What would be a great foundation for this?
A degree in business or commerce is a good starting point, he says, complemented with some specialisation in higher order IT. This can be followed by a postgraduate study or master level work in courses around business reform, change management, project management, project delivery, and data management. All of these aspects will come together to complement the undergraduate degree.
"As a consequence, that combination of skills and experience will bring about a person, who by the age of 30 or 35, will be well-equipped to be part of teams that are in high demand across the world."
Hayes notes that with some of the events around security breaches, cybersecurity is now becoming "more and more an IT of discussion on everyone's lips".
"It used to be just discussed at whole of country and federal government level,' he says. "Cybersecurity now becomes everyone's business, depending on who you are in the organisation."
He has observed a significant growth in the members of ISACA who identify themselves working in the area or security or IT risk management.
In the last four years, for instance, the growth in the number of people in the IT risk management space has gone from 8.3 percent per annum to 14.7 percent per annum. "We are seeing the increase in attendance at IT risk management courses and certifications doubled in the last two years."
Based on his discussions with ISACA and C-suite executives in Australia, he says the latter forecast an increase in demand for information security professionals of 28 percent in the next 12 months; and a 20 to 21 percent increase in IT risk management professionals.
Hayes says an issue that is becoming topical at conferences around the world is BYOD.
"A younger generation coming through are bringing their own device to the workplace and they appreciate they can do all things in their hand-held device, whatever they might be, and they are expecting they should be able to use their device at work, as well."
He adds that one of the biggest issues facing organisations today is how to manage that, how to provide that access. But, at the same time, not put the organisation at "extraordinary risk" if the user loses the device or it is stolen, or "stumbles across things they should not have access to" due to security gaps.
Sign up for CIO Asia eNewsletters.