A British cybersecurity professional has landed a coveted tech visa for distinctive expertise after he hacked an Australian authorities division and uncovered a “essential vulnerability”.
Jacob Riggs, a British nationwide with greater than a decade of expertise within the cyber sector, was granted an 858 Nationwide Innovation visa in December, lower than a 12 months after he utilized for the invitation-only visa.
The Nationwide Innovation visa replaced the Global Talent visa in late 2024 and is a everlasting visa for people who’ve an “internationally recognised document of remarkable and excellent achievement in an eligible space”.
This visa has an approval fee of lower than 1%, in line with VisaEnvoy, with greater than 9,000 expressions of curiosity submitted, simply over 300 invites issued and about 85 visas in the end granted.
Riggs instructed Info Age that his response to discovering out he had been permitted for the coveted visa was a “combination of reduction, disbelief and pleasure”.
“I used to be very conscious of how selective the 858 course of is, so when the approval got here by way of it took a second to correctly sink in,” he mentioned.
“It genuinely felt like a type of uncommon life-changing moments.
“I’ll definitely be persevering with my work in cybersecurity and contributing the place my hands-on and management expertise is most helpful.”
With the visa, Riggs will now be capable to work and stay in Australia completely, sponsor kinfolk to maneuver to the nation and apply for citizenship.
Riggs is now based mostly in Sydney and is ready to apply for Australian citizenship. Photograph: Equipped
Exhibiting his expertise
Riggs utilized for the visa early final 12 months, and included 60 pages of proof of his experience, together with bug bounty payouts, recognition letters from universities and governments and proof he has recognized vulnerabilities to main tech corporations.
After ready seven months, Riggs determined to take issues into his personal fingers and display his cyber experience to the Australian authorities in a sensible manner.
“Given the bar the 858 units, it grew to become clear in the course of the utility course of that I must also make efforts to indicate the present worth in my capabilities,” Riggs wrote in a weblog publish.
“With my utility nonetheless sitting within the evaluation queue and the portal persevering with to just accept modifications to proof, I made a decision to begin trying on the Australian authorities’s assault floor for vulnerabilities.”
After discovering the Division of International Affairs and Commerce’s (DFAT) Vulnerability Disclosure Coverage, which permits researchers and moral hackers to responsibly share potential vulnerabilities with the division, he set about making an attempt to hack the federal government.
“That supplied a legit, moral framework for me to hold out my hacking responsibly,” Riggs mentioned.
Lower than two hours later, Riggs had recognized what he mentioned was an “exploitable essential severity vulnerability”, which he reported to DFAT.
A director on the division shortly responded to Riggs and mentioned a repair had been utilized for the vulnerability, even going so far as to ask how he had discovered it.
DFAT needed to understand how Riggs had discovered the vulnerabillity. Picture: Equipped
“Discovering the vulnerability was not simple,” Riggs mentioned.
“It grew to become clear to me from the beginning that DFAT takes its safety severely.”
The 858 Innovation visa course of requires candidates to indicate recognised achievement of their subject, corresponding to by way of a Nobel Prize or Olympic gold medal.
However doing that is tough within the cybersecurity sector, which is likely one of the precedence areas beneath the scheme.
Demonstrated impression
Quickly after disclosing the vulnerability, Riggs was permitted for the 858 Innovation visa.
“The power of the 858 course of is that it seems to look past conventional credentials by additionally specializing in demonstrated impression,” Riggs mentioned.
“In fields like mine, that real-world expertise issues greater than titles or tutorial achievements alone.
“I additionally suppose a course of that rewards sustained contribution and measurable experience is well-suited to attracting genuinely distinctive expertise.”
Riggs is now considered one of simply 4 folks listed publicly on DFAT’s vulnerability disclosure honour roll on its web site.
There have been long-running issues concerning the expertise hole in Australia’s cybersecurity sector, and a few efforts to fill this by way of extremely expert migration.
In accordance with Jobs and Expertise Australia’s Occupational Scarcity Checklist 2025, a wide range of cyber roles are still in shortage around the country.
Roles corresponding to cybersecurity governance, danger and compliance specialists, cybersecurity engineers and operations coordinators and software program testers are in scarcity in practically all states and territories.
Final month, it was revealed that scammers have been impersonating senior officers in the Department of Home Affairs with an purpose to trick visa candidates into paying pretend utility charges.
These scammers have been providing to help people with their visa functions, then trick them into making “further funds” to hurry up the method.
- This story first appeared on Information Age. You possibly can learn the original here.
