1. Key insights into cyber security skills in Latin America
This chapter provides an overview of the report’s objectives and rationale and summarises the main takeaways. It discusses the results from the analysis of the demand for cyber security professionals in Chile, Colombia and Mexico. It also summarises the main findings from the analysis of the landscape of cyber security education and training programmes in Colombia. It concludes with actionable policy pointers.
Latin America (LATAM) is not immune to the growing global cyber security challenges. As the region experiences rapid digital transformation and increased connectivity, it becomes more susceptible to cyber threats. The dependence on digital technologies for various aspects of daily life makes individuals and organisations vulnerable to cyber attacks. Furthermore, Latin America is home to valuable assets and critical infrastructure which are potential targets for cyber criminals. Thus, a robust cyber security workforce is crucial to protect the region’s digital assets, maintain stability, and ensure the privacy and security of its citizens.
The COVID-19 pandemic has accelerated society’s reliance on digital technology, with remote work being rapidly adopted to keep businesses, schools, and other services operational during lockdowns. However, the widespread use of remote work has exposed individuals and firms to unprecedented cyber security threats (World Economic Forum, 2022[1]). With a significant portion of the workforce now working remotely or using hybrid arrangements, cyber criminals are better able to exploit weaknesses in digital security measures.
In this context, cyber resilience1 has become a crucial societal and policy goal, indicating the need for both private companies and the public sector to anticipate, recover from, and adapt to present and future cyber threats. The World Economic Forum emphasises that for organisations to be resilient, their cyber security teams must be prepared and equipped to face quickly evolving threats, have sufficient budgets, develop and retain talent with adequate cyber security skills (World Economic Forum, 2022[1]). Similarly, the Inter-American Development Bank (IDB) recognises that governments must be equipped to make decisions based on a rapidly changing technological and threat landscape. This requires comprehensive and sustainable cyber security policies, supported by the allocation of financial resources and the development of skilled human capital (IADB & OAS, 2020[2]). The OECD also recommends raising the level of awareness, skills and empowerment across society to manage digital security risk (OECD, 2022[3]). A skilled workforce is, therefore, a cornerstone of cyber resilience, as it enables countries to effectively protect their citizens, organisations, and critical infrastructures.
Against this backdrop, the world is facing a shortage of skilled workforce that hampers the efforts of different actors to achieve cyber resilience. The International Information System Security Certification Consortium, (ISC)2, estimated a global cyber security workforce gap of 3.4 million people in 2022, an increase of 26% with respect to the 2021 estimation (ISC2, 2022[4]). When turning to Latin America (specifically Mexico and Brazil), (ISC)2 estimates a cyber security workforce gap of nearly 516 000 people in 2022, although the gap in this region decreased by 26% relative to 2021.
The Organization of American States (OAS) identifies the cyber security gap in Latin America as the short-term consequence of a strong increase in the demand for cyber security professionals that is not met with adequate labour market supply. Several years of training are needed to develop the necessary skills and competencies to be able to work in the sector, which means the gap is not likely to be filled quickly, even though the misalignment in demand and supply has led to significant increases in wages and competition among available skilled cyber workers (Organization of American States and CISCO, 2023[5]). The lack of sufficient training programmes specific to cyber security is one of the reasons limiting the region’s ability to build a skilled cyber security workforce (Organization of American States and Global Partners, 2022[6]).
Over the past few years, Chile, Colombia, and Mexico have acknowledged the importance of building capacity to address cyber risk and have implemented cyber security policies (see Box 1.1) including objectives for developing and enhancing skills development in both the private and public sectors (Organization of American States and CISCO, 2023[5]). Recent cyber security policy interventions in these countries have placed them in a relatively good position compared to most countries in the region.
The IADB assesses countries’ cyber security readiness against five key dimensions.2 policy and strategy; cyberculture and society; education, training and skills; regulatory frameworks and standards; and organisations and technologies (IADB & OAS, 2020[2]). According to this assessment, the three countries analysed in this report fall in the mid-level stage of cyber security capacity development. In particular, when focusing on the education, training and skills dimension, the report indicates that the three countries have established and operationalised various education and professional training frameworks and have established opportunities for people to educate in cyber security both at a graduate and undergraduate level.
However, further actions are necessary to deliver tailored training programmes and awareness campaigns to develop cyber security capacity in Chile, Colombia and Mexico. The United Nations Economic Commission for Latin America and the Caribbean (ECLAC) recognises the need for Latin American countries to provide improved training activities and awareness campaigns targeted to SMEs – as this group of enterprises are typically at a disadvantage when facing cyber security challenges (ECLAC, 2022[7]). Additionally, experts have called for greater collaboration between academia, the private sector and national cyber security agencies. By enhancing co-ordination among these key stakeholders in the cyber security sector, it becomes possible to align education, training, and research initiatives with the specific needs and strategic objectives of each country in the evolving cyber security landscape (Ruiz Tagle-Vial and Álvarez-Valenzuela, 2020[8]). Such collaborative efforts will enable the development of a skilled cyber security workforce capable of effectively addressing emerging threats and safeguarding critical digital assets in the region.
Faced with accelerated digitisation, which brings increased cyber threats, the governments of Chile, Colombia and Mexico have implemented some ambitious cyber security policies in the last decade (MinTIC, 2020[9]; UNODC, 2017[10]; Government of Mexico, 2017[11]). While earlier cyber security policies focused most on risk management and actively counteracting the increase in cyber threats against the countries, the most recent versions instead focus on citizens’ abilities to safely navigate cyberspace and on developing the cyber security industry.
For instance, some of Chile’s national cyber security policy goals are to “develop a cyber security culture based on education and good practices […] and to promote the development of a cyber security industry.” Colombia’s national cyber security policy likewise mentions aiming to “strengthen the digital security capabilities of citizens, the public sector and the private sector to increase the digital confidence in the country”. Similarly, Mexico’s national cyber security strategy is intended to strengthen cyber security to protect the economy of different sectors of the country and promote technological development and innovation, while boosting the national cyber security industry, in order to contribute to economic development.
These national policies show that the countries recognise the importance of having a population that possesses the skills to operate in cyber space safely, as well as having a skilled cyber security workforce that can work in cyber security roles.
The first crucial step towards addressing the cyber security skills shortage is to grasp what is happening on the supply and demand sides of the labour market. Such knowledge allows businesses and governments to pinpoint their areas of highest weakness and where they need more resources. Job postings serve as valuable data, shedding light on the trending demand for cyber security experts and determining the currently crucial skills to build a sufficiently secure digital organisation. Additionally, examining the offerings of cyber security education and training programmes provides insights into the ongoing development of this specific labour force.
This report marks the second phase of a comprehensive project designed to enhance the understanding of the cyber security workforce and the associated education and training programmes across various regions and countries (see Box 1.2). Each report is divided into two parts, one dedicated to the demand for cyber security professionals and the other to the landscape of cyber security education and training programmes:
The demand-side analysis leverages big data to scrutinise job postings for cyber security professionals, revealing trends and aspects of employer demand through an examination of both the volume and content of these postings. This second report focuses on the demand for cyber security professionals in three LATAM countries: Chile, Colombia, and Mexico.
The supply-side analysis focuses on cyber security education and training programmes and the policies and strategies designed to broaden and diversify the cyber security workforce. Each report zooms in on one specific country for this supply-side analysis. For this report, Colombia is the selected country.
Therefore, the goal of this report is to offer a comparative analysis of demand in the three selected countries, providing insights about the development and characteristics of the cyber security profession in the Latin American context. Through the Colombian case study, it provides a deep dive into the kinds of education and training programmes that equip workers for cyber security roles, and the policies that could help to make the profession more appealing and diverse.
The rationale of the project
As the demand for cyber security professionals has significantly surged in recent years, and is projected to continue its upward trajectory, labour market shortages have begun to emerge in numerous countries. Given the exorbitant costs associated with cyber threats, it is vital for policy makers and businesses to have timely, detailed insights into both the demand and supply of cyber security-related skills and to learn from global best practices.
This initiative harnesses the broad expertise of the OECD to evaluate the types of cyber security roles that are sought after in worldwide labour markets and to pinpoint the essential skills for establishing a secure digital organisational environment. It also reviews how different countries’ education and training systems are cultivating such skills. Additionally, the project promotes an informal forum for dialogue and discussion on best practices and anticipated cyber security skill requirements.
The structure of the project
The project is segmented into three components that blend big data and policy analysis to examine the demand and supply of cyber security skills, as well as the policies and strategies in place to grow and diversify the cyber security workforce, thereby addressing cyber security skill deficits. Each of these three parts zeroes in on different geographical areas (see Figure 1.1), investigating three to five countries for the demand-side analysis and a single country for an in-depth case study on the supply side. This is the second OECD report of three segments that will be synthesised for these analyses. The first report was published in March 2023 (OECD, 2023[12]).
Methodology
Using big data to understand cyber security skills demand in Latin American countries
Online job postings have become instrumental in tracking labour market developments, playing a pivotal role in providing real-time insights into job demand and industry trends. Traditional labour market data can be limited or outdated, and therefore OJPs offer a dynamic and up-to-date complementary source of information. The increasing reliance on big data in labour market research enables a more nuanced understanding of recent trends and provides insights at a more detailed level compared to traditional data sources. In order to conduct a timely and comprehensive analysis of the demand for cyber security professionals, this report utilises data extracted from nearly 14 million online job advertisements sourced from three selected countries: Chile, Colombia and Mexico.3
Specifically, this report uses this dataset to examine the primary trends in the demand for cyber security professionals during 2021 and 2022. To achieve this, it employs text mining and data science techniques to classify job postings within the cyber security domain and extract relevant information from their texts. OJPs enable the analysis of job requirements, such as desired roles and skills, providing valuable insights into the evolving needs of employers in the region. By leveraging the vast amount of data available through online job postings, this report aims to monitor labour market dynamics and identify emerging trends, which can contribute to tailoring policies and training programmes to address the evolving needs of the cyber security workforce in Latin America.
In Latin America, however, informal employment is a challenge for collecting and extracting information from OJPs, as a significant proportion of jobs are not advertised on online employment platforms or though formal labour market channels. Informal employment represents approximately 55-60% of total employment in Colombia and Mexico, while in Chile it is nearly 30% (see Box 1.3). Moreover, even jobs in the formal sector are not always picked up by the OJP data, and this is especially the case for jobs that require low levels of qualifications – which represent a large portion of the labour market in many LATAM countries- as these are more likely to be advertised through other channels (Cammeraat and Squicciarini, 2021[13]). While this can create distortions in the analyses using OJPs, these limitations are likely to be only partly relevant in the current study, as cyber security jobs are more likely to be found in the formal sector and advertised online. Nonetheless, when interpreting data on OJPs for cyber security professionals relative to other parts of the labour market, one should keep these limitations in mind.
Zooming in on strategies for cyber security education and training provision: The case of Colombia
Cyber security education and training programmes take many forms and their content and structure depend on labour market needs and the learners’ profiles. Policies and initiatives to expand the supply of cyber security professionals and make the field more accessible also play a major role in shaping the landscape of learning opportunities. To provide insights into how education and training for cyber security roles can be developed, delivered and promoted, this report focuses on one particular country – Colombia. The purpose of presenting a dedicated case study is to provide a detailed description of programmes, policies and initiatives that could serve as inspiration for other countries developing their cyber security education and training sector.
The Colombian case looks at the landscape of cyber security programmes, focusing on professionally-oriented formal education programmes at the undergraduate level or below (e.g. technical professional and technologist programmes) and non-formal programmes (e.g. diploma certificates or diplomados). The case study also looks into the efforts put in place to create a strong framework for the provision of cyber security programmes, including national strategies for cyber security skills, and efforts to diversify the provision within higher education and to tackle teacher shortages. Special attention is dedicated to policies that contribute to better access and inclusion, describing challenges and initiatives designed to promote participation in cyber security learning, including among female learners and those from disadvantaged backgrounds. The case study analysis builds on national data and literature, as well as insights gathered from interviews with various key stakeholders in the Colombian education and training sector and cyber security field.
Labour market informality encompasses various aspects that require a comprehensive understanding to address its challenges effectively. In the context of the current analysis, it is important to note that informal employment and economic activities often go unrecorded and undocumented. As a result, official statistics, as well as the analysis in this chapter, may underestimate the actual size and contribution of the informal sector, leading to inaccuracies in measuring demand for labour.
Labour market informality remains a significant challenge in LATAM. According to recent data, an alarming proportion of the population in the region (nearly 70%) live in a house where at least one member has an informal job4 (OECD et al., 2021[14]). Informality emerged as a response to structural economic challenges, limited job opportunities, and inadequate social protection systems.
While informality is pervasive throughout Latin America, there are notable variations in rates among countries. Countries like Bolivia, Peru and Paraguay have particularly high levels of labour informality, with 70-80% of their workforce operating informal conditions5 (ILOSTAT, 2023[15]). In the countries analysed in this report, some 55-60% of the working population in Colombia and Mexico are in informal jobs, while in Chile it is nearly 30% (ILOSTAT, 2023[15]). These variations can be attributed to a combination of economic, social, and institutional factors that shape each country’s labour market.
When examining the demand for cyber security professionals through the lenses of OJPs, the measurement challenges related to informality are, however, likely to lead to minor biases. Firstly, job advertisements for cyber security professionals are likely to predominantly originate from formal organisations and enterprises that adhere to established recruitment processes. These postings are associated with formal job contracts, legal frameworks, and regulated working conditions. As a result, cyber security professionals are more often sought after in sectors characterised by low levels of informality, such as public administration and defence, information system and services, and financial and insurance (see, for instance, Figure 1.2).
Note: Information system and services includes cyber security sector. The National Statistics Office in Colombia (DANE) follows a definition of informality based on ILO’s recommendations, which considers informal employees as those whose employment relationship is not subject to national legal arrangements (for more detail see DANE (2023[16]) and ILO (2003[17])). Variables RAMA2D_4R was used to identify information system and services (Code 62). RAMA2D_4R is based on the Colombian adaptation of International Standard Industrial Classification (ISIC) https://www.dane.gov.co/files/sen/nomenclatura/ciiu/CIIU_Rev_4_AC2022.pdf.
Source: Note: OECD calculations using Gran Encuesta Integrada de Hogares – GEIH and the module of Training for employment.
Secondly, the cyber security field typically places a strong emphasis on professional credentials and qualifications (as discussed in Chapter 2). Skill certifications from national or industry authorities provide workers with means of effectively documenting relevant skills and developing a career path, easing pathways towards formal employment (ILO, 2015[18]). Therefore, this emphasis on professional requirements is likely associated with a higher proportion of formal employment arrangements in the cyber security profession.
Furthermore, organisations operating in sensitive industries, including finance, healthcare, and technology, often face legal obligations and regulatory compliance requirements. These obligations necessitate the formal employment of cyber security professionals, leading to greater adherence to formal procedures and the maintenance of a formal workforce.
In conclusion, while it is important to acknowledge that informality is a challenge when measuring labour market demand, there is limited concern for such biases within the cyber security field. However, results in this report still need to be interpreted with caution given the typically small sample sizes in countries where the informal sector is very large.
The demand for cyber security professionals is on the rise in Latin America
Chile, Colombia and Mexico have increased their focus on cyber security over the last decade. These countries have designated national cyber security policies and strategies. These formulate goals that, amongst others, aim to improve citizens’ ability to safely operate in cyberspace and to boost the cyber security sector in each respective country. In accordance with the rising importance of cyber security in Latin America, the demand for cyber security professionals (approximated by the number of online job postings, OJPs) has increased sharply between 2021 and 2022, with the growth rates for cyber security OJPs significantly outpacing those for other occupations, particularly in Chile and Mexico (Figure 1.3).
Most of the OJPs in the cyber security job market are for jobs in main metropolitan cities where major enterprises and government headquarters are found. The share of cyber security roles posted in metropolitan cities is far larger than the share of the Chilean, Colombian and Mexican populations that live in these areas. What contributes to this finding is that certain industries, such as finance, technology, and professional services, tend to have a higher presence in metropolitan areas due to the availability of skilled labour, infrastructure, and market demand. This boosts the demand for high-skilled positions such as cyber security roles.
Results also show that the demand for cyber security professionals is heterogeneous. Among different job roles, cyber security architects and engineers (those in charge of designing and modelling security solutions) stand at the core of the demand for cyber security professionals, recording the highest share of cyber security OJPs in Chile and Mexico in the period analysed. Cyber security analysts, which provide insights to support planning, operations and maintenance of systems security, represent the largest share of OJPs in the cyber security landscape in Colombia. Furthermore, Colombia experienced a significant increase in demand for cyber security auditors and advisors, indicating a growing recognition of the importance of assessing the efficiency and compliance of security solutions.
Source: OECD calculations based on Lightcast data.
In the three LATAM countries under exam in this report, vacancies for cyber security roles frequently specify the need for candidates to possess familiarity with cyber security frameworks or standards, and to have obtained specific certifications. Typically, certifications serve as a standardised measure of candidates’ expertise and aptitude in highly specialised areas including, for instance, cyber security. Particularly in Latin America, where the cyber security industry is still developing and rapidly evolving, the signalling function of these certifications is important as employers use them to select qualified candidates, while job seekers employ them to signal their skills.
However, it is worth noting that the certifications which are most sought after in Mexico and Colombia are primarily aimed at experienced professionals, as they necessitate a minimum of five years of relevant work experience but, simultaneously, many employers require them in vacancies for entry-level positions. This disparity between job level and certification requirements hampers efficient talent matching in the region’s cyber security workforce. Potential employees with the necessary skills may be deterred by these certification needs, while employers struggle to find suitable candidates, resulting in prolonged job vacancies and talent shortages. Consequently, there exists a misalignment between the skill requirements of the labour market and the available job opportunities.
Results also show other important bottlenecks in the ability of the available workforce to match the current demand. For instance, proficiency in English is among the most in demand skill requirements across OJPs for cyber security professionals in the region, but the workforce in LATAM traditionally struggles in this area.
The provision of cyber security education and training programmes in Colombia is diverse
On the supply side, the case study for Colombia shows that there can be various educational and training pathways into cyber security roles, with opportunities for progression (see Figure 1.4). The Colombian higher education system provides multiple cyber security training programmes that lead to formal qualifications recognised by the National Ministry of Education (MEN), including vocational and undergraduate programmes. The former include professional technical and technologist courses focused on practice-oriented training, preparing learners for careers in cyber security operations and management. These programmes take between two and three years to complete. Undergraduate programmes delve deeper into the theoretical foundations and advanced concepts of cyber security, emphasising research, innovation, and critical thinking. Learners can also develop basic cyber security skills at lower levels of education, including through cyber security modules integrated into technical upper-secondary education.
Note: Formal education, which leads to formal qualifications such as technical professional programmes, includes courses and programmes offered by universities, technological, professional and technical institutions. For this study, programmes at the Master’s level and above are excluded from the analysis. Non-formal education and training include courses outside the formal education system and not leading to formal qualifications (but awarding certificates in some cases), such as diploma certificates.
In addition to these formal cyber security qualifications, young people and adults in Colombia have the opportunity to engage in non-formal training. This type of training, often shorter and more adaptable than programmes within the formal education system, is frequently embodied in the form of diploma certificates. These are predominantly offered by public and private higher education institutions or training providers in the cyber security field. Such flexible courses typically take between three to 12 months to complete, incorporating practical training, case studies, and group discussions. The content of cyber security diploma certificates can vary, both in terms of difficulty and specialisation. Diploma certificates that cover more general concepts furnish students with foundational technical knowledge in cyber security and computer security management. Others address more advanced and complex topics, with some even aligning with competency certifications or industry-required standards.
Colombia has enacted various policies and strategies to broaden learning opportunities and diversify the workforce in the cyber security sector. The country has focused on developing national strategies that strengthen the response to cyber threats and enhance cyber security capabilities, which have been translated into expanding learning opportunities in the field. Increasing flexibility, particularly within higher education institutions, has been one avenue for effectively and rapidly responding to the evolving skill needs in the sector and catering to a diverse group of learners. Training providers have also implemented innovative strategies to address teacher shortages in ICT. To diversify the workforce of cyber security professionals, the country has emphasised the development of basic digital skills across the wider population in an effort to raise cyber security awareness and foster interest among potential learners in pursuing training in this field. Additionally, multiple policies have been implemented to eliminate barriers that might deter interested individuals from exploring these learning opportunities such as providing financial support to engage with basic technical cyber security training. Box 1.4 provides examples of relevant practices in Colombia, which are further documented in Chapter 3.
Policy pointers for building a skilled cyber security workforce
The insights derived from the analysis of the demand for cyber security professionals in Chile, Colombia and Mexico and the detailed analysis of the cyber security education and training in Colombia underscore diverse opportunities for Latin American countries to tackle labour and skills shortages in the sector. This section signals some of them.
Providing structured and comprehensive information on cyber security roles and skills
The cyber security profession is in constant redefinition, which poses challenges to employers, education and training providers, and learners to understand the different cyber security roles and associated skill requirements. This challenge calls for joint efforts from different actors to develop a structured and comprehensive characterisation of the profession. The adoption of cyber security skills strategies can facilitate the understanding of the cyber security profession in Colombia, as well as in the rest of LATAM, and establish a common taxonomy that contributes to understanding and analysing labour market dynamics in the field. Developing cyber security skills strategies also enhances the design and implementation of policies to overcome labour shortage in the field by providing a roadmap on how to expand the supply of learning opportunities and make training more responsive to employers’ needs.
While knowledge of specific cyber security frameworks is currently in high demand (e.g. ISO/IEC 27000 and ITIL), it is crucial to understand that the field is dynamic and continually evolving, necessitating targeted training efforts to respond to the most recent needs. Assessing and anticipating skills needs through timely and granular data analysis allows countries to generate information about the current and future needs of the cyber security sector (OECD, 2016[19]). These skills assessment and anticipation exercises are vital to stay abreast of emerging trends and to adjust training systems accordingly.
It is necessary to raise awareness among stakeholders about the importance of a qualified cyber security workforce to respond to cyber risk. Adherence to cyber security frameworks/standards provides essential guidance, best practices, and a common language for organisations and professionals. These tools enable them to establish comprehensive cyber security strategies, mitigate digital security risk, and enhance overall cyber security resilience.
Overcoming barriers to expand and improve the provision of cyber security programmes
Higher education institutions offer a wide range of formal programmes (e.g. technical professionals, technologists and undergraduates) that lead to entry-level job opportunities in cyber security. Some education institutions also have articulation arrangements (i.e. propaedeutic cycle) which play a crucial role in smoothing the transition from general ICT technical programmes to technologists and undergraduate programmes in cyber security. This approach is designed to prepare students for more specialised studies in their chosen field, building on the solid foundation in core ICT concepts and principles they already acquired.
Education institutions are increasingly aware of the need to provide programmes and courses that meet the diverse needs of learners, while addressing labour market needs. Diversifying the cyber security offer in higher education to include non-formal training programmes contributes to meeting skills demand more swiftly. It is also essential to facilitate the creation of flexible training programmes that provide sufficient opportunities for cyber security training aligned with labour market needs, that are quality assured and easily accessible, especially for more disadvantaged learners such as those facing financial barriers and digital illiteracy. Such non-formal programmes should ideally lead to certificates that are easily recognised by employers.
Partnerships between higher education institutions and private sector companies or specialised international training providers are key to expand the provision of cyber security training. In Colombia, this collaboration has led to an expansion of customised short training programmes, such as diploma certificates. This responds to particular skill needs, while typically also being part of learning pathways or building blocks for developing more advanced and specialised skills. Some are even linked to industry certifications which are in high demand in the cyber security sector.
Teacher shortages affect the provision of cyber security education and training in countries like Colombia. Educational institutions need strategies to attract and retain instructors and professors in ICT fields in a context of significant shortages of cyber-related professionals. Strengthening relationships with companies to provide training to ICT teachers, allowing professionals in industry to dedicate some time to teaching and improving teachers’ English proficiency can contribute to reducing shortages.
Tackling digital literacy and language barriers, and raising the interest of potential learners
Participation in cyber security education and training requires individuals to possess solid basic digital skills. Digital illiteracy is common in Latin America, especially among individuals from disadvantaged backgrounds. In Colombia, for instance, the provision of training programmes covering key fundamentals ICT subjects has been crucial to equip learners with basic concepts for digital navigation and facilitate progression to advanced training. Additionally, developing such skills from a young age can contribute to generating interest in ICT professions, such as in cyber security.
Enhancing English language proficiency is crucial in mitigating the workforce cyber security gap in LATAM. The English proficiency gap creates significant obstacles to cultivating cyber security skills, as most of the training resources are not available in Spanish. Potential solutions could include offering cyber security training in local languages or providing translation services. Nonetheless, strategies should also focus on improving English proficiency levels in the region to ensure that individuals can access cyber security opportunities offered in English.
Gender stereotypes can hinder participation in cyber security education and training. Even though countries like Colombia have experienced reductions in the performance gap between boys and girls in mathematics and sciences, the proportion of female professionals in ICT remains low. Latin American countries need initiatives to encourage women to engage in education and training in STEM fields and specifically in ICT and cyber security topics. Platforms and spaces for women to connect, learn and share their experiences in these fields are valuable initiatives towards promoting interest in the profession.
Colombia has launched a number of interesting initiatives and strategies aimed at enlarging and diversifying the cyber security workforce. These efforts focus on bolstering the availability and quality of cyber security education and training programmes, as well as providing clear information and enticing incentives to foster engagement in the field. A few of these noteworthy practices include:
Policy frameworks in cyber security, such as the most recent document of National Council for Economic and Social Policy (Consejo Nacional de Política Económica Social, CONPES) 3995 on National policy of trust and digital security (DNP, 2020[20]) have been crucial to enhance the digital skills of the workforce, including the introduction of incentives to boost ICT training participation among various target groups (e.g. financial support for disadvantaged individuals to engage with non-formal and formal education) and promoting cyber security education in higher education institutions.
Diploma certificates are offered by higher education institutions, professional associations, and private organisations. Some educational institutions form partnerships with private sector companies or specialised international providers to deliver these certificates. In cyber security, for instance, SENA developed the ‘Technological centre of excellence and simulation in cyber security’ jointly with MNEMO (an IT and cyber security services company) to deliver diploma certificates in information security and courses related to the field (SENA, 2022[21]).
Universities and employers designing short training programmes in cyber security has become a common practice (for diploma certificates and other non-formal programmes). These short trainings include modules for developing basic technical ICT skills. In some cases, the courses contain modules fully customised by employers to meet their specific needs. These programmes also tend to be flexible and adaptable to students’ learning needs, with some including mentoring, tutoring and other types of individual support.
Cyber security skills programmes for managers (MinTIC, 2022[22]) fund training for employees in enterprises to raise awareness of cyber security issues, covering 100% of training expenses. The programmes include two diploma certificate courses for directors and high-level managers and IT managers to promote a culture of cyber security and improve the ability of companies to protect themselves against digital risks and threats.
The National school of instructors (ENI) (SENA, 2023[23]) delivers targeted training for the teaching of ICT, including cyber security programmes. This process includes selecting qualified individuals from industry and developing their pedagogical abilities. Technical training in cyber security is also provided to ensure up-to-date knowledge among ICT teachers.
Hacker girls (MinTIC, 2023[24]) is a national programme that aims at promoting women’s participation in technology and cyber security. The programme provides opportunities for women of all ages to develop knowledge and skills in these fields and to encourage more women to pursue careers in technology and cyber security (e.g. hackathons and competitions).
The “Por TIC Mujer” (MinTIC, 2023[25]) programme is an initiative in Colombia launched by the Ministry of Information and Communication Technology (Ministerio de las Tecnologias de la Información y las Comunicaciones, MinTIC) to enhance women’s access to and usage of ICTs. The programme aims at overcoming digital illiteracy, improving women’s access to technology, and supporting women’s use of ICTs for entrepreneurship.
References
[13] Cammeraat, E. and M. Squicciarini (2021), “Burning Glass Technologies’ data use in policy-relevant analysis: An occupation-level assessment”, OECD Science, Technology and Industry Working Papers, No. 2021/05, OECD Publishing, Paris, https://doi.org/10.1787/cd75c3e7-en.
[16] DANE (2023), Empleo informal y seguridad social, https://www.dane.gov.co/index.php/estadisticas-por-tema/mercado-laboral/empleo-informal-y-seguridad-social.
[20] DNP (2020), Política Nacional de Confianza y Seguridad Digital (National Policy of trust and digital security), https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf.
[7] ECLAC (2022), A digital path for sustainable development in Latin America and the Caribbean, Economic Commission for Latin America and the Caribbean, https://conferenciaelac.cepal.org/8/en/documents/digital-path-sustainable-development-latin-america-and-caribbean (accessed on 11 September 2023).
[11] Government of Mexico (2017), National Cyber Security Strategy, https://www.gob.mx/cms/uploads/attachment/file/399655/ENCS.ENG.final.pdf (accessed on May 2023).
[2] IADB & OAS (2020), Cybersecurity: Risks, progress, and the way forward in Latin America and the Caribbean, https://doi.org/10.18235/0002513 (accessed on April 2023).
[18] ILO (2015), Promoting transition to formality, https://www.ilo.org/global/topics/skills-knowledge-and-employability/treepedia/post-training/formality/lang--en/index.htm (accessed on June 2023). (accessed on 2023).
[17] ILO (2003), Guidelines concerning a statistical definition of informal employment, https://www.ilo.org/wcmsp5/groups/public/---dgreports/---stat/documents/normativeinstrument/wcms_087622.pdf (accessed on 1 June 2023).
[15] ILOSTAT (2023), Statistics on the informal economy, https://ilostat.ilo.org/topics/informality/.
[4] ISC2 (2022), ISC2 Cybersecurity Workforce Study, https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx.
[24] MinTIC (2023), Hacker Girls, https://gobiernodigital.mintic.gov.co/seguridadyprivacidad/portal/Iniciativas/Hacker-Girls/.
[25] MinTIC (2023), Por TIC Mujer, https://formacionapropiacion.mintic.gov.co/course/index.php?categoryid=6.
[22] MinTIC (2022), Habilidad digitales en ciberseguridad, https://talentodigital.mintic.gov.co/734/w3-channel.html.
[9] MinTIC (2020), CONPES 3995 - Política nacional de confianza y seguridad digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf (accessed on June 2023).
[12] OECD (2023), Building a Skilled Cyber Security Workforce in Five Countries: Insights from Australia, Canada, New Zealand, United Kingdom, and United States, OECD Skills Studies, OECD Publishing, Paris, https://doi.org/10.1787/5fd44e6c-en.
[3] OECD (2022), Recommendation of the Council on National Digital Security Strategies, https://legalinstruments.oecd.org/en/instruments/OECD-LEGAL-0480 (accessed on August 2023).
[19] OECD (2016), Getting Skills Right: Assessing and Anticipating Changing Skill Needs, Getting Skills Right, OECD Publishing, Paris, https://doi.org/10.1787/9789264252073-en.
[14] OECD et al. (2021), Latin American Economic Outlook 2021: Working Together for a Better Recovery, OECD Publishing, Paris, https://doi.org/10.1787/5fedabe5-en.
[26] OECD/ILO (2019), Tackling Vulnerability in the Informal Economy, Development Centre Studies, OECD Publishing, Paris, https://doi.org/10.1787/939b7bcd-en.
[5] Organization of American States and CISCO (2023), Reporte sobre el desarrollo de la fuerza laboral de ciberseguridad en una era de escasez de talento y habilidades, https://www.oas.org/es/sms/cicte/docs/Reporte_sobre_el_desarrollo_de_la_fuerza_laboral_de_ciberseguridad_en_una_era_de_escasez_de_talento_y_habilidades.pdf (accessed on 25 April 2023).
[6] Organization of American States and Global Partners (2022), National Cybersecurity Strategies: Lessons Learned and Reflections from the Americas and Other Regions, https://www.gp-digital.org/publication/national-cybersecurity-strategies-lessons-learned-and-reflections-from-the-americas-and-other-regions/.
[8] Ruiz Tagle-Vial, P. and D. Álvarez-Valenzuela (2020), Building Cybersecurity Capacity: Challenges for Post-Secondary Education in Latin America and the Caribbean, University of Chile, https://doi.org/10.18235/0002513.
[23] SENA (2023), Escuela Nacional de Instructores “Rodolfo Martínez Tono”, https://www.sena.edu.co/es-co/comunidades/instructores/Paginas/default.aspx.
[21] SENA (2022), Sena y MNEMO inauguran en Colombia el primer centro tecnológico de excelencia y simulación en ciberseguridad de América Latina, https://www.mnemo.com/sena-mnemo-ciberseguridad/.
[10] UNODC (2017), Chile’s National Cybersecurity Policy 2017-2022, https://www.unodc.org/e4j/data/_university_uni_/chiles_national_cybersecurity_policy_2017-2022.html?lng=en (accessed on May 2023).
[1] World Economic Forum (2022), Global Cybersecurity Outlook 2022, https://www.weforum.org/reports/global-cybersecurity-outlook-2022/.
Notes
← 1. The World Economic Forum defines cyber resilience in the Global Cyber Security Outlook 2022 as “the ability of an organisation to transcend (anticipate, withstand, recover from, and adapt to) any stresses, failures, hazards and threats to its cyber resources within the organisation and its ecosystem, such that the organisation can confidently pursue its mission, enable its culture and maintain its desired way of operating” (World Economic Forum, 2022[1]).
← 2. The IADB and OAS study uses the Cyber security Capacity Maturity Model for Nation (CMM) developed by the Global Cyber Security Capacity Centre of the University of Oxford to assess the maturity of the countries’ cyber security capacity (IADB & OAS, 2020[2]).
← 3. Data is provided by Lightcast.io.
← 4. In this report, informal employment “…refers to working arrangements that are de facto or de jure not subject to national labour legislation, income taxation or entitlement to social protection or certain other employment benefits (advance notice of dismissal, severance pay, paid annual or sick leave, etc.).” (OECD/ILO, 2019[26]).
← 5. This figure follows the International Labour Organization (ILO) definition of employment and labour informality: “Employment comprises all persons of working age who, during a specified brief period, were either in paid employment (whether at work or with a job but not at work) or in self-employment (whether at work or with an enterprise but not at work). Informal employment comprises persons who in their main or secondary jobs were: (a) own-account workers, employers and members of producers´ co-operatives employed in their own informal sector enterprises; (b) own-account workers engaged in the production of goods exclusively for own final use by their household (e.g. subsistence farming); (c) contributing family workers, regardless of whether they work in formal or informal sector enterprises; or (d) employees holding informal jobs, whether employed by formal sector enterprises, informal sector enterprises, or as paid domestic workers by households” (ILOSTAT, 2023[15]).