could otherwise be automated to free up time to spend on value-adding activities.