Executive summary

Latin America (LATAM) is not immune to the growing global cyber security challenges. The region’s quick-paced digital transformation and expanded connectivity make it prone to cyber threats. Both individuals and organisations find themselves increasingly at risk of cyber attacks as they become more reliant on digital technologies for many facets of their daily lives and operations. In addition, Latin America possesses significant assets and essential infrastructure that could represent targets for cyber criminals. Developing a strong cyber security workforce is vital to safeguard the digital assets in the region, uphold economic stability, and protect the privacy and security of its population.

This report analyses the evolution of the demand for cyber security professionals in 2021 and 2022 in Chile, Colombia and Mexico. The analysis leverages data gathered from over 14 million job postings collected from the internet (online job postings, OJPs). The report also explores the supply side, zooming in on the landscape of cyber security education and training programmes in Colombia and the policies and strategies to enhance the accessibility and relevance of these programmes.

In the last decade, Chile, Colombia, and Mexico (like other Latin American countries) have increased their focus on cyber security. These countries have implemented national strategies to enhance safe cyberspace navigation and boost the cyber security sector. This growing attention is mirrored by the sharp rise of online job postings (OJPs) for cyber security professionals between 2021 and 2022, with growth rates significantly outpacing other job categories, particularly in Chile and Mexico. Most of the OJPs in cyber security are situated in major urban areas, the hub of substantial businesses and government entities.

The demand for cyber security professionals is diverse. Cyber security architects and engineers, responsible for designing security solutions, are in high demand, particularly in Chile and Mexico. In Colombia, cyber security analysts, providing essential system security insights, hold the largest share of OJPs. Additionally, Colombia has seen a noticeable surge in demand for cyber security auditors and advisors, pointing to a growing appreciation for assessing security solution efficiency and compliance.

In Chile, Colombia, and Mexico, cyber security OJPs frequently require familiarity with specific frameworks or standards (e.g. ISO 27001) and certain certifications (e.g. Certified Information Systems Security Professional, CISSP). Certifications are crucial to signal candidates’ expertise in cyber security, especially as the industry is still in the process of development and evolution. Notably, the most in-demand certifications typically require professionals to have at least five years of experience. However, employers in the region may not always be fully aware of these requirements, which creates a disconnect between the positions that organisations aim to fill and the prerequisites necessary to obtain those certifications. This situation can hinder the hiring process as job seekers may be discouraged from applying, and employers may struggle to find the talent they need among the available candidates.

By evaluating the specific skills and experience needed for entry-level positions, employers can ensure that the skills and certification requirements they set are reasonable for the candidates they seek. In this context, the adoption of cyber security skills frameworks becomes crucial for government, academia and the cyber security industry. These tools create a comprehensive structure of roles and skills that enable organisations to accurately identify the profiles most relevant to their interests. Skills frameworks, therefore, contribute to a better alignment between skills demand and supply, as they bring consistency, relevance, and standardisation to the profession.

The analysis of online job postings also shows that proficiency in English is becoming of paramount importance in the cyber profession in Chile, Colombia and Mexico. According to the analysis, English is among the most relevant transversal skills in cyber security vacancies posted online in the three countries. Moreover, most of the training resources and industry standards are primarily in this language. Boosting English language proficiency is, therefore, key for the available cyber security workforce to stay up to date and overcome obstacles for developing relevant cyber security skills.

Equipping individuals with the right technical and transversal skills is essential to ensure that employers can find the cyber security professionals they need. The Colombian case study presented in this report shows how diverse educational and training routes can prepare for cyber security roles. Colombia’s higher education system offers a variety of cyber security training programmes leading to formal qualifications, from vocational to undergraduate courses. The vocational programmes (e.g. technical professional and technologist programmes, lasting 2 and 3 years respectively) provide hands-on training, preparing learners for careers in cyber security operations and management, while undergraduate programmes delve deeper into cyber security theory, fostering research, innovation, and critical thinking. Learners can also acquire basic cyber security skills at lower education levels via integrated modules in technical upper-secondary education.

Besides formal cyber security qualifications, Colombia provides non-formal training opportunities for young people and adults. This type of training is typically shorter and more flexible than traditional educational programmes and often leads to diploma certificates. These certificates, offered predominantly by higher education institutions or specialised training providers, usually require 3 to 12 months to complete and include practical training, case studies, and group discussions. Content varies in complexity and specialisation, from foundational technical knowledge in cyber security to more advanced topics, with some aligned to competency certifications or industry standards. Overall, cyber security programmes yield positive outcomes, with relatively high completion rates and successful transitions into employment or further studies. However, many disadvantaged individuals face multiple barriers (e.g. lack of funding, digital illiteracy, misunderstanding of cyber security roles) when engaging with learning opportunities in the field.

Colombia has implemented various strategies and policies to broaden learning opportunities and diversify its cyber security workforce. Through targeted national strategies, the country has bolstered responses to cyber threats and enhanced its cyber security capabilities. Higher education institutions have increased their flexibility, enabling them to adapt to the changing skill needs in the sector and cater to varied learner demographic. Investments have also been made into the quality of the teaching workforce, with institutions like the National School of Instructors of the National Learning Service (Servicio Nacional de Aprendizaje, SENA) having been vital in addressing ICT teacher shortages, including in the field of cyber security.

Broader initiatives to enhance basic digital skills seek to raise cyber security awareness in the general population and encourage potential learners to develop cyber security technical skills. Policies like “Talento Digital” have been introduced to eliminate financial hurdles that could discourage individuals from exploring these training opportunities. Given the underrepresentation of women in this field, various initiatives have been established by the Colombian Government and other actors to encourage more girls and women to pursue cyber security training and careers.

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2023

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at https://www.oecd.org/termsandconditions.