Author Description

The cybersecurity skills shortage (CSSS), which in this document refers to the lack of qualified cybersecurity professionals in the labour market, represents an issue for both economic development and national security, especially in the rapid digitisation of the global economy. It poses threats with a high impact on the data, information technology systems and networks that form the dorsal spine of modern societies. This shortage can be further analysed into two concurrent issues: a quantitative one and a qualitative one. The quantitative issue is related to the insufficient supply of cybersecurity professionals to meet the requirements of the job market and the qualitative one is related to the inadequacy of professional skills to meet the market's needs. This report focuses on the status of the cybersecurity education system and the inability to attract more students to study cybersecurity and to produce graduates with the right cybersecurity knowledge and skills. It argues that many of the current issues in cybersecurity education could be ameliorated by redesigning educational and training pathways that define knowledge and skills that students should possess upon graduation and after entering the labour market. This analysis describes how four states -- Australia, France, the United Kingdom and the United States -- have attempted to rethink cybersecurity degrees using certification. These certification schemes have been established for various purposes. The main objectives include having more graduates with skills readily deployable by the industry, helping employers understand skills and knowledge that students have developed in their academic careers, and assisting people to choose their degree options. The ultimate impact of degree certification is to reduce the CSSS through the promotion of cybersecurity education, research and awareness.