1. Key insights for building a skilled cyber security workforce
This chapter provides an overview of the report’s objectives and rationale and summarises the main takeaways. It discusses the results from the analyses of the demand for cyber security professionals in Australia, Canada, New Zealand, the United Kingdom and the United States. It also summarises the main findings from the analysis of the landscape of cyber security education and training programmes in England (the United Kingdom). It concludes with actionable policy pointers.
As economies shift to digital and online models, cyber threats can quickly outpace traditional approaches to data security and threaten governments, businesses, and individuals worldwide. In response to this trend, the demand for cyber security professionals in Australia, Canada, New Zealand, the United Kingdom and the United States has shown a very robust growth. For instance, job postings seeking cyber security professionals in 2022 were five times larger than in 2012, with a particular acceleration in the demand since the COVID-19 pandemic.
Within the cyber security profession, workers are employed in variety of roles. Cyber security architects and engineers stands at the core of the demand for cyber security professionals accounting for more than one-third of the online job postings seeking for professionals in this occupation.
The rapid adoption of new digital technologies is reshaping the skills enterprises demand from cyber security professionals. For instance, In the United States, the number of job postings mentioning virtualisation applications (software-based cyber security solutions) as a skill requirement have increase by 50 times since 2018. Similarly, the number of job postings mentioning skill requirements related to cloud computing platforms in the United Kingdom increased by 20 times relative to 2018.
Job postings for cyber security professionals typically demand three years or more of experience, leaving limited room for younger candidates to enter the profession. Policy intervention is needed to design comprehensive cyber security workforce development policies. Collaboration between the private sector, education and training providers, governments and social actors can help smooth the transition from school to work and expand the options for youth to access jobs in cyber security.
Developing education and training programmes that are well aligned with the needs of the cyber security industry is crucial. This requires engaging employers in the design and delivery of programmes and, in the case of England, further strengthening cyber apprenticeships and Skills Bootcamps.
Education and training options in the cyber security field and their associated career pathways need to be transparent and accessible. Solid careers information and guidance is needed to help individuals make informed choices and tackle stereotypes and misconceptions – which can contribute to making the cyber security workforce more diverse, including in terms of gender.
Cyber security breaches continue to significantly threaten governments, businesses and individuals worldwide. As economies shift to digital and online models, threats can quickly outpace traditional approaches to data security. From supply chain disruptions to ransomware attacks, cybercriminals have become increasingly sophisticated and the threat landscape more diverse. The estimated economic cost of information and technology asset security breaches in 2020 was a staggering USD 4-6 trillion, equivalent to about 4-6% of the global GDP (UNCDF, 2022[1]). The United Kingdom and the United States have experienced the most significant cyber attacks1 over the last two decades (Specops, 2021[2]).
A workforce shortage compounds these cyber security challenges. While the cyber security workforce has reached an all-time high, with an estimated 4.7 million professionals, a global shortage of 3.4 million workers is found in this field (ISC2, 2022[3]). The cyber security workforce is growing rapidly but still needs to catch up with the growing demand for workers in this sector. In the United States alone, there were more than 700 000 unfilled cyber security jobs in 2021 (Cybersecurity Ventures, 2021[4]). In fact, the labour shortage in the sector keeps growing: the global cyber security workforce gap has grown more than twice as strong as the workforce. The United Kingdom and Australia, together with France and Spain, are among the countries with the most substantial increase in the cyber security workforce gap between 2019 and 20212 (ISC2, 2022[3]).
The cyber security workforce faces a lack of diversity. Women represent only 24% of the global cyber security workforce (ISC2, 2022[3]). In the United Kingdom, women represent 36% of the cyber security workforce, and they are more likely than men to hold non-technical roles, such as compliance and risk assessment (NCSC & KPMG, 2021[5]). This gender gap not only highlights the need for greater equity in the industry but also presents a business imperative. By recruiting and retaining more women in the field, organisations can tap into a larger pool of potential talent and help to fill the shortage of skilled professionals in the industry.
Developing strategies and policies to prepare the workforce with the right cyber security skills is imperative, especially in the context of high cyber security workforce shortages. Cyber security professionals are crucial in safeguarding government and organisations’ operations, sensitive information and digital resources. Cyber security professionals with the right set of skills improve organisations’ capability to respond to threats affecting companies’ productivity, adaptability to hostile environments, and further technological and digital adoption (Andrews, Nicoletti and Timiliotis, 2018[6]). Organisations seek cyber security talents to make the workplace more productive, efficient, and effective.
Strengthening the cyber security workforce requires co-ordinated action by international institutions, governments, enterprises, civil society, and individuals to train the workforce with the fast-evolving skills needed. Joint efforts from the private and public sectors have been taken, for example, through the development of cyber security skills strategies and skills frameworks. For instance, the United Kingdom and the United States Governments have established national cyber security strategies to align all the relevant stakeholders, increase the safety and resiliency of countries and overcome cyber security challenges, including the cyber security skill gaps (Box 1.1). Similarly, governments have established national cyber security centres to facilitate collaborations and information-sharing on cyber security and improve cyber security capabilities. For instance, the Australian Cyber Security Centre (ASCS) leads the government’s efforts in strengthening national cyber security, including providing information and support to households and companies on becoming more resilient to cyber attacks and preparing the labour force with cyber security skills.
The speed of digital innovation and proliferation of cyber threats impact nations’ safety, prosperity and resilience, pushing governments to develop national cyber security strategies (NCSs) to overcome these fast-evolving cyber security challenges. Several multinational organisations have also affirmed the importance of adopting comprehensive NCSs. In the last three years, there has been a 50% increase in countries adopting NCSs. But despite the recent progress, 60% of least developed countries still need strategies and most developing countries that have adopted a strategy struggle to implement it due to a lack of financial and human resources (Neto, Obiso and Baayen, 2022[7]).
National authorities have highlighted the lack of cyber security professionals as a relevant issue and have recognised the need for action. For instance, the UK Government established the National Cyber Security Skill Strategy in 2018 to develop the right cyber security capability by increasing the number of cyber security professionals and providing the skills needed across the general workforce to become the most secure digital economy (DCMS, 2018[8]). Similarly, through executive orders, the US Government, has recognised the need to strengthen the cyber security workforce and has developed strategies to overcome the cyber security skill shortage. Some strategies aimed at enhancing workforce mobility, developing cyber security skills and creating organisational and technological tools to maximise the existent cyber security talent (The White House, 2019[9]). The National Initiative for Cyber security Education (NICE) framework, for instance, is a fundamental resource for developing the cyber security workforce by describing tasks, knowledge and skills necessary to perform cyber security-related tasks (NIST, 2022[10]). In 2018, Canada developed its “Vision for security prosperity in the digital age”, which includes a plan for improving cyber security knowledge and skills to prevent and overcome cyber threats (Public Safety, 2018[11]).
What this report is about
Understanding what is happening on the supply and demand side of cyber security skills is a crucial first step to tackling skill shortages in the cyber security sector. This information can help organisations and governments identify the areas where they are most vulnerable and need additional resources. The information in job postings allows to uncover trends in demand for cyber security professionals and identify the skills currently essential for creating a cyber-safe organisational environment. At the same time, studying the provision of cyber security education and training programmes provides insights into how the labour force in this field is being developed.
This report is the first of a broader project to expand the knowledge on the cyber security workforce and associated education and training provision across multiple regions and countries (see Box 1.2). Each report is divided into two parts, one focusing on the demand for cyber security professionals and one looking at the landscape of cyber security education and training programmes:
The demand-side analysis uses big data to study job postings for cyber security professionals, looking at the volume and content of the postings to uncover trends and detailed characteristics of employer demand. This first report analyses the demand for cyber security professionals in five countries: Australia, Canada, New Zealand, the United Kingdom and the United States.
The supply-side analysis zooms in on cyber security education and training programmes and the policies and strategies implemented to expand and diversify the cyber security workforce. Each report focuses on one case study country for this supply-side analysis. For this report, England (the United Kingdom) is the country selected.
As such, the objective of this first report is to provide a comparative analysis of the demand in the five selected countries, looking at the evolution and characteristics of the cyber security profession, and through the English study case, look in-depth into what types of education and training programmes can prepare workers for cyber security roles and the policies that can contribute to making the profession more attractive and diverse.
The rationale of the project
The demand for cyber security professionals has increased significantly in recent years and is expected to grow, and this trend has created shortages in labour markets in several countries. Given the high costs associated with cyber threats, policy makers and firms need detailed and timely information on the demand and supply of cyber security-related skills and learn from best practices from around the world.
This project leverages OECD-wide expertise to analyse the cyber security roles that are in demand in labour markets around the world and identify the set of skills that are currently considered to be key for creating a cyber-safe organisational environment. It also assesses how education and training systems in different countries are developing such skills. Lastly, the project also fosters an informal forum for discussion and dialogue on best practices and forecasted cyber security skill needs.
The structure of the project
The project is divided into three parts that combine big data and policy analysis to assess the demand for and supply of cyber security skills and the policies and strategies implemented to expand and diversify the cyber security workforce and overcome cyber security skill shortages. Each of the three parts is focused on different geographical areas (see Figure 1.1), covering three to five countries for the demand-side analysis and one case study country for the supply-side analysis. The analyses from the three parts will be summarised in three dedicated OECD reports (of which this one is the first).
Methodology
Using big data to understand cyber security skills demand in five countries
To analyse the demand for cyber security professionals in a timely and detailed manner, this report uses data extracted from nearly 400 million online job postings collected from the five selected countries (Australia, Canada, New Zealand, the United Kingdom and the United States). Increasingly so, research on labour market dynamics relies on real-time big data to better capture recent trends and gain insights at a more granular level than is possible with more traditional data.
In particular, this report uses this high quantity of data points to analyse the main trends in demand for cyber security professionals from January 2012 to June 2022. Moreover, it leverages the texts contained in job postings to characterise the professional profile typically requested by enterprises, including a particular focus on the skills, competencies and abilities most relevant for the cyber security profession in each country.
A case study to zoom in on strategies for cyber security education and training provision
The types of cyber security education and training programmes available and their design differ strongly between countries, as do the policies and initiatives to make these programmes accessible and attractive. To provide insights into how education and training for cyber security roles can be developed, delivered and promoted, this report focuses on one particular country – England (the United Kingdom). The purpose of presenting a dedicated case study is to provide a detailed description of programmes, policies and initiatives that could serve as inspiration for other countries developing their cyber security education and training sector. The English case looks at the landscape of cyber security programmes, focusing on professionally-oriented formal education programmes at the undergraduate level or below and non-formal programmes (e.g. bootcamps). The case study also looks into the policies and strategies aimed at expanding the cyber security workforce in England, especially those that facilitate access to cyber security education and training programmes for newcomers in the field. The case study analysis builds on national data and literature, as well as insights gathered from interviews with various key stakeholders in the English education and training and cyber security sectors.
The demand for cyber security professionals is on the rise in the five countries
The demand for cyber security professionals shows a robust and increasing trend in all countries, especially during the period following the COVID-19 pandemic. Overall, the number of online job postings (OJPs) seeking cyber security professionals in the first half of 2022 was nearly five times larger than at the beginning of 2012 and twice as large than at the end of 2019 (Figure 1.2). Consequently, the share of cyber security job adverts over the total amount of online job postings has increased in all five countries. Results also show that smaller markets for cyber security professionals, such as New Zealand, have shown more robust growth than more developed markets, such as the United States, suggesting that the cyber security demand is expanding fast across countries.
The demand for cyber security professionals is heterogeneous. Among different job roles, cyber security architects and engineers (those professionals in charge of designing and modelling security solutions) stand at the core of the demand for cyber security professionals and have recorded the highest share of new online job postings (37%), as well as the fastest growth in demand between 2012 and 2022. Cyber security analysts (who provide insights to support planning, operations and maintenance of systems security) also represent a large share of OJPs in the cyber security landscape (26%), with robust growth in Australia and New Zealand.
Note: The average index for the five countries is weighted by each country’s share in the total number of monthly cyber security OJPs. Data for NZL starts in January 2013. A polynomial trend line is included to show smoother results (solid lines).
Source: OECD calculations based on Lightcast data.
Most of the OJPs in the cyber security job market are for jobs in main urban areas where major enterprises and government headquarters are located. In Canada, for instance, 40% of the job postings advertised between January 2012 and June 2022 were for jobs based in Toronto, followed by Ottawa accounting for only 9% of the total demand. In the United Kingdom, London accounted for 38% of job postings searching for cyber security professionals, while postings for cyber experts located in Manchester only accounted for 5% of the total OJPs. However, the geographical concentration of cyber security OJPs in those areas has recently decreased. London’s share, for instance, decreased 10 percentage points from 41% in 2012 to 31% in 2021. This trend suggests that, as the digital transformation spreads to diverse economic activities throughout different geographies, the demand for cyber security professionals is also spreading out geographically.
An analysis of enterprises’ requirements shows that a typical candidate for a cyber security job needs a bachelor’s degree and more than three years of experience. As such, data from OJPs suggest little space for younger and more inexperienced profiles to find cyber security positions. This is likely to contribute to broadening the workforce gap in the sector and policy initiatives are needed to boost the school-to-work transition of youth moving into cyber security roles.
The rapid adoption of new digital technologies is reshaping the skills enterprises demand from cyber security professionals. Data for 2021 indicates that, among others, the knowledge of cyber security-related frameworks (i.e. resources for the design and implementation of security systems) and “threat assessment” skills are highly relevant for the profession. Over time, new technologies are emerging, and they are increasingly mentioned as key requirements in OJPs for cyber security professionals. For example, in the period between 2019 and 2022, the mentions of cloud computing platforms in cyber security job postings have increased 60 times compared to the period in between 2012 and 2018. Similarly, the demand for specialised software for application virtualisation increased 30 times over the same time span. The demand for technologies in the cyber security space is expected to keep changing as new digital resources, and threats, keep emerging.
The provision of cyber security education and training programmes in England is diverse
On the demand side, the case study for England shows that there can be various education and training pathways into cyber security roles, with opportunities for progression (see Figure 1.3). The English further and higher education system provides multiple cyber security training programmes that lead to formal qualifications, including at the short-cycle tertiary level (or higher technical education) and bachelor’s level. Enrolment in cyber security programmes in further and higher has been on the rise, but still remains relatively limited. Learners can also develop basic cyber security skills at lower levels of education, including through cyber security modules integrated into broader programmes. These education and training opportunities include classroom-based programmes, as well as apprenticeship opportunities in cyber security at various education levels – allowing learners to develop skills on the job.
Note: Formal education, which leads to formal qualifications such as bachelor’s degrees, includes courses and programmes offered by Further Education (FE) and Higher Education (HE) institutions. For this study, programmes at the Master’s level and above are excluded from the analysis. Non-formal education and training include courses outside the formal education system and not leading to formal qualifications (but awarding certificates in some cases), such as bootcamps. HTQs refer to Higher Technical Qualifications.
Complementing these formal cyber security qualifications, young people and adults in England can also participate in non-formal training. Such non-formal training is usually shorter and more flexible than programmes in the formal system. Bootcamps are one type of non-formal training available in the cyber security field that the Department for Education (DfE) and private training providers can offer. Particularly, the DfE offers Skills Bootcamps programmes fully funded by the government. The Skills Bootcamps are flexible courses of up to 16 weeks to build sector-specific skills and fast-track a job interview with a local employer. In 2022, 890 digital Skills Bootcamps have been offered of which 77 were in cyber security, with further expansion planned in the coming years. While bootcamps are typically too short to prepare someone without a background in information technology to become a fully skilled cyber security professional, they provide opportunities for those with some relevant experience to specialise in cyber security and for those without experience to take their first steps in a more extended cyber security training pathway. Multiple online courses are also part of the non-formal supply in the digital field. In cyber security, almost 6 000 courses were offered among the most popular e-learning platforms in the United Kingdom.3
Cyber security is a rapidly growing profession in England, but unfortunately, it suffers from a lack of diversity. Only 22% of the cyber security workforce is made up of women, dropping to 13% when looking at senior cyber security roles (DCMS, 2022[12]). According to data from the UK Government, only 18% of students enrolled in computer science courses at universities and colleges are women. The lack of gender diversity in cyber security can be attributed to various factors, such as a lack of female role models, unconscious bias during recruitment, and a general lack of awareness of the opportunities available in the industry. It is crucial to address this issue to ensure that the cyber security profession is more representative of the population it serves, and to benefit from the diverse perspectives and ideas that a more inclusive workforce can bring.
Multiple policies and strategies have been implemented in England to expand and diversify the cyber security workforce in an effort to attract young and adult learners from different backgrounds to the field. Efforts have been focused on providing clear information about cyber security education and training and careers and guidance on how to engage with the distinct learning pathways available to pursue a career in the field. Similarly, financial incentives and subsidies have been provided to increase participation in cyber security education and training, especially targeting the most disadvantaged young people and adults. In particular, multiple initiatives have been put in place to expand women’s representation in cyber security and address skill needs by providing learning experiences and information focused on overcoming gender stereotypes. The government has also played an essential role in facilitating the interaction between the education sector and the world of work so that the education and training provision is more aligned with the concrete needs of the cyber security sector both nationally and regionally. Initiatives have been implemented to encourage companies to offer cyber security apprenticeship opportunities and provide support in delivering them. Box 1.3 provides examples of interesting practices in England, which are further documented in Chapter 3.
Policy pointers for building a skilled cyber security workforce
Analysing the demand for cyber security professionals in Australia, Canada, New Zealand, the United Kingdom and the United States and the case study on cyber security education and training in England highlight opportunities to tackle shortages in the sector. These includes:
Providing information and guidance on cyber security careers and training
The cyber security profession has diverse roles, facing different demand and requiring different skill sets. The demand also differs between geographical areas. Moreover, as cyber threats rapidly evolve, the skills and technologies required to fulfil security needs constantly change. Employers, as well as education and training providers, need to have a good understanding of these different roles and their skill demands to reduce labour market mismatches. As such, solid skills intelligence needs to be produced and disseminated across the various labour market and education actors.
As numerous cyber security career options are available in various industries, this requires supporting students to navigate them. Effective career guidance enables people to develop informed, critical perspectives about the relationship between education and employment in the sector. This is especially relevant for newcomers in the field who may find it hard to understand the entry requirements and the competencies needed.
Overcoming barriers to expand and increase diversity in the cyber security field
Raising awareness of cyber security careers should start early to create a pipeline of talent and break possible misconceptions and stereotypes about the sector. Particular efforts are needed to diversify the workforce. Career guidance is crucial, as are programmes targeting underrepresented groups that incorporate particular efforts to tackle barriers commonly faced.
Making cyber security education and training more attractive and accessible for women can help address their significant underrepresentation in the industry and simultaneously fill the workforce needed. Role models in industry and policy making can contribute to breaking gender stereotypes and broaden perspectives and aspirations of girls and women.
Cyber security training should be available at various levels, consistent with the multiple existing roles. Formal and non-formal programmes can complement each other. Moreover, clear progression pathways between the programmes should exist.
The demand for cyber security professionals is no longer concentrated in a few hubs, and increasingly employers outside of these usual hubs are hiring cyber security professionals. Young people and adults should have easy access to cyber security education and training – irrespective of where they live. Online training programmes are valuable in this regard.
Developing cyber security technical skills demands strong foundations in digital skills. This requires that young people and adults, especially the most disadvantaged, should have opportunities to develop essential digital skills before engaging in any cyber security-specific training.
Skill requirements in cyber security evolve rapidly, and formal education may struggle to provide individuals with the sector-specific skills required in a changing labour market. Skill-based recruitment (which promotes hiring workers based on skills instead of degree requirements) can reduce entry barriers for younger and less experienced individuals while closing the workforce gap in the sector.
Boosting employer participation in the design and delivery of cyber security programmes
Employer engagement in the design of cyber security programmes is crucial to ensure that they reflect the needs of the labour market. In order to expand provision and respond to cyber security skills needs beyond the technology sector, stronger links between the education sector and firms in non-technological industries such as financial services and advanced manufacturing should be developed – including with small and medium-sized enterprises.
Apprenticeship can be a valuable training form in this sector, especially when apprenticeship standards are co-designed with employers and the quality of work-based learning is guaranteed. Apprenticeships can be delivered at various levels, aligned with the diversity in cyber security roles.
Short non-formal programmes that are designed with employers have the ability to respond quickly to changing skill needs in the cyber security sector. However, such short programmes might not be sufficient to develop the required knowledge and skills for specific roles. As such, to improve the relevancy of education, these programmes should be better linked to the cyber security roles they target and should exist at various levels to provide clear career pathways.
Bringing employers from different sectors and other relevant stakeholders together is key for developing cyber security skills strategies, as it helps to identify common challenges and opportunities and strengthen collaboration between the private sector, education and training providers, governments and social actors. Cyber security skills strategies can set a roadmap to design comprehensive cyber security workforce development policies beyond policies targeting only the education and training system.
Investing in the quality of cyber security education and training programmes
Information on teacher shortages by sector is typically not readily available. To enhance cyber security training provision, comprehensive data on teachers should be collected regularly and systematically to understand teachers’ shortages in the field.
Ensuring a high quality of cyber security education and training is imperative to generate a skilled workforce and improve organisations’ cyber security capabilities. Certification mechanisms for education and training programmes or providers can help students and employers recognise quality approved institutions/programmes and strong graduates in the cyber security field.
Box 1.3 highlights interesting practices put in place in England aimed at expanding and diversifying the cyber security workforce.
Several interesting initiatives and strategies have been implemented in England to expand the cyber security workforce through strengthening the provision of cyber security education and training programmes and providing information and incentives to engage with education and training in the field. Some of these practices are listed below:
Apprenticeships in the cyber security field (Find Apprenticeships, 2022[13]) combine practical training on the job with off-the-job training, allowing apprentices to gain job-specific skills while working alongside experienced staff from the sector in addition to the more theoretical aspects of cyber security. They are available at different levels of qualification. Enrolment in cyber security apprenticeships increased strongly in the last five years.
CyberFirst (NCSC, 2022[14]) is a programme led by the National Cyber Security Centre (NCSC) which aims to develop the United Kingdom’s next generation of cyber security professionals through bursaries, free courses for 11-17 year-olds and competitions. The programme provides opportunities for young people to explore their passion for tech applied to the fast-paced cyber security sector.
CyberFirst Girls (NCSC, 2022[14]) is a complementary programme to CyberFirst focused on demystifying the idea that only boys can succeed in IT, especially in the cyber security sector. The programme includes a CyberFirst Girls competition which aims to support girls interested in a career in cyber security. Additionally, NCSC offers the CyberFirst girls’ development day, where girls can have interactive learning experiences and witness inspirational speeches from women leaders in the cyber industry. This event helps girls to have a better understanding of the learning and aspirational possibilities.
Department for Education Skills Bootcamps (Department for Education, 2022[15]) are free, flexible courses of up to 16 weeks at various levels, available in England, allowing people to build up sector-specific skills and fast-track to a job interview with a local employer once the training is completed. The courses are open to adults aged 19+.
Cyber security career route map (UK Cyber Security Council, 2022[16]) is a website developed by the UK Cyber Security Council that provides detailed information about the different areas of specialisation in cyber security. It also suggests learning pathways for individuals interested in a specific field. The information shown for each area of specialisation includes characteristics of the role, skills and knowledge required and helpful information to enter the specialisation.
NCSC certification (NCSC, 2023[17]) is a certification of cyber security apprenticeships, bachelor’s, master’s and integrated master’s degrees with well-defined and relevant content delivered to an appropriate standard. Working in partnership with the DCMS, Cabinet Office, and UK Research and Innovation, the NCSC certifies programmes across higher education institutions that better respond to cyber security standards established by CyBOK and the national cyber security priorities. This certification should help students differentiate between the many cyber security degrees on offer and employers distinguish between applicants’ qualifications.
References
[6] Andrews, D., G. Nicoletti and C. Timiliotis (2018), “Digital technology diffusion: A matter of capabilities, incentives or both?”, OECD Economics Department Working Papers, No. 1476, OECD Publishing, Paris, https://doi.org/10.1787/7c542c16-en.
[4] Cybersecurity Ventures (2021), Cybersecurity Jobs Report: 3.5 Million Openings In 2025, https://cybersecurityventures.com/jobs/.
[12] DCMS (2022), Cyber security skills in the UK labour market 2022, https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1072767/Cyber_security_skills_in_the_UK_labour_market_2022_-_findings_report.pdf.
[8] DCMS (2018), National Cyber Security Skills Strategy: increasing the UK’s cyber security capability, https://www.gov.uk/government/publications/cyber-security-skills-strategy/initial-national-cyber-security-skills-strategy-increasing-the-uks-cyber-security-capability-a-call-for-views.
[15] Department for Education (2022), Skills for life, skill bootcamps, https://skillsforlife.campaign.gov.uk/courses/skills-bootcamps/.
[13] Find Apprenticeships (2022), Cyber security apprenticeship, https://www.findapprenticeships.co.uk/cyber-security-apprenticeships/.
[3] ISC2 (2022), ISC2 cybersecurity workforce study, https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx.
[17] NCSC (2023), NCSC certification, https://www.ncsc.gov.uk/section/products-services/ncsc-certification.
[14] NCSC (2022), CyberFirst overview, https://www.ncsc.gov.uk/cyberfirst/overview.
[5] NCSC & KPMG (2021), Decrypting diversity: Diversity and inclusion in cyber security, https://www.ncsc.gov.uk/files/KPMG-and-the-NCSC-Decrypting-Diversity-2021-report.pdf.
[7] Neto, I., M. Obiso and M. Baayen (2022), How tailored national cybersecurity strategies enable safe, inclusive and sustainable digital development, https://blogs.worldbank.org/digital-development/how-tailored-national-cybersecurity-strategies-enable-safe-inclusive-and.
[10] NIST (2022), National Initiative for cybersecurity Education (NICE), https://www.nist.gov/itl/applied-cybersecurity/nice/nice-framework-resource-center.
[11] Public Safety (2018), National Cyber Security Strategy - Canada’s vision for security and prosperity in the digital age, https://www.publicsafety.gc.ca/cnt/rsrcs/pblctns/ntnl-cbr-scrt-strtg/ntnl-cbr-scrt-strtg-en.pdf.
[2] Specops (2021), The countries experiencing the most ‘significant’ cyber-attacks, https://specopssoft.com/blog/countries-experiencing-significant-cyber-attacks/.
[9] The White House (2019), Executive Order on America’s Cybersecurity Workforce, https://trumpwhitehouse.archives.gov/presidential-actions/executive-order-americas-cybersecurity-workforce/.
[16] UK Cyber Security Council (2022), Cyber security career pathways. Routes into and through the profession, https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/.
[1] UNCDF (2022), The role of cyber security and data security in the digital economy, https://static1.squarespace.com/static/5f2d7a54b7f75718fa4d2eef/t/62082f066a25c62651a9ae40/1644703527175/EN-UNCDF-Brief-CyberSecurity-2022.pdf.
Notes
← 1. Significant cyber attacks refer to any cyber attacks on a country’s government agencies, defence and high tech companies, or economic crimes equating to loss of more than 1 million USD.
← 2. Among 16 countries for which the cyber security workforce gap was estimated.
← 3. Courses available at the moment of the search in September 2022 in Coursera, EdX, LinkedIn Learning, Udemy, FutureLearn and Skillshare.