《世界經濟論壇：2024網絡安全人才戰略框架白皮書（英文版）（40頁）.pdf》由會員分享，可在線閱讀，更多相關《世界經濟論壇：2024網絡安全人才戰略框架白皮書（英文版）（40頁）.pdf（40頁珍藏版）》請在三個皮匠報告上搜索。

1、Strategic Cybersecurity Talent FrameworkW H I T E P A P E R A P R I L 2 0 2 4Strategic Cybersecurity Talent Framework2Images:Getty Images,MidjourneyDisclaimer This document is published by the World Economic Forum as a contribution to a project,insight area or interaction.The findings,interpretation

2、s and conclusions expressed herein are a result of a collaborative process facilitated and endorsed by the World Economic Forum but whose results do not necessarily represent the views of the World Economic Forum,nor the entirety of its Members,Partners or other stakeholders.2024 World Economic Foru

3、m.All rights reserved.No part of this publication may be reproduced or transmitted in any form or by any means,including photocopying and recording,or by any information storage and retrieval system.ContentsExecutive summary 3Introduction 41 Attracting talent into cybersecurity 91.1 Key challenges t

4、hat organizations face when attracting cyber talent 91.2 Consequences of failing to attract talent 101.3 Approaches to attracting talent 101.4 Implementing actionable approaches to attract talent 112 Educating and training cybersecurity professionals 122.1 Identifying the gaps in current cybersecuri

5、ty education and training programmes 122.2 What should the future of cybersecurity education and training look like?132.3 Assessing the effectiveness of cybersecurity education and ensuring better 14 alignment with industry demands3 Recruiting the right cybersecurity talent 153.1 The search for cybe

6、rsecurity professionals 153.2 Actionable approaches for evaluation and validation 173.3 Is the skills-first approach applicable to cybersecurity?194 Retaining cybersecurity professionals 204.1 The causes of cybersecurity employee turnover 204.2 Understanding the impact of employee attrition 214.3 Ac

7、tionable approaches to boost employee retention 224.4 Prioritizing mental health in cybersecurity 234.5 Tactics for talent retention 24Conclusion 26Appendix:Case studies 27Contributors 34Endnotes 37Strategic Cybersecurity Talent Framework3Executive summaryIn todays hyperconnected digital landscape,t

8、he cybersecurity industry faces a critical global shortage of nearly 4 million professionals.With a consistent year-on-year increase in demand for qualified practitioners,the deficit shows no sign of abating.At a time when cyberthreats are increasing in sophistication and frequency,the cybersecurity

9、 workforce,as the backbone of organizational security,plays a key role in securing the benefits of the Fourth Industrial Revolution.Failure to ensure a steady supply of cybersecurity professionals may have far-reaching consequences,with organizations worldwide finding themselves vulnerable and under

10、staffed in the face of emerging threats.It is,therefore,imperative for decision-makers to prioritize cybersecurity talent management as a strategic necessity.Recognizing that a single actor alone cannot effectively tackle the cybersecurity workforce shortage,the World Economic Forum established the

11、Bridging the Cyber Skills Gap initiative.Bringing together more than 50 public and private organizations,the initiative developed a strategic Cybersecurity Talent Framework(CTF)featuring actionable approaches to help organizations build sustainable talent pipelines.More specifically,the CTF is struc

12、tured around four key priority areas intended to provide a holistic approach to talent management in cybersecurity.Among other things,the priority areas explore how:More talent could be attracted into cybersecurity by improving the understanding of what cybersecurity professionals do,removing barrie

13、rs to entry and improving diversity in the workforce Cybersecurity education and training could be improved to effectively equip students and professionals with essential skills for a career in the field Recruitment practices could be rethought by addressing challenges such as unrealistic and demand

14、ing requirements in job descriptions and misalignment between hiring managers and human resources(HR)departments Retention of cybersecurity professionals could be improved by tackling issues such as the lack of appreciation and recognition for the field as well as the high stress levelsAs a universa

15、lly applicable framework,the CTF is intended to serve as a source of reference for industry leaders,government agencies,civil society and academia that is,all stakeholders concerned by the cybersecurity workforce shortage and committed to developing and nurturing robust cybersecurity talent across t

16、heir respective sectors.The strategic Cybersecurity Talent Framework should guide public-and private-sector decision-makers in building and sustaining a skilled cybersecurity workforce.Strategic Cybersecurity Talent FrameworkApril 2024Strategic Cybersecurity Talent Framework4IntroductionThe cybersec

17、urity industry is affected by the global shortage of workers and urgently needs to take actionable approaches to attract and retain skilled staff.The workforce shortage is a global concern that spans nation states and industries.Estimates suggest that by 2030 there could be a global talent shortage

18、of more than 85 million workers,leading to an estimated loss of$8.5 trillion in unrealized annual revenue.1The cybersecurity industry is also affected by this pervasive challenge.While the cybersecurity workforce grew by 12.6%between 2022 and 2023,there is a shortage of nearly 4 million cybersecurit

19、y professionals worldwide.2 With a consistent year-on-year increase in demand for qualified practitioners,there is little optimism that the supply will catch up.In fact,only 15%of all organizations are optimistic that cyber skills and education will significantly improve the situation over the next

20、two years.3 From a regional perspective,the shortage is most pronounced in Asia-Pacific,which lacks more than 2.5 million cybersecurity workers,followed by North America,which faces a workforce gap of almost 522,000 people.4 In Africa,with a total population of more than 1.4 billion,the number of ce

21、rtified security professionals is estimated to be only around 20,000.5 At a country level,the talent shortage is particularly pronounced in China,India,the US and Brazil.India,despite boasting one of the worlds largest youth populations and 31.7%of science,technology,engineering and mathematics(STEM

22、)graduates worldwide,6,7 had an estimated 40,000 job openings for cybersecurity professionals in May 2023.8 Due to talent shortages,30%of these vacancies could not be filled.9 Similarly,as of January 2024 the US has an estimated 448,000 cybersecurity job vacancies across the private and public secto

23、rs.10 The cybersecurity workforce shortage is especially apparent in the education,government and healthcare sectors.11 In fact,the Global Cybersecurity Outlook 2024 found that the lack of resources and skills is the biggest challenge when designing for cyber resilience for 52%of public organization

24、s.12 Similarly,small and medium-sized enterprises(SMEs)struggle to digitalize due to a lack of cyber skills.Research shows that 43%of UK SMEs have been unable to hire cybersecurity support due to the shortage of specialists or challenges in attracting,recruiting and retaining cybersecurity practitio

25、ners.13 When it comes to specific cybersecurity roles,the workforce shortage is acute in domains such as cloud security,cyberthreat intelligence and malware analysis.14 As organizations confront the complexities of escalating cyberthreats ranging from sophisticated ransomware attacks to insidious da

26、ta breaches the scarcity of qualified cybersecurity practitioners is reaching alarming proportions,and it comes as no surprise that more than two-thirds of organizations face additional risks because of cybersecurity skills shortages.15The root causes of the cybersecurity workforce shortage are many

27、.One key factor is the rapid evolution of the cybersecurity landscape,which outpaces the development of a commensurate workforce.As threat actors continue to refine and innovate their methods of attack,the demand for professionals with both a diverse and specialized skill set outstrips the supply.Ho

28、wever,the shortage of skilled professionals capable of defending against increasing cyber risks extends beyond the immediate challenges faced by organizations.As a systemic risk,there is growing concern about the potential impact of the cybersecurity workforce deficit on national security,critical i

29、nfrastructure and the overall resilience and security of economies and societies.Moreover,the proliferation of cutting-edge technologies such as generative artificial intelligence(AI),quantum computing and internet of things introduces new risks,expanding the attack surface and,therefore,further amp

30、lifying the need for a cybersecurity workforce equipped with evolving know-how.The cybersecurity sector also has a pronounced lack of diversity including the representation of women,migrants,ethnic minorities and neurodiverse employees so it should come as no surprise that 91%of organizations believ

31、e that there is a need to push for a more diverse range of people in the cybersecurity field.16 Other factors contributing to the workforce shortage include issues such as the inability of certain employers,primarily from the public sector,to compete with the salaries offered by other organizations;

32、misalignment among educational programmes;the evolving needs of the cybersecurity industry;and the lack of clarity about career opportunities in the field.To address the cybersecurity workforce gap,the following strategic Cybersecurity Talent Framework(CTF)aims to present actionable approaches and b

33、est practices to public and private decision-makers worldwide on how to cultivate and sustain a pipeline of skilled professionals.Strategic Cybersecurity Talent Framework5Finding a common languageWhen discussing the cybersecurity workforce deficit,terms such as“skills shortage”,“talent shortage”,“ca

34、pacity shortage”and“experience shortage”are often used interchangeably despite their distinct nuances.This inaccuracy leads to confusion and misunderstanding regarding the specific type of scarcity that the industry faces.Taking a closer look at the different types of deficits,a“skills shortage”typi

35、cally refers to a dearth of specific technical and soft competencies or abilities required for particular roles within the cybersecurity field.In this context,organizations may struggle to find an individual proficient in a specific programming or foreign language.On the other hand,a“talent shortage

36、”suggests a lack of individuals possessing the broader set of skills,knowledge and attributes needed to excel in diverse cybersecurity roles.The term“capacity shortage”extends beyond cybersecurity staff and encompasses aspects such as the digital infrastructure and regulatory frameworks needed to es

37、tablish and maintain robust security measures in the digital landscape.Finally,“experience shortage”refers to a lack of practical and hands-on expertise in dealing with real-world cybersecurity problems.In addition to these types of scarcities,organizations are increasingly struggling to find indivi

38、duals with the right drive and motivation.To devise efficient and effective solutions to the problems at hand,there is a need to identify the precise nature of the shortage that a given geography,industry or organization is encountering.It is important to note that in cybersecurity multiple shortage

39、s can manifest simultaneously and in an interconnected manner.For instance,recent graduates may possess the right skills but lack real-life experience.On the other hand,experienced professionals may lack skills because many organizations struggle to invest in upskilling initiatives.Finally,qualified

40、 professionals with the right skills and experience tend to seek higher salaries,and organizations may find themselves experiencing a workforce shortage simply because they cannot afford to hire the talent.Adopters and enablersThe cybersecurity workforce landscape is multifaceted and involves a dive

41、rse array of actors forming a dynamic and interconnected network dedicated to securing an increasingly digitalized world.At the forefront are adopters of the CTF.In essence,any public or private organization facing a shortage of cybersecurity talent can be an adopter of the CTF.More specifically,ado

42、pters acknowledge that attracting,educating,recruiting and retaining talent is a strategic imperative that demands actionable approaches.In parallel,certain adopters may also choose to play the role of an enabler,acting as catalysts for the successful implementation and continuous improvement of the

43、 CTF.Enablers possess specialized knowledge,resources and tools that can help navigate the complexities of cybersecurity talent management to yield tangible results.Enablers include:Government entities:Responsible for defining and setting policies and regulations in cybersecurity workforce developme

44、nt according to supply and demand,government entities may also provide funding,grants and resources for cybersecurity training programmes and initiatives.Relevant examples of government entities include national cybersecurity bodies,ministries of education,ministries of information and technology an

45、d ministries of labour and employment.Private sector:The private sector,which is usually the biggest employer of cybersecurity professionals,plays a critical role in enabling cyber talent development by supporting and promoting training programmes and offering a diverse range of avenues for practica

46、l development of competencies through internships and apprenticeships.International/regional organizations and development agencies:Organizations such as the European Union,the International Telecommunication Union,the Organization of American States,the World Bank and the United Nations help build

47、a cyber-savvy workforce through a number of activities,including shaping policies,facilitating capacity-building programmes and providing technical and financial assistance.Educational institutions:Formal education on cybersecurity occurs in a systematic,structured environment and comprises primary,

48、secondary and tertiary levels.Non-formal training consists of programmes and courses designed to provide learners with cybersecurity skills,knowledge and competencies outside the formal education system,including community education,boot camps and hands-on competitions as well as professional develo

49、pment courses.Civil society:Civil society organizations enable the development of a cybersecurity workforce by providing affordable and accessible education and training,supporting under-represented groups such as women and youth through mentorship opportunities,hosting networking events and advocat

50、ing for supportive policies.The synergy between adopters and enablers of the CTF forms the cornerstone of a comprehensive approach to cybersecurity workforce development.The cybersecurity workforce landscape is multifaceted and involves a diverse array of actors forming a dynamic and interconnected

51、network dedicated to securing an increasingly digitalized world.Four priority areasTo address the different types of shortages comprehensively and to build sustainable cybersecurity talent pipelines,it is imperative to identify and address the underlying reasons contributing to the broader cybersecu

52、rity workforce gap.The World Economic Forums Bridging the Cyber Skills Gap initiative brings together more than 50 global public and private organizations committed to building sustainable cybersecurity talent pipelines.Complementary to and in alignment with existing World Economic Forum efforts on

53、skills,including the Reskilling Revolution and Skills-First,17 the initiative has identified the following four priority areas central to the CTF:Attracting talent into cybersecurity Educating and training cybersecurity professionals Recruiting the right cybersecurity talent Retaining cybersecurity

54、professionalsIt is important to note that the four priority areas should not be viewed in isolation but as interconnected components of a comprehensive cybersecurity talent-management approach.Government entitiesPrivate sectorEducational institutionsCivil societyInternational and regional organizati

55、ons and development agenciesAdopters and enablersGovernment entities,such as national cybersecurity bodies and ministries,define cybersecurity policies,provide funding and resources for training programmes,etc.In addition to attracting and recruiting cybersecurity talent,the private sector provides

56、training and development programmes.International bodies such as the EU,ITU,OAS,World Bank and UN aid in cyber workforce development through policy-making,capacity-building and financial support.Formal and informal educational institutions provide relevant learning programmes and practical experienc

57、e on cybersecurity.Civil society organizations enable cybersecurity workforce development by providing education and training,supporting under-represented groups,hosting networking events and advocating for supportive policies.Enablers of the Cybersecurity Talent FrameworkFIGURE 1Strategic Cybersecu

58、rity Talent Framework6 6Strategic Cybersecurity Talent Framework7Attracting talent into cybersecurityDespite the fact that cybersecurity careers tend to be well paid,purposeful and offer opportunities for career development,the industry struggles to attract talent.A lack of understanding of what cyb

59、ersecurity professionals do in their daily work,coupled with insufficient awareness of how to enter the cybersecurity sector and what career opportunities may be available,discourages individuals from pursuing a career in cybersecurity.Moreover,a lack of diversity(which makes the talent pool of avai

60、lable workers smaller than it need be),fierce competition for niche talent and the evolving job demands exacerbate organizations difficulties in attracting skilled talent.What measures could be taken to attract cybersecurity talent?Educating and training cybersecurity professionalsIrrespective of wh

61、ether they are intended for primary-or secondary-school students,university students or professionals,educational programmes on cybersecurity face numerous challenges,including outdated and misaligned curricula,a shortage of qualified instructors and a lack of structured mentorship programmes.Such s

62、etbacks are exacerbated even further by the frequent demand for expensive cybersecurity degrees and certifications with varying levels of recognition and relevance.The limited supply of training that recognizes the diversity of learners needs,backgrounds and learning preferences also hinders the eff

63、ectiveness of cybersecurity education.How can cybersecurity education be improved to equip students and professionals effectively with essential skills?Cybersecurity Talent FrameworkRecruiting the right cybersecurity talentRetaining cybersecurity professionalsAttracting talent into cybersecurityEduc

64、ating and training cybersecurity professionalsVisual representation of the Cybersecurity Talent FrameworkFIGURE 2 The four priority areas should not be viewed in isolation but as interconnected components of a comprehensive cybersecurity talent-management approach.Strategic Cybersecurity Talent Fram

65、ework8Recruiting the right cybersecurity talentWhile many cyber skills are transferable,employers demand for formal cybersecurity education creates a barrier to entry.In addition,many potential(entry-level)candidates are discouraged from applying for cybersecurity roles due to the extensive requirem

66、ents listed in job descriptions,including certifications and several years of experience.One of the underlying reasons for such unrealistic and demanding requirements is because HR departments often do not understand the jobs for which they are recruiting and do not speak the language of cybersecuri

67、ty.How can organizations rethink recruitment and talent-sourcing practices?Retaining cybersecurity professionalsContinued stress,fatigue and pressure experienced by cyber professionals result in high employee attrition rates.Another factor that leads to short tenures within cybersecurity is a lack o

68、f appreciation of and recognition for cybersecurity staff.Sometimes individuals leave their cybersecurity roles for other internal opportunities,seeking a change in responsibilities,while others quit the organization altogether.The departure of cybersecurity experts not only has financial implicatio

69、ns for organizations as they try to replace talent but also contributes to the loss of invaluable institutional knowledge and can have implications for the security posture of affected organizations.How can organizations create incentives for talent and retain their staff?Strategic Cybersecurity Tal

70、ent Framework9Attracting talent into cybersecurity1Cybersecurity professionals have a meaningful impact on the digital world,protecting it from cyberthreats.Yet despite the fact that this is valuable work with major benefits for wider society,the industry struggles to attract talent.A number of reas

71、ons contribute to this difficulty,including the flawed perception that cybersecurity roles are highly technical.Moreover,about 85%of cybersecurity professionals believe that individuals are often discouraged from pursuing a career in the sector because they lack insights into the fields variety of p

72、otential roles and opportunities for upward mobility.18 The challenge is also visible at an organizational level.With an estimated 78%of organizations reporting that they do not have the in-house skills to fully achieve their cybersecurity objectives,19 talent attraction becomes increasingly difficu

73、lt,with organizations irrespective of their size,industry or geography competing for mission-driven professionals who care about creating better outcomes for their organizations and broader communities.1.1 Key challenges that organizations face when attracting cyber talentThe increasingly complex cy

74、bersecurity landscape demands both individuals with highly technical skills to navigate intricate systems and networks and others with non-technical skills such as risk management and policy development to address strategic cybersecurity challenges.Many organizations seeking to attract cybersecurity

75、 talent struggle to:Compete with other organizations in terms of proposed salaries and benefits,especially in the age of remote working,which gives them wider options.This challenge may be experienced particularly by SMEs,public organizations in the Global South and highly regulated industries such

76、as finance and healthcare.Evaluate the educational qualifications of applicants due to a lack of standardized education pathways.Craft precise job descriptions as HR teams may have limited abilities to translate technical requirements into appealing narratives.Moreover,hiring managers within cyberse

77、curity departments often struggle to communicate desired skills and competencies in non-technical language.Manage the expectations of early-career talent in terms of promotions,work location and so forth.Find highly experienced cybersecurity professionals and specialized talent in emerging technolog

78、ies.Recognize the need for a broader spectrum of cybersecurity talent,beyond highly specialized experts,by acknowledging the critical role of technicians who perform essential operational and intermediate tasks.Integrate diversity and inclusion due to insufficient outreach efforts targeting under-re

79、presented groups(e.g.lack of gender-sensitive language in job descriptions),inadequate representation of diversity in leadership positions,insufficient support for worklife balance,language barriers and so forth.Strategic Cybersecurity Talent Framework10Approaches to attracting talent should:Be flex

80、ible and adaptable to reflect the rapidly evolving landscape of threats,technologies and skill requirements.Make the most of the corporate brand and reputation based on values and commitment to cybersecurity excellence.Prioritize diversity and inclusion by setting diversity goals as well as demonstr

81、ating and highlighting commitment to inclusion at all levels of the organization.Incorporate partnerships with groups or institutions working with under-represented stakeholder groups in cybersecurity,such as women in cyber,refugees and military veterans.By broadening outreach efforts and promoting

82、inclusive practices,organizations can tap into a more diverse talent pool through recruiting outside of traditional computer science graduate cohorts,enhancing innovation and problem-solving capabilities within their cybersecurity teams.Offer competitive salaries and comprehensive benefits packages

83、including healthcare cover,onsite childcare and hybrid working options to access a wider talent pool and promote worklife balance.Highlight learning and career-development opportunities within the organization.By offering professional development programmes,mentorship initiatives and opportunities f

84、or advancement,organizations can demonstrate their commitment to nurturing talent and developing long-term career growth in cybersecurity.Focus on developing in-house talent by investing in training,upskilling and promotion from within to cultivate a strong pipeline of cybersecurity professionals wh

85、o are already familiar with the companys culture,processes and systems.This not only enhances employee loyalty and engagement but also ensures continuity and stability within the cybersecurity workforce.1.2 Consequences of failing to attract talent1.3 Approaches to attracting talent The World Econom

86、ic Forums Future of Jobs Report 2023 found that in the next five years the inability to attract talent will constitute one of the most important barriers to industry transformation.20 In cybersecurity,failure to attract talent can result in several consequences for organizations,including:Overstretc

87、hed staff who are unable to focus on their respective roles and professional growth.This,in turn,can decrease an individuals ability to perform and meet goals and objectives.In the long run,overstretched staff can lead to reduced innovation and delays in development,production and launch of products

88、 and services.Difficulty in implementing cybersecurity regulations and meeting compliance requirements.Inadequate prioritization and diversion of attention away from essential cybersecurity measures and investments.Financial losses due to a lack of sufficient cybersecurity personnel available for mo

89、nitoring,responding to and mitigating the consequences of cybersecurity incidents.Reputational damage for organizations unable to hire the right talent to respond to emerging cybersecurity threats.To tackle the previously mentioned challenges and mitigate the negative effects of the failure to attra

90、ct talent,organizations need to think carefully about how to equip themselves with the right cybersecurity workforce.Broadly speaking,every approach to attracting cybersecurity talent should seek to market cybersecurity as value-based work that helps protect sensitive data,intellectual property and

91、digital infrastructure,emphasizing its profound impact on wider society.Moreover,it should promote the multidisciplinary nature of cybersecurity and the ability to pursue a career in cybersecurity across different industries and contexts.While there is no“one-size-fits-all”solution,a robust approach

92、 to attracting talent should incorporate practices that help organizations identify and engage individuals who would not only fill a role but who would also stay with the organization.Characteristics of attracting talentBOX 1Strategic Cybersecurity Talent Framework11An implementation plan should:Ens

93、ure that executive leadership recognizes the critical importance of cybersecurity and is fully committed to addressing cybersecurity workforce needs.According to Fortinet research from 2023,more than 90%of boards of surveyed organizations across North America,Latin America,Europe,Middle East and Afr

94、ica and Asia-Pacific were inclined to push for adding cybersecurity headcount.21 Leadership can show commitment by prioritizing cybersecurity,providing the necessary resources and tools to cybersecurity professionals and by actively supporting efforts to attract talent within the organization.Alloca

95、te sufficient budget to the recruitment of cybersecurity professionals.To that end,organizations should research market rates to offer competitive compensation,account for recruitment costs,allocate resources for training and development programmes to upskill or reskill existing talent and collabora

96、te with finance and HR teams to align the budget with organizational constraints and strategic priorities.Use a common-language framework to enhance the precision of job descriptions and relevant required competencies for each job role to facilitate effective communication among recruiters,hiring ma

97、nagers and candidates.This framework should standardize terminology and qualifications related to cybersecurity roles,ensuring that job descriptions accurately reflect the skills and experience required for each position.Foster collaboration with academic institutions to promote cybersecurity career

98、 opportunities and attract qualified candidates.Organizations can reach out to primary and secondary schools,universities and vocational schools to communicate the demand for cybersecurity professionals,participate in career fairs and industry events,offer internships and apprenticeships and provide

99、 guest lectures or workshops to educate students about career paths in cybersecurity.Ensure HR and recruitment teams are equipped with the necessary skills and training to execute the strategy effectively.1.4 Implementing actionable approaches to attract talentDefining actionable approaches to attra

100、cting talent is just the tip of the iceberg.For long-term wins in cybersecurity workforce growth,predefined approaches need to be paired with an implementation plan.Features of an implementation planBOX 2Strategic Cybersecurity Talent Framework12Educating and training cybersecurity professionals2Cyb

101、ersecurity education is a very broad discipline that encompasses a wide range of actors contributing to the skilling and training of the cybersecurity workforce.Training in cybersecurity may begin in primary and secondary schools and continues in universities,vocational schools,online learning platf

102、orms,cybersecurity academies established by the public or private sector,on-the job training and other formal and informal educational settings.2.1 Identifying the gaps in current cybersecurity education and training programmesAt the primary-and secondary-school level,cybersecurity education is incr

103、easingly being recognized as essential in equipping students with the knowledge and skills to navigate the digital landscape safely.While some schools may offer basic courses on digital safety and security including best practices for creating strong passwords,recognizing phishing scams and protecti

104、ng personal data technical knowledge such as malware analysis and encryption often remains overlooked.A survey conducted in the US and the UK in 2023 revealed that 62%of respondents agreed that if they or their child had had a more comprehensive cybersecurity education in school they would have cons

105、idered pursuing a career in the field.22 The same survey also found that 90%of respondents believed that insufficient efforts are being made to educate students on the opportunities that exist in cybersecurity.While cybersecurity may be more integrated into university-level curricula,challenges rela

106、ted to the practical application of knowledge persist.To illustrate,at the European Union level,only 34%of cybersecurity programmes feature a compulsory internship for students.23 This lack of practical experience can make it more difficult for graduates to land a job in cybersecurity.Higher educati

107、on also performs rather poorly on professional certification,with only 23%of EU programmes preparing students for specific professional certifications.24 What is more,cybersecurity education can be unaffordable for many.Research shows that EU citizens have to pay for 71%of cybersecurity programmes a

108、t bachelor,master and postgraduate levels in order to enrol.25 Despite the fact that the informal cybersecurity education landscape is characterized by greater accessibility and flexibility,it also faces challenges of its own.With a plethora of curricula and programmes,choosing the most relevant bec

109、omes a daunting task.A closer look at cybersecurity education reveals the following:An absence of comprehensive cybersecurity curricula at primary-and secondary-school and university levels results in cybersecurity talent lacking either technical or soft skills.This ultimately results in failure to

110、adequately prepare students for the task of securing digital systems and a lack of leadership buy-in to positioning cybersecurity as a strategic imperative.Limited commitment to and funding for cybersecurity education and training hinders the development of robust programmes and limits the resources

111、 available for educators and students.A lack of practical learning opportunities limits exposure to the challenges and complexities of cybersecurity and hands-on experiences that allow the application of knowledge in real-world scenarios.Strategic Cybersecurity Talent Framework13 A shortage of quali

112、fied professionals who can effectively teach cybersecurity concepts and technologies to students in primary and secondary schools,universities and vocational schools.This lack is primarily due to the fact that cybersecurity is still a relatively nascent field.Addressing this gap is key to empowering

113、 the next generation with the necessary critical thinking and technical proficiency.Insufficient guidance about which training courses and mechanisms are best suited for different cybersecurity roles can lead to confusion and ineffective training programmes.The absence of a standardized approach to

114、cybersecurity education across institutions worldwide contributes to inconsistent learning outcomes and accreditation criteria as well as industry misalignment.This,in turn,impedes efforts to produce a cohesive workforce equipped to address the diverse and evolving challenges posed by cyberthreats.I

115、t is important to note that the question of whether cybersecurity curricula and education programmes should be standardized is a topic of debate within the industry.While some argue that a certain degree of customization is needed to reflect a given organizations culture and meet the specific needs

116、of the target group,others believe that standardization is necessary to ensure consistency and alignment with industry requirements.2.2 What should the future of cybersecurity education and training look like?The lack of adequate education and training programmes on cybersecurity can have far-reachi

117、ng impacts on organizations in diverse industries and geographies.To illustrate,a study by the Organization of American States revealed that in Latin America the lack of availability of cyber-specific educational opportunities,together with high employee attrition rates,affect the regions ability to

118、 execute other strategic goals such as economic growth,national security and infrastructure modernization.26Public and private organizations responsible in one way or another for cybersecurity education should therefore take actions to:Integrate cybersecurity education across different disciplines(e

119、.g.healthcare,law,political science and so forth).Incorporate industry-recognized international professional certifications into training programmes,culminating in certification exams that learners can take upon completion.Mobilize greater efforts to incorporate cybersecurity education in primary an

120、d secondary schools.Training on cybersecurity should be provided to all students engaging with digital technologies.Ensure cybersecurity curricula are flexible and adaptable to the changing cyber landscape.For example,they should include materials on emerging technologies such as AI.Provide continuo

121、us education opportunities for experienced professionals to stay updated on the latest trends and best practices.Aggregate freely accessible cybersecurity training resources into a structured one-stop shop where individuals interested in pursuing cybersecurity careers or cybersecurity professionals

122、can conveniently access them.Make use of gamification and immersive learning(e.g.incorporating virtual reality and augmented reality tools)in education programmes to stimulate motivation and engagement among learners.Provide specialized training on advanced technical skills,strategic thinking,risk m

123、anagement and leadership abilities for individuals aspiring to become future security leaders.Be cognisant of different learning styles and offer personalized learning experiences through adaptive learning platforms that tailor content and delivery methods based on the learners preferences and progr

124、ess.Acting on cybersecurity education and trainingBOX 3Strategic Cybersecurity Talent Framework142.3 Assessing the effectiveness of cybersecurity education and ensuring better alignment with industry demandsWith an estimated 91%of organizations willing to pay for the training and certification of th

125、eir employees,27 cybersecurity education is a priority for many organizations.That said,cybersecurity talent prefers to have a certain degree of autonomy when it comes to selecting cybersecurity training.In fact,80%of cybersecurity professionals would prefer to choose their own training programmes.2

126、8To evaluate the effectiveness of cybersecurity education and training programmes and identify areas for improvement,organizations should:Establish clear and measurable learning targets for cybersecurity education and training programmes.Implement pre-and post-education/training assessments,such as

127、open-book practical lab-based exams or projects and hackathons,to measure individual progress and identify knowledge gaps.Specific role-based assessments could be used(e.g.targeting penetration testers or incident responders)to determine competency levels and identify skill shortages.On the back of

128、such assessments,tailored education and training could be crafted.Track the number of individuals educated and successfully employed in the cybersecurity industry.This can be accomplished through the use of tools such as centralized databases and job-placement statistics as well as check-ins with st

129、udents to determine how prepared they feel for their roles.Establish a“Cyber Industry Review Board”to review and evaluate cybersecurity courses offered by universities and award a badge to ensure alignment with industry needs and standards.Conduct short-term and long-term evaluations to track the nu

130、mber of participants who transition to full-time employment following completion of cybersecurity education or training or to monitor the performance of employees based on the type of education they receive.To make sure they spot key technologies and trends,organizations should:Develop and maintain

131、a national or global repository with insights on emerging technologies and associated cybersecurity issues.This repository can serve as a centralized knowledge hub,providing up-to-date information on the latest threats and vulnerabilities.Such a repository could help ensure better alignment between

132、education programmes and the demands of the industry.Invite guest speakers from the industry to share the latest cybersecurity insights.Academic organizations should also explore partnerships with the private sector to develop cybersecurity curricula that align with industry requirements.Break down

133、training materials into smaller modules,to easily revise and update specific components as new threats emerge.Seek learner feedback to understand the scope of competencies and gain valuable insights into the effectiveness of current training programmes.Develop strong publicprivate partnerships and f

134、ocus on practical,hands-on training.Opportunities for in-person or virtual internships or apprenticeships allow learners to tackle work challenges in a managed environment.Implement a 70:20:10 learning model where 70%of the skills are gained through job projects,20%through interactions with others a

135、nd 10%through formal training.Identifying emerging technologies and trendsBOX 4To ensure that individuals are equipped with the right skill set and that cybersecurity education is current and innovative,organizations must work to proactively identify emerging technologies and cybersecurity trends.St

136、rategic Cybersecurity Talent Framework15Recruiting the right cybersecurity talent3Recruitment is essential for building a competent and skilled workforce that can contribute to the overall growth,success and sustainability of an organization.The stages of the recruitment process candidate sourcing,a

137、pplicant evaluation,interviewing and assessments,background checks,final selection and onboarding must be carried out thoroughly to recruit candidates with the right skill set and experience who demonstrate alignment with organizational culture and values.However,many employers tend to expedite recr

138、uitment processes in order to deploy new hires as soon as possible.Rushed recruitment may result in hasty decisions and,ultimately,wrong hires.In cybersecurity,recruitment is often perceived as a challenge.Research from 2023 shows that 56%of organizations struggle to recruit cybersecurity profession

139、als,29 and the underlying reasons for this include:The shortage of qualified candidates in the job market protracts the recruitment process,creating a competitive hiring landscape where organizations need to invest additional time to identify,attract and engage cybersecurity professionals.On average

140、,67%of cyber leaders state that their organizations take at least three months to fill non-entry-level positions.30 Miscommunications and misunderstanding between cybersecurity hiring managers and HR teams is a problem.Data shows that only 25%of cyber leaders feel that their HR teams understand cybe

141、rsecurity hiring needs sufficiently to properly prescreen candidates.31 The lack of diversity and inclusion exacerbates challenges for organizations in recruiting talent by narrowing the field of potential candidates.To illustrate,in the under-30 age group,women represent 26%of the cybersecurity wor

142、kforce.This number is lower for age groups 3038 and 3949,where women account for only 22%and 14%of cybersecurity professionals respectively.32 The inclusion of ethnic minorities in cybersecurity is also a concern,with the industry struggling to ensure representation of individuals from diverse backg

143、rounds.Strict organizational policies impede the hiring of cybersecurity professionals.About 45%of hiring managers state that their organizations are too reluctant to hire entry-level employees or that they rely too heavily on education/degrees when looking for cybersecurity applicants.33 The rigoro

144、us security clearances required for some cybersecurity roles due to the sensitive nature of the work are a problem.As the cybersecurity job market becomes increasingly competitive,organizations need to ensure that they have comprehensive recruitment approaches in place to help ensure better prepared

145、ness and minimize rushed hiring processes that can result in hiring mismatches.Actionable approaches on recruitment should define who,why,how and where organizations should hire.Approaches should also outline a clear career path for hired individuals.3.1 The search for cybersecurity professionalsWit

146、h the cybersecurity landscape evolving rapidly,organizations face difficulty not only in finding and employing the right talent but also in foreseeing future trends and shifts that may affect demand for organizational talent.Before embarking on the quest for cybersecurity talent,organizations should

147、:Identify which technical and soft skills and experience are essential for their respective contexts and based on the current cybersecurity landscape.Strategic Cybersecurity Talent Framework16 Anticipate which skills and experience will be needed in the future as the cybersecurity landscape evolves.

148、Organizations can make use of industry assessments and reports that track the evolution of the cybersecurity landscape to do this.When identifying skills,attention should be paid to those that are must-have and those that are simply nice-to-have.In general,organizations should avoid demanding skills

149、 unrelated to the role,which can lead them to recruit candidates who are not the best fit for the job.Similarly,organizations should refrain from requiring credentials,including degrees or certifications,that do not match the experience and hiring level of the role for which they are recruiting,as d

150、oing so can limit the pool of qualified candidates and may result in them overlooking highly skilled individuals.These considerations can help in crafting more realistic job descriptions,ultimately ensuring that there is a common language when discussing the requirements for the role.Once they have

151、mapped the needed skills and experience,organizations should:Assess their current cybersecurity workforce and evaluate the skills and capabilities of existing employees to identify any gaps or areas for improvement.HR and the cybersecurity team should work together to determine the top skills in whi

152、ch they should invest.Make use of cybersecurity skills frameworks the Workforce Framework for Cybersecurity(NICE Framework),the European Cybersecurity Skills Framework(ECSF),the SFIA Framework for Cybersecurity Skills,the Operational Technology Cybersecurity Competency Framework(OTCCF),for example t

153、o pinpoint the specific skills,competencies and knowledge needed for prioritized cybersecurity jobs and roles.To optimize the recruitment process further,organizations should also assess which specific skills and competencies can be acquired in-house and which cybersecurity roles require external hi

154、ring.Organizations can often hire internally for non-technical roles such as governance,risk and compliance,as well as cybersecurity awareness and training specialists.These roles can be filled by individuals within the organization who have a good existing knowledge of company policies,procedures a

155、nd culture.On the other hand,for technical and specialized roles,it may be more appropriate to hire externals who have experience in dealing with complex cybersecurity incidents and can provide valuable insights and support to the organization.Even though finding external hires can be advantageous f

156、or introducing new perspectives and diversifying the available skill set across the organization,knowing where and how to look for talent can be an overwhelming task.There are several avenues that organizations can pursue to source candidates:Online employment platforms can be used to find a broad r

157、ange of candidates for cybersecurity roles and positions.Head-hunters and recruitment agencies can help identify passive candidates those who arent actively looking for a new job and help organizations hire high-quality candidates.Cybersecurity conferences and events allow organizations to recruit p

158、rofessionals already engaged in the field.Hackathons and capture-the-flag events(cybersecurity competitions that challenge participants to find and exploit vulnerabilities)can be used by recruiters to identify and potentially hire individuals with the right skill set.Referral programmes enable organ

159、izations to capitalize on the professional network of their employees and hire qualified like-minded candidates seeking opportunities in cybersecurity.Networking groups dedicated to specific communities(women or military veterans,for example)can provide access to skilled candidates with non-traditio

160、nal profiles.To build a sustainable cybersecurity talent pipeline,organizations should seek out candidates who have the potential to learn quickly and demonstrate a growth mindset.Moreover,when searching for talent,organizations should consider diversity and inclusion(for gender,race and neurodivers

161、ity among others)and integrate them into their recruitment efforts.By embracing diversity,whether through the use of inclusive language in job advertisements,practising blind hiring or ensuring that hiring managers are reflective of diversity and trained in unconscious bias,organizations can tap int

162、o a broader talent pool.EU-based research also shows that employing women in STEM roles could improve the EUs GDP per capita by between 2.2%and 3%by 2050.34 When identifying skills,attention should be paid to those that are must-have and those that are simply nice-to-have.Strategic Cybersecurity Tal

163、ent Framework17Cybersecurity is often misunderstood as a discipline,and many tend to regard it solely as a technical field.From the recruitment perspective,this misperception can result in inaccurate assessments of the required skills and experience.According to a 2021 survey,35 29%of cyber leaders

164、noted that HR departments at their organizations likely do not understand the skills necessary to work in cybersecurity and consequently exclude strong job candidates.Moreover,25%of surveyed cyber leaders also find that job postings at their organization tend to be unrealistic and demand too much in

165、 the way of experience,certifications and specific technical skills.3.2 Actionable approaches for evaluation and validation Evaluation of know-how is a critical aspect that involves a thorough assessment of practical skills,hands-on experience and the ability to apply knowledge in the real world.In

166、cybersecurity,a great deal of attention is paid to technical skills such as network security,penetration testing,encryption,incident response and so forth that allow cybersecurity professionals to defend against cyberthreats and secure digital assets.Cybersecurity is often misunderstood as a discipl

167、ine,and many tend to regard it solely as a technical field.To tackle misperceptions,organizations should:Create a recruiter toolkit with key messages and an employee value proposition(EVP).Such toolkits can provide guidance(for screening and interviewing,for example)on how to find the right people f

168、or cybersecurity roles.Build relationships and direct communication channels between recruiters and hiring managers to ensure a better understanding of the role.Involve cybersecurity and HR teams in the development of job descriptions,skills specifications and qualification/certification requirement

169、s to ensure that the job prerequisites and expectations are accurately represented.Provide foundational cybersecurity training(e.g.workshops)for HR professionals involved in the hiring of cybersecurity professionals.Learning opportunities can help HR understand the industry better as well as the ski

170、lls and qualifications required for different roles.Ultimately,greater awareness of cybersecurity can allow HR teams to find candidates who match the requirements.Update traditional HR processes and requirements that may not be necessary or relevant in the cybersecurity field for example,by opening

171、up internship opportunities for high-school students rather than just university graduates.Develop a cybersecurity culture across the organization by building awareness about the potential threats and highlighting the importance of cybersecurity in all aspects of the business.This will help HR teams

172、 understand the significance of cybersecurity roles and the need to prioritize them in recruitment efforts.To evaluate technical skills,recruiters and hiring managers can:Make use of scenarios,cyber ranges and other immersive simulations.For candidates who may not have sufficient experience in a spe

173、cific domain(IT graduates,for example),case studies or scenarios can be a good way of assessing technical abilities.These scenarios can be completed by candidates in their own time before an interview and can help candidates demonstrate their thought processes as well as practical skills while solvi

174、ng real-world cybersecurity problems.Request evidence of participation in technical competitions or challenges related to the field.Such evidence can help gauge candidates levels of knowledge and expertise.Ask technical questions in interviews to determine whether candidates have the Addressing misp

175、erceptionsTechnical and non-technical skillsBOX 5BOX 6Strategic Cybersecurity Talent Framework18necessary expertise or simply an interest in cybersecurity.Technical questions should be asked in the context of previous experience and responsibilities.Look for or request industry certifications thatca

176、n demonstrate proficiency in specific areasof cybersecurity.While technical skills are important in cybersecurity,it is also crucial to consider other non-technical skills,such as communication skills,problem-solving abilities and teamwork.Hiring candidates solely based on their technical skills may

177、 overlook individuals who possess strong soft skills.Combined with technical skills,non-technical competencies contribute to a well-rounded cybersecurity workforce.To assess non-technical skills,recruiters and hiring managers can:Conduct psychological assessments toevaluate candidates personality tr

178、aits andleadership skills.While these assessmentsare commonly used for candidates fillingmanagerial positions,they can also providevaluable insights into a candidates suitabilityfor other cybersecurity roles.This is becausesuch assessments can help determine if acandidate has the necessary qualities

179、,such asself-management and adaptability,to thrive inthe field.Ask competency-based interview questionsabout previous projects and how theirbehaviour and actions contributed to thesuccess(or not)of the projects.Suchquestions allow recruiters to assessproblem-solving abilities,decision-makingskills a

180、nd the ability to work effectivelyin a team.Moreover,by delving intopast experiences,employers can gaininsights into candidates critical thinking,communication and collaboration skills.Request writing samples to evaluate writtencommunication skills,attention to detail andability to articulate comple

181、x ideas.These arecrucial for cybersecurity roles in which strongcommunication skills are desired.Make use of scenarios to also assesscandidates critical-thinking skills,decision-making abilities and problem-solvingapproaches in real-world situations.Byevaluating responses,recruiters can gaugetheir a

182、bility to analyse risks,make soundjudgements and handle challenging situations.Have candidates deliver short presentationsto showcase their research skills and ability toanswer unexpected questions as well as theirconfidence in presenting information.Technical and non-technical skills(continued)BOX

183、6Strategic Cybersecurity Talent Framework193.3 Is the skills-first approach applicable to cybersecurity?Today,many cybersecurity jobs still require a university degree.A survey from 2022 found that 71%of respondents from Africa required a university degree to obtain a job in cybersecurity.36 In Asia

184、 and Latin America,68%and 61%of respondents confirmed the same requirement.37The situation is somewhat different in other regions of the world.For example,in Europe and North America,45%and 49%of surveyed individuals respectively noted that a university degree was a prerequisite for a placement in c

185、ybersecurity.38 The demand for a university degree was the lowest in Oceania,where only 27%of respondents stated that a university degree was required by the employer to obtain a job in the cybersecurity sector.39 Such a trend could be explained by increasing recognition that cybersecurity professio

186、nals must continuously adapt to emerging risks and acquire hands-on knowledge that extends beyond the confines of a formal degree in computer science,software engineering or information technology.Put differently,practitioners in the field can emerge from unconventional paths,including non-academic

187、courses,self-teaching and certifications that take a fraction of the time and financial investment to complete compared to a formal degree.Some 56%of cybersecurity professionals believe that a degree is not needed for a successful career in cybersecurity.40 The World Economic Forum report Putting Sk

188、ills First:A Framework for Action asserts that by focusing directly on skills that individuals actually have rather than on how they were acquired organizations can improve economic opportunities and pathways to good jobs for many more people than traditional approaches have done.41 The study conclu

189、des that by prioritizing a skills-first approach,more than 100 million people across 18 different countries could be added to the global talent pool spanning businesses and industries.In cybersecurity,the skills-first approach emerges as a compelling solution to the shortage of available talent.Orga

190、nizations can implement this approach by:Accepting certifications,microcredentials and other evidence of knowledge(such as participation in capture-the-flag competitions)that can showcase a candidates skills and identify areas where they need further development.Encouraging job rotation for employee

191、s with a passion for technical domains in order to increase exposure and facilitate thedevelopment of expertise.Decentralizing security responsibilities and involving employees from different backgrounds and departments.Introducing competitions and challenges,such as hackathons,helps in identifying

192、and nurturing talent from within the organization.It also allows organizations to bridge the gap between employees who may not traditionally work together,developing a culture of teamwork and shared responsibility.Cybersecurity professionals must continuously adapt to emerging risks and acquire hand

193、s-on knowledge that extends beyond the confines of a formal degree in computer science,software engineering or information technology.Strategic Cybersecurity Talent Framework20Retaining cybersecurity professionals4From the perspective of cybersecurity,employee retention is an issue across most roles

194、.Employee retention refers to an organizations ability to keep productive and talented workers engaged and motivated to stay.This often involves efforts to reduce turnover by creating a positive work environment,offering opportunities for growth and addressing factors that make employees seek better

195、 opportunities elsewhere.In cybersecurity,some research shows that the average tenure of the chief information security officer(CISO)is 18 months,which is short compared to that of other executives.42 Similarly,56%of cybersecurity leaders have difficulty retaining qualified cybersecurity professiona

196、ls,43 and nearly half of cybersecurity leaders are expected to change jobs by 2025.44 Cybersecurity workforce retention is particularly challenging for organizations in developing and emerging regions such as Africa,the Western Balkans and Latin America.45,46,47 Motivated by higher incomes and bette

197、r job opportunities,many skilled professionals transition from cybersecurity careers in the public sector to similar roles in private industry or decide to migrate to other countries,resulting in the cybersecurity brain drain.This not only decreases the talent pool but also contributes to a decline

198、in domestic innovation and economic contribution.4.1 The causes of cybersecurity employee turnoverIn an increasingly competitive and fast-moving cybersecurity labour market,it is critical for organizations to understand why some employees go and others stay.While individual motivations for departure

199、 may differ,some of the main causes for attrition among cybersecurity professionals include:Insufficient appreciation of and recognition for cybersecurity professionals,which,in turn,contributes to a decreased sense of achievement and demotivation.An unhealthy and unsupportive working culture charac

200、terized by unrealistic expectations and poor worklife balance.A study found that 99%of CISOs work extra hours every week and about one in 10 CISOs work an extra 2024 hours per week.48 Poor leadership and management,which results in disengagement,lack of connection and dissatisfaction among cybersecu

201、rity employees who seek more positive and supportive work environments.Limited organizational budgets,resulting in salary constraints in a competitive cybersecurity marketplace,which can prompt staff to seek alternative employment options that are more attractive financially.Prolonged exposure to st

202、ress,which not only results in a decline in individual performance and overall workplace happiness but can also have serious implications for employees physical and mental health,in the form of burnout.Such a demanding work environment affects the productivity of 64%of cybersecurity professionals an

203、d is also said to be responsible for nearly 30%of security breaches in organizations across the Asia-Pacific region.49,50Strategic Cybersecurity Talent Framework214.2 Understanding the impact of employee attritionIn general,high levels of employee turnover can affect organizations in various ways,in

204、cluding the loss of institutional knowledge,high replacement costs associated with recruiting new employees and rushed hiring processes.In the context of cybersecurity,employee attrition can:Delay the development and implementationof projects and stall innovation acrossthe organization.Contribute to

205、 the loss of intellectual propertyand confidential information,especiallyin organizations dealing with proprietarytechnologies and equipment.Increase the risk of security breaches andcompliance violations,ultimately affecting thecorporate brand and client trust.Affect team morale and performance by

206、increasingworkloads and imposing more stress and pressureon remaining cybersecurity professionals.Contribute to gaps in expertise and loss of nicheskills that are not easily replaceable.This canhave implications for an organizations abilityto perform its operations and may affect thedelivery of prod

207、ucts or services.Increase the pressure on hiring managers andHR to rush recruitment processes in order tofill vacant positions quickly and prevent anyworkflow disruptions.This can result in therecruitment of less qualified candidates whomay not be the best fit for roles.That said,it is worth highlig

208、hting that employee turnover is not always a negative occurrence and can also have a healthy impact on organizational dynamics.It can bring new talent with a different skill set,which,in turn,can provide new momentum and help promote innovation.Moreover,it can create growth opportunities for remaini

209、ng professionals,who may get a chance of promotion in order to fill existing vacancies.Strategic Cybersecurity Talent Framework224.3 Actionable approaches to boost employee retentionTo increase employee retention,organizations should cultivate a culture that inspires and motivates employees.While su

210、ch a culture should encourage high performance by setting clear expectations for staff and rewarding achievement,it should go beyond simply driving productivity.A culture that inspires and motivates people should also create an environment in which employees feel empowered and have the opportunity t

211、o nurture a sense of purpose and belonging.To boost employee retention,organizations,together with their leadership and executives,should:Assess employee skills to ensure people are placed in the job that will best maximize their skill set.This exercise can also be used to determine what additional

212、training an employee may need to thrive in their current position.Provide individual development plans rather than predefined career paths that do not account for enough flexibility and adaptability to address the different needs and aspirations of employees.Organizations should ensure clarity in te

213、rms of promotion and empower employees to craft their own job roles.Understand generational diversity and how having a wide age range might affect expectations in the workplace.Generational diversity and individuals unique perspectives,experiences and ways of working should be acknowledged in the wo

214、rking culture.Listen to employees and action the ask.Organizations should take employees concerns and ideas seriously and demonstrate how decisions are being made to address them(for example,making it clear that the workload is decreasing,stress is being reduced and so forth).Ensure managers are equ

215、ipped with soft skills on how to manage a team.Leaders should be trained to build trust,drive engagement with teams and provide psychological safety for their employees.Moreover,leadership should prioritize mindfulness and employee well-being through leading by example.Be transparent about the corpo

216、rate strategy.To have a sense of purpose and belonging,people need to have insights on the direction in which the organization is moving.Create enough resilience across different organizational teams on cybersecurity matters to reduce over-reliance on a few individuals within the cybersecurity team.

217、Make cybersecurity jobs more compelling and challenging,rather than repetitive,by allowing employees to tackle more demanding tasks and showcasing their skills and know-how.This can help boost employees sense of accomplishment and ability to make more meaningful contributions to the organization.Pro

218、vide the right resources and tools to employees for their jobs.That said,while technology can help decrease the workload,it can also be a stress factor for individuals who may struggle to adopt it.Motivate and engage cybersecurity employees by giving them visibility and recognition(perhaps through a

219、cknowledgement programmes and/or awards or similar)for their efforts.Create an engaging workplace with learning opportunities on cybersecurity including networking events and gatherings to develop a sense of community.Boosting employee retentionBOX 7Strategic Cybersecurity Talent Framework23There ar

220、e a number of actions that organizations can take to promote mental health and the well-being of cybersecurity professionals in the workplace:Use a dedicated wellness app that can provide a wide range of resources such as tips for managing stress,personal resiliency strategies,wellness workshops and

221、 so forth to support employees welfare.Offer mindfulness or mindfulness-based stress reduction training(MBSR)sessions to employees to help them focus and centre.To make these accessible to all staff,various interventions and options for personalization should be provided.Create mentoring programmes

222、for junior members of staff,with senior leadership to provide guidance on how to navigate professional responsibilities and ensure a worklife balance.Encourage individuals to take regular leave and create a supportive environment that values time off.Ensure leadership leads by example and prioritize

223、s taking regular leave themselves and openly communicates about it.Offer flexible working arrangements including remote work options,flexible working hours,quiet workspaces,employee resources groups and so forth to individuals with family responsibilities,neurodiverse employees,etc.,to accommodate d

224、ifferent needs and create an environment in which professionals can thrive.Sensory assessments can help identify sensory tolerance levels and individual preferences in teams.These insights could be used to adjust working spaces and models.Open additional cybersecurity hubs to cover cybersecurity inc

225、idents occurring out of normal working hours.The hubs should be based on the“follow-the-sun model”,which allows tasks to be handled by and passed among cyber teams in different time zones.4.4 Prioritizing mental health in cybersecurity While working in cybersecurity provides numerous exciting opport

226、unities,a survey found that 67%of cybersecurity professionals would not recommend a career in the industry.51 Long working hours are often cited as the main cause for employee dissatisfaction.In addition,the high-stress environment and constant demand for vigilance can take a toll on the mental heal

227、th of cybersecurity professionals.Data shows that two-thirds of cybersecurity professionals experience significant levels of stress at work,and more than half have been prescribed medication for their mental health.52 To address mental health concerns in the workplace,executives are increasingly pri

228、oritizing the issue.A report by Deloitte found that 76%of executives agree that workforce well-being should be measured and monitored,and 83%say it should be discussed at board level.53 Looking after mental healthBOX 8Strategic Cybersecurity Talent Framework24Actionable approaches on talent retentio

229、n should encompass:A people-development toolbox that can support people on their individual development journey inside the organization.The toolbox should provide individuals with information about the best-suited jobs,most appropriate working environment,their strengths,what is needed for which job

230、s,training programmes,mentorship availabilities and so forth.A well-designed onboarding process that provides employees with the right information and tools to navigate the first few days and months in the new role.Opportunities for employees to change roles within cybersecurity,for example,from inc

231、ident response to threat intelligence.Internal internship opportunities that enable employees to explore new roles and develop skills and experience without leaving the organization.Such opportunities can facilitate knowledge transfer but also help preserve institutional know-how and ensure a smooth

232、 transition of responsibilities when employees retire or move on to other roles.Executive commitment to well-being to set the tone from the top that the organization cares about its employees as individuals and not just as workers.This,in turn,can help develop a sense of trust and loyalty among empl

233、oyees,as they feel valued and supported by the leadership.Opportunities for employees to engage in fun activities,such as social gatherings and team-building events,to strengthen relationships among team members and improve engagement but also allow employees to unwind and recharge,ultimately improv

234、ing team dynamics and reducing stress.Mechanisms to monitor progress and make adjustments to address any gaps or challenges.Organizations should make use of employee feedback mechanisms including pulse surveys,town hall meetings,one-on-one discussions to gather insights into the effectiveness of ret

235、ention efforts.Features of talent retentionBOX 94.5 Tactics for talent retentionIt is important to note that talent retention is not the sole responsibility of HR departments,but is a collective effort of various stakeholders from within the organization,including employees,managers and executive le

236、adership.While approaches to talent retention may need to be tailored to the specific needs and circumstances of organizations(e.g.multinational corporations,SMEs),they should incorporate features that can help organizations build a loyal and committed workforce motivated to contribute to the delive

237、ry of organizational goals and objectives.Strategic Cybersecurity Talent Framework25Once approaches on talent retention have been defined,it is important to devise actions for their implementation.For example:Conduct regular happiness surveys.These can provide indications of employee satisfaction an

238、d engagement,helping organizations to track trends over time and make informed decisions accordingly.Organizations should use such surveys to understand why talent is staying and how individuals are evolving in their roles.Allowing cybersecurity professionals to voice their opinions and share ideas

239、about new product ideas also helps develop an open and collaborative environment.Gather and analyse data from exit interviews.These give organizations an opportunity to identify reasons why individuals have chosen to leave as well as areas for improvement.Communicate the importance of talent retenti

240、on as well as its potential impact on organizational success.In the development phase,organizations should solicit feedback and input from employees to ensure the approach is aligned with their needs and preferences.Talent-retention strategies should be communicated to all employees to ensure clear

241、understanding and buy-in across all levels of the organization,including the executive leadership.Develop and roll out related talent-retention initiatives,such as employee wellness programmes,team-building activities and performance bonuses.That said,such initiatives cannot be delivered without the

242、 right resources and budget in place.Stay informed about industry best practices and emerging trends in talent retention,which can then be incorporated into the approach.Driving actionBOX 10Finally,the approaches should be flexible enough to adapt to changing workforce dynamics and employee feedback

243、.Strategic Cybersecurity Talent Framework26ConclusionLeft untackled,the cybersecurity workforce shortage could have cascading implications for global security,economic stability and technological innovation.It is imperative that decision-makers in public and private organizations collaborate in effo

244、rts to inspire the next generation of cyber defenders and remove entry barriers for individuals aspiring to pursue a career in the field.While striving to create a positive work environment,organizations should invest in education and training programmes,promote diversity in the cybersecurity workfo

245、rce and provide professional development opportunities for existing staff.Moreover,as the digital landscape continues to evolve,mapping the Cybersecurity Talent Framework(CTF)against emerging technologies,such as generative AI,becomes essential in ensuring its relevance and adaptability.That said,th

246、is is just the beginning of the journey towards addressing the cybersecurity workforce shortage.While noting that contexts,needs and possibilities may vary across geographies and industries,organizations must take action to translate approaches defined in this CTF intopractice.Strategic Cybersecurit

247、y Talent Framework27Appendix:Case studiesAttracting talent into cybersecurityData Security Council of India:CyberShikshaaThe Data Security Council of India(DSCI),which was set up by the National Association of Software and Service Companies(NASSCOM),launched CyberShikshaa in 2018 in partnership with

248、 Microsoft to equip young female engineers across India with essential cybersecurity skills.54 Operating through classroom,blended and fully virtual modes in multiple cities and states,CyberShikshaa not only facilitates successful job placements but also narrows the diversity gap in the cybersecurit

249、y workforce.During the COVID-19 pandemic,CyberShikshaa seamlessly transitioned to an online format,expanding its reach to aspiring cybersecurity professionals even in smaller cities.Moreover,the programme has evolved to cater to diverse needs,introducing initiatives such as the“Women on Break”progra

250、mme,providing training to women professionals re-entering the data-privacy workforce after career breaks.Additionally,CyberShikshaa has extended its impact through specialized modules such as CyberShikshaa for BFSI(banking,financial services and insurance)and CyberShikshaa for AI/ML(artificial intel

251、ligence/machine learning),catering to different segments of learners and addressing the specific cybersecurity challenges faced by particular sectors.Dubai Electronic Security Center:Dubai Cyber Innovation ParkDubai Cyber Innovation Park(DCIPark),55 as the research and knowledge division of the Duba

252、i Electronic Security Center(DESC),aims to create a world-class integrated cybersecurity ecosystem,empowering the next generation of experts in cybersecurity from the public and private sectors along with academic institutions.To that end,it runs projects such as the Cyber Security Competency Framew

253、ork(Qudraat),which,among other things,maps all cybersecurity employees in the city to the framework,linking employee assessment and evaluation with training and development.Qudraat also ensures that capacity-building extends to academic institutions and maintains a balance between the citys demand a

254、nd the supply of skills.The training and upskilling initiatives are delivered through the CyberNode programme,a partnership between the government,private sector and academia,to empower cybersecurity capabilities in the city and beyond.Another DCIPark project is Emirati Capture The Flag,which aims t

255、o promote cybersecurity skills among Emirati students and youth as well as invest in their cybersecurity innovations.DCIPark also runs 100-day cybersecurity challenges during whichparticipants are required to address a given challenge by developing a working solution.At the end of the period,contest

256、ants submit their solutions to DESC.DESC has achieved a 50%reduction in time-to-fill critical cybersecurity roles and recorded a 95%increase in employee satisfaction and retention,attributed to ongoing learning opportunities.Through practical skills development,the nurturing of cybersecurity talent

257、and the creation of a pipeline for future experts,the initiatives align seamlessly with DCIPark as a scalable model,collectively contributing to the cultivation of a skilled and resilient cybersecurity workforce for Dubais digital future through internal training,external partnerships and a robust c

258、ompetency framework.Girls Who Code:Work PrepTo close the gender gap in technology,Girls Who Code is leading a movement to inspire,educate and equip students who identify as girls or non-binary individuals with the computing skills needed to pursue 21st-century opportunities.Since launching in 2012,G

259、irls Who Code has reached 580,000 students.In 2021,Girls Who Code piloted Work Prep,56 an experiential,virtual programme for college students designed to build career skills and confidence and expose students to partner company culture,opportunities and role models.The three-week programme is design

260、ed to be flexible for busy college students,featuring a combination of asynchronous activities(i.e.students working independently according to their own schedule)and synchronous work(i.e.students engaging simultaneously in real-time work).As part of the cybersecurity Work Prep,students are introduce

261、d to multiple cybersecurity roles and work together to complete the mitigation,response and recovery phases of an incident-response plan framework while also meeting cyber leaders at the partner company.As a result of the programme,the overwhelming majority of students said they were more likely to

262、pursue a career in technology and that they felt more prepared to apply for and be interviewed for technical internships and jobs.Inclusive Cyber:Jumpstarting interest and careers in cyberInclusive Cyber,57 an initiative of the World Economic Forum Global Shapers Community,58 aims to build a cyber t

263、alent pipeline as diverse as the challenges that will be faced.The initiative spans Montreal,Kigali and London and mobilizes atypical and under-represented non-STEM talent to jumpstart their cyber interest and careers.Inclusive Cyber Strategic Cybersecurity Talent Framework28does this through:1)lead

264、ing skills workshops and using a transferable skills toolkit built on the National Institute of Standards and Technology(NIST)s National Initiative for Cyber Education(NICE)framework;and 2)representing the youth voice on cyber capacity-building and with leading policy-makers,such as the UK Cyber Sec

265、urity Council and Quebecs CyberEco.At the heart of the initiative is the transferable skills toolkit,which helps individuals from disciplines including literature,fine arts and political sciences reframe and translate the value of their existing skills to best-match cybersecurity roles.Over five yea

266、rs,Inclusive Cyber has run 27 workshops and directly coached some 1,315 students on breaking into cybersecurity.These workshops took place in non-STEM faculties across leading universities,including McGill University,University of Toronto,London School of Economics,Queen Mary University of London,Ro

267、yal Holloway and University College London.In Kigali,Inclusive Cyber built a new curriculum to equip young underprivileged professionals with competitive cybersecurity and transferable skills.Institute for Security and Safety:eurobits women academyIn collaboration with the eurobits women academy(ewa

268、),59 the Institute for Security and Safety aims to inspire women to pursue a career in cybersecurity.At 11%,the proportion of women in cybersecurity in Germany is far below the international average.As part of a three-year project,the objective is to create a platform for female career changers to:P

269、rovide orientation and guidance on the careeropportunities available in cybersecurity using theirexisting strengths.Offer an in-service,modular training programmethat can run alongside their current job to helpthem acquire the most important knowledge inthe field of cybersecurity over several months

270、 andgive insights into various areas of expertise.Facilitate access to a cybersecurity network withcontacts in the industry for internship placementsand job offers.The aim is to make it easier for women to enter cybersecurity and support them in achieving their career goals.Ministry of Transport and

271、 Communications of Finland:The Cyber Citizen ProjectTo develop a common,shared model for learning cyber citizen skills across the European Union,the Finnish Ministry of Transport and Communications,with the financial support of the EU,is leading the Cyber Citizen project.60 The project features a Cy

272、ber Citizen hub,comprising a dynamic web portal with online tutorials,a cybersecurity game,quick guides and instructions,to raise awareness about the constantly evolving cyberthreat landscape.In addition to the resources,the Cyber Citizen project forges a community dedicated to cybersecurity trainin

273、g and awareness across all EU countries.Governments,NGOs,businesses and individuals,including researchers,are all invited to contribute.Siemens:CyberMinds AcademyIn response to the high demand for cybersecurity talent,Siemens has created the CyberMinds Academy to attract and nurture new talent with

274、no prior experience in cybersecurity into cybersecurity specialist roles.61 Running in two locations,in Portugal and Spain,the academy delivers a one-year training programme combining learning and practical on-the-job training.Participants also have the opportunity to work closely with cybersecurity

275、 experts and participate in a diverse cultural environment.The CyberMinds Academy not only contributes to the development and training of professionals who can bring fresh perspectives and ideas to cybersecurity but also promotes diversity and inclusion in the workforce.So far,the two CyberMinds Aca

276、demies have trained 26 participants from different backgrounds.Eight of those individuals have been hired to work in cybersecurity for Siemens.Trellix:Soulful WorkAs a cybersecurity company,Trellix aims to bring awareness to the purposeful work of cybersecurity and create pathways for under-represen

277、ted groups to fill the talent gap.Spearheading Soulful Work,Trellix fosters diversity and inclusion through partnerships and initiatives aimed at combating unconscious bias and expanding opportunities for all.62 In collaboration with Gotara,Trellix launched a programme focused on empowering women to

278、 navigate and advance their careers,addressing the challenges of gender inequality in the industry.Trellix joined forces with the Hispanic Alliance for Career Enhancement(HACE)to create a cybersecurity accelerator programme that includes a mentorship and development initiative tailored specifically

279、to Latinos,equipping them with the necessary skills to thrive in cybersecurity roles.Trellix also collaborated with the National Cybersecurity Alliance to create the Historically Black Colleges and Universities(HBCU)Cybersecurity Career Program,which actively engages in mentoring projects with the a

280、im of raising awareness of cybersecurity careers among students and providing them with the support needed to successfully navigate the job search process.Through these efforts,Trellix is working towards creating a more diverse and inclusive cybersecurity workforce.Strategic Cybersecurity Talent Fra

281、mework29Women4Cyber:Supporting the participation of women in cybersecurityWomen4Cyber,63 a non-profit European private foundation,aims to promote,encourage and support the participation of women in cybersecurity.It currently represents a community of 28 national chapters and over 60,000 followers fr

282、om across Europe.To attract women to a career in cybersecurity and address the expected skills shortage in technical,operational,managerial and leadership positions,Women4Cyber focuses primarily on facilitating access to education,providing discounts and scholarships,supporting job seekers and HR de

283、partments to increase the number of women in cybersecurity,and uses local experts to amplify its reach and develop on-the-ground activities through the national chapters.Its successful mentorship programme has helped more than 400 women so far,while scholarships and strategic partnerships are facili

284、tating womens access to cybersecurity education and certification,and the Women4Cyber job corner and network is increasing the number of female applicants for open positions across Europe.Educating and training cybersecurity professionalsAbsa Cybersecurity AcademyAbsa in South Africa established a c

285、ybersecurity academy in 2019 to address the cybersecurity skills shortage while creating job opportunities for previously disadvantaged and visually impaired learners.64To address the high youth unemployment rate in South Africa,Absa partnered with the Maharishi Invincibility Institute and the Hein

286、Wagner Academy for the Visually Impaired to develop cybersecurity skills for the academys students.Completion of the three-year programmes accredits these students with 17 international certificates,equipping them for employment in the cybersecurity job market.So far,through collaboration with the M

287、aharishi Invincibility Institute,19 students,who also completed a one-year internship,have been given permanent positions at Absa.A second cohort of 20 students is currently enrolled in the year-long internship in Absas Information and Technology Office.In 2024,the first cohort of students will grad

288、uate from the Hein Wagner Academy for the Visually Impaired.The graduation will be a first of its kind for the industry,proving that visually impaired people are well suited for the technology and cybersecurity job market and charting a course for others to follow.Cisco Networking Academy The Cisco

289、Networking Academy equips students with essential and in-demand cybersecurity,networking and digital skills.65 Since its establishment in 1997,it has trained more than 20.5 million individuals across 190 countries and continues to build on its impact with courses ranging from an introduction to cybe

290、rsecurity and ethical hacking to professional skills,which are designed to meet industry demands.The Cisco Networking Academy aims to train an additional 25 million people by the end of 2032 through its new Skills for All platform,66 featuring mobile-first gamified learning experiences and an unmatc

291、hed network of 11,700 educational institutions and organizations offering its courses.The Cisco Networking Academy also collaborates with governments worldwide to develop cybersecurity skills and talent.In alignment with the efforts of the US White House and the European Commission to increase the s

292、ize of the cyber workforce,Cisco aims to train 200,000 people in cybersecurity skills in the US and 250,000 individuals in the EU by 2025.In the first year following the announcement,Cisco has trained 51,000 individuals in the US and 87,000 individuals in the EU.Remarkably,95%of students who have co

293、mpleted certification-aligned courses attribute new job and/or educational opportunities to their participation in the programme.Cyber Security Agency of Singapore:SG Cyber TalentIn 2020,the Cyber Security Agency of Singapore(CSA)established the SG Cyber Talent initiative to nurture cybersecurity en

294、thusiasts from a young age and help professionals deepen their skills.67 Since its inception,the initiative has helped more than 22,000 individuals through cybersecurity bootcamps,mentoring,career conversion programmes and leadership education.The main programmes under SG Cyber Talent include SG Cyb

295、er Leaders,SG Cyber Women,SG Cyber Youth and SG Cyber Olympians.To illustrate the impact,as part of SG Cyber Youth,the Youth Cyber Exploration Programme(YCEP)was started in 2018 and has since trained more than 1,500 secondary-school students in basic cybersecurity knowledge through a series of bootc

296、amps and capture-the-flag competitions organized by CSA and the five local polytechnics,in collaboration with industry partners.As a step-up,the advanced YCEP is also available to students with some existing cybersecurity knowledge.The Cybersecurity Strategic Leadership Programme(CSLP),organized by

297、CSA,in collaboration with academic partners,as part of SG Cyber Leaders,aims to equip current and future generations of local cybersecurity leaders with a deep level of understanding on the key global drivers shaping cybersecurity strategies and innovation and to lead their organizations cybersecuri

298、ty functions effectively.About 50 senior cybersecurity leaders participated in the first two runs of the CSLP in 2022 and 2023,covering themes such as growing a C-suite Mindset,leading the organization and leading the ecosystem.Strategic Cybersecurity Talent Framework30The participants also embarked

299、 on an overseas immersion trip to the US and the UK to engage in deeper discussions with local cybersecurity leaders and organizations.Cybersecurity Learning HubThe Cybersecurity Learning Hub68 is an initiative designed to tackle the globally cybersecurity skills shortage and democratize access to c

300、ybersecurity career paths.Led by Salesforce with support from Fortinet,the Global Cyber Alliance and the World Economic Forum,the Cybersecurity Learning Hub features training modules on numerous topics such as cyber resilience,artificial intelligence(AI)cybersecurity and cybersecurity table-top exer

301、cises.In addition to the training modules,it also includes a growing library of career-oriented information and expert interviews intended to help learners map their own career path through a variety of in-demand cybersecurity roles.Since its launch in 2019,the Cybersecurity Learning Hub has trained

302、 more than 290,000 individuals spread across all continents.EDP Energias de Portugal:Global Black Belt ProgramTo improve the architecture and security of systems within the organization,EDP has launched the Global Black Belt Program.The programme aims to enhance employees technical skills and knowle

303、dge,enabling them to design and implement secure and robust systems.To meet its objectives,the programme covers topics such as security best practices,threat modelling and secure coding techniques.To participate in the programme,employees are asked to fill out a questionnaire to assess their level o

304、f expertise and provide suggestions for further development.The programme offers various expertise paths,such as Azure Cloud Architect Expert,AWS Cloud Architect Expert,Google Cloud Architect Expert,Human Behaviour Expert,Security Architect Expert,Governance,Risk and Compliance Expert and more.Each

305、path is structured around three levels of expertise:Global White Belt,Global Green Belt and Global Black Belt.Every level has specific requirements regarding skills,experience,certifications and recommended conferences and learning paths to help participants advance their knowledge and skills.Fortin

306、et:Security Awareness and Training ServiceTo educate schools on how to navigate the digital landscape securely,Fortinet has extended its commercial security awareness and training service at no cost to schools in countries around the world.69 Recognizing the unique educational context,the company ta

307、ilored staff training to the academic sector and hired teachers to develop a security awareness curriculum that addressed the learning needs of all students aged four to 18.The education edition was initially developed in alignment with the USs White House Cyber Education and Workforce Initiatives i

308、n 2022.The following year,the initiative expanded to include Canada,the UK,Australia and Brazil and is now available to 11.8 million education staff and 64 million students,with further plans for global outreach.In addition to its collaboration with educational institutions worldwide,in 2020,at the

309、outset of the COVID-19 pandemic,Fortinet amplified its existing efforts by offering all self-paced technical certification training at no cost,in response to the escalating threat landscape.The response was staggering,with course registrations peaking at one every seven seconds during the initial we

310、eks.KnowBe4,MiDO Technologies and the UK Foreign,Commonwealth and Development Office:MiDO Cyber AcademyTo reduce poverty and stimulate inclusive economic growth in South Africa,in March 2023 the UK Foreign,Commonwealth and Development Office(FCDO),in partnership with KnowBe4 and MiDO Technologies,es

311、tablished the MiDO Cyber Academy.70 Partly inspired by the Absa Security Academy in South Africa and aimed at underserved communities within the Western Cape,the MiDO Cyber Academy focuses on cybersecurity,critical thinking,soft skills,innovation,collaboration and personal resilience.The academy aim

312、s to bridge the digital and cyber skills divide that exists between job seekers and internships or junior positions available in the IT and cybersecurity market.The academy offers a blended-learning approach,combining e-learning with in-person facilitation,personal-resilience training,life skills,in

313、dustry exposure and mentorship.The programme lasts 10 months,targeting youths aged 18 to 24 and facilitating cohorts of up to 21 candidates,emphasizing real-world projects,candidate placement and integration into the workforce.Through industry involvement and support,such as masterclasses and hands-

314、on project work,students are exposed to real-life challenges faced by security-industry professionals with the extra benefit of building up a network of senior members in the community and potential future employers.Metabase Q:Council of Experts in Regulation and CybersecurityMetabase Q established

315、the Council of Experts in Regulation and Cybersecurity(CERC),71 a pioneering,multidisciplinary council comprising cybersecurity practitioners with a recognized trajectory from the private sector,academia and civil society.Strategic Cybersecurity Talent Framework31The CERC serves as a catalyst to pos

316、ition Mexico as a leader and benchmark in Latin America in the development of cybersecurity.Within the CERC,the education committee specifically targets United Nations Sustainable Development Goal 4,ensuring inclusive access to education and promoting learning opportunities in cybersecurity for all.

317、For example,the Digital Distance Education programme is designed to provide educational resources for children and young adults.The Digital Cyber Academy(DCA)aims to both attract skilled individuals and bridge the expertise gap in Latin America.The DCA allows students to enrol at no cost and serves

318、as a hub for acquiring technical knowledge and practical skills.The DCA has graduated five generations of students,marking a crucial milestone in preparing the next generation of cybersecurity professionals.Organization of American States:Creating a Career Path in CybersecurityBetween 2017 and 2023,

319、the Cybersecurity Program of the Inter-American Committee against Terrorism(CICTE)of the Organization of American States(OAS)with the financial support of Citi Foundation implemented a multiphased project entitled Creating a Career Path in Cybersecurity with the purpose of addressing the shortage of

320、 skilled cybersecurity professionals.72 The main goal was to equip young people with essential skills to access entry-level positions in cybersecurity,offering technical training,soft skills development and professional growth opportunities.Over six years,the project successfully trained more than 1

321、,200 individuals across a number of countries,including Argentina,Brazil,Colombia,Costa Rica,Guatemala,Mexico,Panama,Peru,Dominican Republic and Trinidad and Tobago.Its beneficiaries not only acquired technical expertise and certification but also developed crucial soft skills and secured initial jo

322、b placements in both public and private institutions.Building on the lessons learned from the implementation of this programme and considering the persistent shortage of professionals in this field,the Cybersecurity Program plans to launch a new workforce development programme in one OAS member stat

323、e in 2024.This project aims to provide a systemic approach to cyber education,with the long-term goal of increasing the supply of qualified cybersecurity professionals,offering training and employment opportunities while assisting the beneficiary country in developing a national cybersecurity educat

324、ion framework.The goal is to create a sustainable and robust pipeline of skilled professionals,contributing to the countrys cyber resilience.Saudi Arabia National Cybersecurity Authority:Saudi Cybersecurity Higher Education Framework Saudi Arabias Vision 2030 emphasizes human capital development,inc

325、luding in cybersecurity,as a core pillar of its coherent development strategy.Central to these efforts,the Saudi Arabia National Cybersecurity Authority(NCA)has introduced the Saudi Cybersecurity Higher Education Framework(SCyber-Edu).73 This framework aims to elevate cybersecurity education,alignin

326、g it with market demands and the objectives of Vision 2030.SCyber-Edu sets standards for cybersecurity education across Saudi universities,ensuring courses meet market-relevant skills and knowledge domains.The framework involves several critical components,including developing a recognition process

327、for cybersecurity degree programmes,creating incentives for universities to align their courses with SCyber-Edu standards,and establishing a database of recognized degrees to guide student selection.In 2023,SCyber-Edu had a significant impact on Saudi Arabias educational landscape.It has been adopte

328、d by 45 prestigious institutes,influencing 82 cybersecurity higher education programmes nationwide.The NCA has observed a significant increase in use of the framework by these institutions,further enhancing the quality and relevance of cybersecurity education in the country.Recruiting the right cybe

329、rsecurity talentCybersafe Foundation:CyberGirls Fellowship The CyberGirls Fellowship,74 an initiative by Cybersafe Foundation,confronts Africas cybersecurity gender disparity.While women represent half of Africas population,they account for a mere 9%of its cybersecurity workforce.The fellowship aims

330、 to change this by empowering young African women aged 1828 with cybersecurity skills and thereby promote socioeconomic growth.The fellowship programme is built on three pillars training,mentorship and placement and provides a cutting-edge training curriculum that is updated annually to meet industr

331、y demands.This curriculum offers free,high-quality cybersecurity education that combines technical and soft skills over an eight-month period.Additionally,a global mentorship pillar features a five-to-one ratio of female mentors to fellows,enhancing support and representation.The initiatives placeme

332、nt arm then assists fellows in securing their first cybersecurity roles,ensuring a smooth transition from learning to employment.Beyond technical training,the programme employs mindset-shifting tools,such as the CyberGirls mantra consisting of affirmations and positive self-talk,to overcome stereoty

333、pes and boost confidence among fellows.Strategic Cybersecurity Talent Framework32CyberGirls alumni,spread across 22 countries,often see their income increase by more than 400%within six months of landing a cybersecurity role after completing the programme.Hewlett Packard Enterprise:Cybersecurity Career Reboot ProgramThe Hewlett Packard Enterprise(HPE)Cybersecurity Career Reboot Program,75 launched