Cybersecurity presents a distinct challenge. “There’s no trophy equivalent of an Olympic Gold Medal,” Riggs wrote on his blog. “There’s no singular hallmark of excellence you can lean on, so everything comes down to what you’ve actually done.”
Loading
His application supplied about 60 pages of evidence spanning bug bounty payouts, formal recognition letters from universities and governments worldwide, and documentation of vulnerability disclosures to major technology companies.
Riggs, who barely completed secondary school, said he lacked traditional academic credentials. Instead, he submitted professional accreditations and letters acknowledging his responsible disclosure work, materials he described as “unexpectedly perfect” for the assessment criteria.
“I ended up hitting the attachment limit,” he wrote.
With his application still under review, Riggs decided to provide contemporary evidence of his skills.
“Given the bar the 858 sets, it became clear during the application process that I should also make efforts to show the current value in my capabilities,” he wrote, noting his role spans leadership responsibilities beyond hands-on technical work.
He acknowledged Australian government infrastructure was generally well-hardened, which “only piqued my interest more”.
Jamieson O’Reilly, founder and chief executive of cybersecurity firm Dvuln.Credit: Dominic Lorrimer
The gamble appears to have paid off. Riggs completed the entire process without engaging migration agents or immigration lawyers, a decision he described as “very on-brand”.
The case highlights both the challenges of assessing elite cyber talent and the potential for Australia’s innovation visa program to attract professionals whose contributions are difficult to measure through conventional metrics.
Loading
By May 2025, nearly 6000 people had expressed interest in the revamped 858 program, with only seven successful grants at that point. Two Iraqi-born scientists, Dr Bilal Bahaa Zaidan Al-Jubouri and Dr Aos Alaa Zaidan, secured visas for AI expertise in healthcare and agriculture applications.
Cybersecurity researcher Jamieson O’Reilly said Australia’s cyber skills shortage was worsened by structural barriers preventing existing talent from contributing.
“There are highly capable security practitioners in this country who can’t get near government work because they’re not attached to a large consultancy or don’t fit the procurement mould. So we talk about skills shortages while simultaneously locking out skilled people,” he told this masthead.
He said pathways such as the 858 visa were valuable for addressing genuine gaps, but the priority should be removing barriers for local talent. He added this case pointed to deeper structural issues in Australian government security procurement.
“This vulnerability survived annual IRAP assessments, two outsourced penetration tests, and internal testing before someone outside the system found it. That’s the detail worth paying attention to.”
Riggs said he plans to relocate to Sydney within 12 months to continue cybersecurity work.
“There’s a lot to consider when you move your entire life to another country,” he said. “I also have a cat and he still needs convincing.”
The Department of Foreign Affairs and Trade and the Department of Home Affairs did not respond to requests for comment before deadline.
Discover more from PressNewsAgency
Subscribe to get the latest posts sent to your email.