3. The landscape of cyber security education and training programmes: The case of Colombia

Chapter 2 highlights the significant and growing demand for cyber security professionals in Latin American countries (LATAM), in particular in Chile, Colombia, and Mexico. This trend reflects the expansion of connectivity, especially in urban areas, the adoption of a broader range of digital technologies, and an increase in remote work opportunities. However, the recent surge in demand for cyber security professionals has not been met with a sufficient supply of trained workers, resulting in shortages that can potentially expose vulnerabilities in cyber security. These shortages are already observed today, as evidenced by research conducted by Fortinet (2023[1]), which indicates that 41% of LATAM organisations surveyed struggle to fill cloud security roles.

This chapter focuses on the Colombian context, providing a detailed overview of its cyber security education and training landscape, along with associated policies to grow and diversify its cyber security workforce. Education and training focused on developing cyber security skills is key to counteract cyber security threats and tackle skill shortages. At the same time, it is essential to have a broader understanding of the population’s digital skill capacity, which is a pre-condition to having interest in and capacity to pursue advanced and specialised learning opportunities in cyber security.

While Colombia has made substantial progress to improve internet connectivity and the use of information and communication technologies (ICT), a significant share of the population still lacks basic digital and technical skills. This hinders the digital transition and the ability to meet labour market demands, particularly in cyber security (OECD, 2021[2]). In Colombia 59% of all companies face challenges in IT and technology-related fields finding the talent they need (Manpower Group, 2022[3]).

The shortage of cyber security skills in Colombia likely stems from the fact that it is an emerging field. Education and training systems that provide cyber security programmes are still adapting to employers’ requirements and to learners’ ability to acquire these skills. Colombia faces several challenges and opportunities in this context. Firstly, it is vital to establish skill policy frameworks to create the right environment for the expansion of cyber security education and training. Increasing flexibility in provision, in particular within higher education institutions, can help to respond swiftly to changing skills needs in the sector and serve a diverse group of learners. Providers also need creative strategies to tackle teacher shortages in ICT. Secondly, the lack of basic digital skills and low English proficiency in the population is a common barrier to participation in cyber security learning opportunities. Moreover, women are hugely underrepresented in the ICT sector, and making the cyber security profession more appealing to women can help both promote equity and respond to employer needs.

Following this introduction, this chapter first provides a snapshot of cyber security education and training programmes in Colombia. This is followed by a discussion of efforts to develop a framework that allows the Colombian skills system to respond to labour market needs in the field of cyber security. The final section discusses strategies and policies in place to stimulate greater participation in these programmes, including initiatives aimed at enhancing digital literacy and facilitating access for underrepresented learners.

The information in this chapter is derived from interviews conducted with key stakeholders in the cyber security sector, including training providers and various government entities. The analysis also draws on desk research and analysis of data form multiple household surveys and administrative information.

This section provides an overview of the education and training landscape in cyber security skills in Colombia. It first describes formal and non-formal education and training programmes that focus on cyber security, mostly within higher education. This is followed by a description of the profile of learners who pursue programmes in cyber security and an analysis of labour market outcomes associated with programmes in cyber security.

Cyber security education and training aimed at developing skills for entry-level jobs include both formal and non-formal programmes1 (see Figure 3.1). Formal education includes professional technical (two-year programme at ISCED Level 5), technologist (three-year programme, ISCED Level 5), and undergraduate programmes (four-to-five-year programme, ISCED Level 6) specific to this field, with the majority of cyber security training being offered at the graduate level (specialisation and master’s degree, ISCED Level 7). This study focuses on qualifications below or at ISCED Level 6 (see Box 3.1). In addition to cyber security-specific programmes, some programmes in systems engineering and related fields include cyber security education and training as part of their curriculum and course content, or as areas of emphasis covering topics such as information security, information systems management, ethical hacking, network security, and information auditing. Articulation arrangements are also common within the system and software engineering programmes, facilitating the transition between higher education qualifications. These articulation arrangements are also offered with an emphasis on cyber security.

Non-formal education and training encompasses courses that may lead to certificates but do not yield a formal qualification. Diplomados or Diploma certificates represent the most prevalent type of certified non-formal, short training courses in this field, providing targeted instruction and practical experience. The recent surge in demand for specialised ICT skills such as cyber security, has led to a notable expansion in other forms of short courses, such as micro- and macro-credentials. These courses offer flexible and accessible learning opportunities, allowing individuals to acquire the necessary expertise quickly and efficiently. By focusing on specific skill sets and competencies, these courses help address immediate local skill demands and enable professionals to stay abreast of the latest industry developments.

Formal and non-formal education in cyber security is delivered by various types of providers, each with distinct characteristics that cater to different learning needs and preferences. Higher education institutions, such as universities and technical institutes, offer formal programmes in fields related to cyber security, including systems engineering, computer science, and information technology. These institutions provide comprehensive, structured education and training, equipping students with a solid foundation in cyber security principles and practices. Universities and technical institutions can also provide non-formal education such as Diploma certificates. Private training centres, online learning platforms and industry-specific organisation offer only non-formal education programmes such as short courses, workshops and certifications in specialised cyber security sectors.

The provision of formal education programmes in cyber security in Colombia, specifically for entry-level jobs, covers various levels, ranging from professional technical and technologist programmes to undergraduate degrees. These programmes are designed to cater to the diverse educational and professional backgrounds of students, from those seeking entry-level skills to experienced professionals looking to enhance their expertise. In addition, technical upper secondary education mainly provides essential knowledge on ICT and aims to steer learners’ interest towards further ICT training, but it does not cover cyber security subjects (see Box 3.2). Higher education includes vocational and undergraduate programmes. The former includes professional technical and technologist courses that focus on practice-oriented training, preparing students for careers in cyber security operations and management. Undergraduate programmes delve deeper into the theoretical foundations and advanced concepts of cyber security, emphasising research, innovation, and critical thinking. Depending on the level and type of programme, courses may be delivered full-time or part-time, while flexible schedules and blended learning options serve learners who cannot be fully dedicated to study or who are located in remote areas.

The offer of education programmes in this field has been growing in response to emerging demand. Colombian providers offered 494 formal programmes in systems, telematics, and related engineering fields in 2022 (hereinafter systems engineering programmes), including professional technical (52), technologist (195), and undergraduate programmes (247) (see Figure 3.2, Panel A). While the supply of technologist and undergraduate programmes in this field has increased by 12% compared to 2014, the number of more foundational technical programmes have dropped by 30%. The growth of technologist and undergraduate programmes may reflect higher demand for professionals with advanced skills in more technology-intense fields such as systems engineering (Ferreyra et al., 2017[6]). Also, the trend toward obtaining a higher education qualification may contribute to the decline in professional technical programmes in LATAM. Particularly in Colombia, the number of professional technical programme offerings across all fields has dropped by 39% in the last decade (MEN, 2023[7]). Students may increasingly pursue technologist and undergraduate degrees to improve their job prospects and earning potential (Ferreyra et al., 2017[6]). This trend can lead to a decrease in enrolment and offerings of more foundational professional technical programmes.

The provision of cyber security programmes in formal education is relatively small but has been growing. While in 2014 no programmes existed in this field, by 2022 four cyber security programmes were available: one professional technical (in Information Security Services), three technologists (in Computer network and information security, in Computer Network Security Management and in Network and information security), and one undergraduate programme (Engineering in information security). In addition, 58% of systems engineering programmes include cyber security topics as subjects or as an area of emphasis.

Participation in education and training programmes in cyber security or related fields is limited. According to the National Information System of Higher Education (SNIES), in 2022, only 15% of students in higher education were enrolled in systems engineering programmes, and this proportion has fallen since 2016. Most learners who study systems engineering programmes cover cyber security topics (see Figure 3.2, Panel B). In 2022, two out of every five students in systems engineering technologist and undergraduate were enrolled in programmes that included cyber security subjects or offered cyber security as a field of specialisation. According to consulted stakeholders, the importance of cyber security within technologist and undergraduate programmes may be due to the complexity and prerequisites of the field, as well as the growing demand for professionals with advanced skills in cyber security. Conversely, only 4% of students of professional technical programmes in the field of systems engineering enrolled in a programme that covers cyber security subjects.

In Colombia, ICT programmes at short-cycle tertiary level (ISCED Level 5) include two types of programmes: professional technical programmes and technologist programmes, with the latter providing more advanced knowledge and skills. These programmes are similar to associate degrees in the United States, higher technical qualifications in the United Kingdom and Brevet de Technicien Supérieur (BTS) programmes in France. Both professional technical and technologist programmes prepare for entry into the labour market, while allowing for progression to higher levels of education. Delivered by vocational and technical institutions, they target various ICT disciplines such as programming, network administration, and systems management. Both professional technical and technologist programmes are designed through collaboration between employers and educational providers, ensuring that the course content meets industry demands. The National Learning Service (SENA), the largest public professional technical and technologist provider, engages with employers through sectoral roundtables to design and update programmes and curricula. Three out of 84 sectoral roundtables concentrate on the ICT sector, covering areas like digital and information security (SENA, 2023[10]). This approach ensures alignment between educational programmes and the evolving needs of the ICT industry.

Professional technical programmes emphasise foundational skills in ICT. Programmes take two years to complete and usually involve a work-based learning component. They include areas such as hardware and software technical support, as well as software programming. In 2022, only one programme was offered in the field of cyber security (see Table 3.2, first row) with 45 students enrolled. This programme provides foundational knowledge and skills in cyber security such as running vulnerability threat and risk tests and implementing cyber security protocols. Most professional technical programmes focus on broader ICT education, with cyber security addressed as one component within the curriculum. For example, some programmes have modules or courses related to cyber security, such as network and risk management, and incident response. According to SNIES, 11% of professional technical programmes in the field of system engineering include cyber security subjects (6 programmes in total) such as ‘support of information system security’ and ‘introduction to information security’. This approach ensures that students gain a comprehensive understanding of ICT concepts, while developing some specialised knowledge and skills in cyber security. The curriculum is structured to incorporate real-world scenarios and practical exercises, encouraging students to apply their learning to address current and emerging cyber security challenges.

Technologist programmes in cyber security provide a more advanced level of education than technical programmes, preparing students for mid-level roles in the industry. These programmes typically involve both theoretical instruction and practical applications, with emphasis on problem-solving and critical-thinking skills (MEN, 2023[13]). The durations of technologist programmes in cyber security are generally between two and three years. Programmes cover a wide range of topics, including network security, ethical hacking, digital forensics, risk management, security operations, and incident response. Students are also exposed to emerging technologies and trends in the field, such as cloud security, Internet of Things (IoT) security, and artificial intelligence applications in cyber security. Three technologist programmes focus specifically on cyber security: ‘Computer network and information security’, ‘Computer network security management’ and ‘network and information security’ (see Table 3.3). In addition, students can select among the 63 programmes in the field of system engineering which include cyber security as part of the programme structure or as an area of emphasis. For instance, the technologist school ‘Institución Universitaria Salazar Herrera’ in Medellin offers a programme in ‘Technologist in systems’, with information security as area of specialisation. This area includes three subjects: ‘ethical hacking’, ‘network security’ and ‘security testing’

Undergraduate programmes (ISCED Level 6) in Colombia take four to five years to complete. ICT programmes provide students with a solid expertise in various aspects of ICT, while also offering the opportunity to delve deeper into cyber security-related subjects through specialised coursework, projects, or internships. The curriculum typically covers essential topics such as cryptography, network security, ethical hacking, software security, and information assurance, while also incorporating cross-cutting topics and technologies like cloud security, IoT security, and artificial intelligence in cyber security. Only one undergraduate programme is available in cyber security. However, most undergraduate programmes in system engineering cover cyber security topics as part of the curriculum or area of emphasis (58% in 2022) (see Figure 3.2, Panel B).

Table 3.4 describes a cyber security programme and a system engineering programme with an emphasis in cyber security. The former provides students with a comprehensive understanding of cyber security issues from the beginning. Further in the training, it provides specialised knowledge on hacking techniques, forensics, databases and infrastructure security. System engineering programmes with cyber security content also include specialised training in cyber security-specific topics such as software security and infrastructure security, however, most of these subjects are not compulsory. Both programmes combine theoretical foundations with practical applications relevant to a wide range of cyber security roles, from security analysts and consultants to network administrators and digital forensic specialists, including cyber security research (see Chapter 2).

Most undergraduate programmes in systems engineering provide a range of degree pathways and cater to diverse student interests and career goals. One popular option involves participating in industry internships, apprenticeships or work placements during the final year of study (MEN, 2015[21]). These hands-on experiences, which typically last between one semester and a year, enable students to gain valuable insights and practical skills within the sector. Alternatively, students may opt to pursue postgraduate studies early by enrolling in master’s level courses in information security or other related fields during their final year of undergraduate education. This approach allows for a smoother and faster transition into advanced studies.

In higher education, students can also enrol in articulated programmes in ICT fields, designed to facilitate transitions between levels. The term “propaedeutic cycle” is commonly used in Colombia to refer to articulation arrangements and it is particularly common in systems and software engineering degrees (see Box 3.3). Articulation arrangements play a crucial role in smoothing the transition from general ICT technical programmes to technologists and undergraduate programmes such as software engineering with emphasis in cyber security. The framework is flexible, so students can choose the intensity and level of specialisation. This approach is designed to prepare students for more specialised studies in their chosen field, building on the solid foundation in core ICT concepts and principles they already acquired (MEN, 2017[22]).

Table 3.5 shows some of the universities that offer this propaedeutic cycle in system engineering or software engineering with emphasis on cyber security. For instance, Colombian Industrial Technologist school (Corporación Tecnológica Industrial Colombiana – TEINCO) offers a two-years technical programme in information system which equip students with skills to manage databases, websites and information systems and implement protocols for software development. After finishing, students can enroll to obtain a technologist degree in software development by adding one more year of specialised studies, and taking more field specific subjects such as system information design and software and system analysis. If students are interested in obtaining an undergraduate degree in systems engineering with emphasis in cyber security, they only require an additional year and a half of advanced courses such as software development, system auditing, and ethical hacking.

Non-formal education and training in cyber security in Colombia takes many forms, addressing various topics within the field and catering to a wide range of learners. These programmes, which include short-term courses, online learning, and specialised training offered by higher education institutions, industry experts, and private organisations, provide flexible learning opportunities for individuals seeking to develop or enhance their cyber security skills. Within this diverse landscape, this section focuses on the most relevant and innovative initiatives, such as Diplomados or Diploma certificates and the novel offer led by higher education institutions such as micro- and macro-credentials and non-formal learning pathways. These training programmes aim to respond to labour market needs and encourage broader and diverse participation in training.

In Colombia, participation in non-formal education has dropped in all fields of study including informatics and engineering (which are related to cyber security). Panel A of Figure 3.4 shows that around 2.1 million individuals participated in non-formal training in 2022, 42% less than in 2016. The COVID-19 pandemic largely explains this drastic decline in participation in non-formal education. Compared to 2021, after the peak of the COVID-19 pandemic, the number of participants in non-formal training increased by 18% (DANE, 2022[24]). The drop in enrolment is more pronounced in fields different from informatics and engineering which reflects that the demand of ICT skills training remains strong. Also, with the rise of online learning platforms and Massive Open Online Courses (MOOCs), individuals may prefer accessing training and educational content online rather than attending non-formal training person, and such remote options are more often available in the ICT field. In 2022, 80% of non-formal learners enrolled in informatics and engineering took their training online – almost four times more than in 2016 (see Figure 3.4, Panel B). Most of the learners of informatics and engineering non-formal training are enrolled in short or low- and medium-low-intensity courses (less than 100 hours of training) (73%) and in those mainly provided by public institutions (65%).

Informatics is one of the fields learners are most engaged in after ‘business and administration’, ‘health and social services’ and ‘security services’ (DANE, 2022[25]). Around 175 thousand people participated in training in informatics in 2022, which reflects the government’s effort in expanding access to ICT training by funding formal and non-formal programmes. Strategies such as ‘A ticket for the future’ (Un tiquete para el futuro) and ‘Digital skills in cyber security’ are among the initiatives implemented in the last five years (MinTIC, 2022[26]; 2022[27]), as discussed later in this chapter.

Diploma certificates are short, intensive courses that provide specialised education and training in a specific subject or field, such as cyber security. This type of training serves a diversity of students, including working professionals and those seeking a career change. Diploma certificates are not regulated by the municipal secretary of education or MEN (Ambito Jurídico, 2022[28]), however, they are considered the most common non-formal training available and in high and increasing demand by potential learners (El Colombiano, 2021[29]). Ranging in duration between 40 and 120 hours, Diploma certificates combine theoretical instruction and practice-oriented learning experiences (MEN, 2020[30]). They serve as a flexible and accessible form of non-formal education, allowing individuals to expand their expertise and keep up with industry trends. Diploma certificates typically take between 3 to 12 months to complete and involve practical training, case studies, and group discussions. Their costs vary substantially, ranging between COP 600 000 (Colombian Pesos) and COP 4 500 000 (approximately EUR 120 and EUR 915),3 depending on the length and course content. These courses are highly specialised and can be taken in-person or online. Their schedule is flexible, and courses may be offered on evenings and/or weekends, to allow students to balance their studies with other commitments.

The content of diploma certificates in cyber security can vary by level of difficulty and specialisation (see Table 3.6). General diploma certificates equip students with foundational technical knowledge in cyber security and computer security management. These courses also aim to raise awareness about information security issues and cyberattacks. For instance, Javeriana University offers an online diploma certificate that introduces cyber security operations, covering the essential knowledge for understanding cyber security fundamentals. Other diploma certificates address more advanced and complex topics, such as Universidad del Bosque’s diploma certificate focused on Ethical Hacking. This programme enables students to develop knowledge about the technical, strategic, and legal aspects of computer security. Some diploma certificates go hand in hand with competency certifications or industry-required standards. For example, Universidad Piloto de Colombia’s computer security diploma certificates includes an Internal Auditor course and certification in ISO 27001, which is deemed highly relevant in the sector.

Typically, diploma certificates are offered by higher education institutions, professional associations, and private organisations. Some educational institutions form partnerships with private sector companies or specialised international providers. One example is the collaboration between the Pontificia Universidad Javeriana and CyberPro Global, a leading international provider of cyber security education and training. Together, they have established the Javeriana CyberPro Centre, which aims to identify training needs and offer comprehensive cyber security education and support (see Box 3.4). Similarly, SENA developed the ‘Technological centre of excellence and simulation in cyber security’ jointly with MNEMO (an IT and cyber security services company) to deliver diploma certificates in information security and courses related to the field.

Diploma certificates are only one form of non-formal education and training programmes. The non-formal training sector is hugely diverse, with different types of training modalities and covering a variety of sectors. Short courses, like diploma certificates and many other non-formal training activities, have become some of the most common types of non-formal training among learners interested in the field of informatics and engineering (see Figure 3.4, Panel B). These courses usually last a few weeks or months and are often available online and cover a wide range of topics, from foundational knowledge in cyber security, to more specialised topics depending on the course’s focus.

In recent years, due to the high demand for ICT skills, the provision of short-term courses in Colombia has become more structured, offering them as part of learning pathways or building blocks for developing more advanced and specialised skills, such as in cyber security. Micro- and macro-credentials4 are examples of these initiatives, validating and certifying the mastery of specific skills or competencies as part of a learning path in a specific field. In some cases, micro- and macro-credentials can be recognised as part of academic credits (i.e. measure of the value or weight assigned to a particular course or module) within a formal programme. For example, Universidad EAN provides training pathways in ICT skills within the cyber security sector. Paths such as ‘software development,’ ‘information management and databases,’ and ‘network and communication management’ enable students to acquire micro and macro-credentials, validating their knowledge and facilitating access to job opportunities or the recognition of subjects that are part of a formal educational programmes. Some of these short courses are provided online and through e-learning platforms (see Box 3.5).

Cyber security education and training programmes are accessible to learners of all ages. However, in formal education, a significant portion of learners in technical professional, technologist and undergraduate programmes in systems engineering are from the younger cohorts (see Figure 3.5). In 2022, the majority of students nearing completion of technical, technologist programme, or higher education programmes in systems engineering were between 18-25 years old (70% and 59%, respectively), and this share has increased compared to 2017. Conversely, participation of older learners (46+) in cyber security education and training is limited. This is consistent with international research that finds that teens and young adults who faces rapid adoption of mobile internet and faster appropriation of technology, have more changes to engage with STEM education and aspired to work in STEM jobs (Godec, Archer and Dawson, 2021[34]).

In non-formal training, learners from different age groups engage with training in cyber security related fields. Figure 3.6 shows that in the participation rate in informatics and engineering training is higher among 30-49 year-olds than any other age group (47%). Also, young people are more likely to enroll in cyber security related field training than those aged 50 or more (38% vs. 15% respectively).

Similarly to other countries, ICT in Colombia is a male-dominated field. In 2022, around one-fifth of students about to complete their technical and technologist programme (24%) and undergraduate programmes (20%) were women, and this ratio has slightly decreased in the last five years (see Figure 3.6). In non-formal training, women are also underrepresented: only 29% of learners in informatics and engineering are females, which is noticeably less than the proportion of women studying in other fields (52%). The Colombian Government has made progress in providing information regarding labour market outcomes especially in the STEM field, such as the Proyecta-T programme (MEN, 2015[35]), and the labour opportunities available for women in the sector, but policies oriented to guide students to use the information available and support their career decision making process (Bonilla-Mejía, Bottan and Ham, 2019[36]), especially among women, may remain insufficient. Colombia has experienced high levels of economic inequality, which can disproportionately affect women and limit their access to educational resources, including career guidance. Also, lack of female role models in the ICT field make young women less likely to pursue an ICT career path.

The lack of diversity in the cyber security field, particularly regarding gender, may be attributed to stereotypes ingrained in young people from an early age. Such stereotypes and misconceptions about careers in cyber security can influence career expectations and choices, potentially perpetuating current gender diversity imbalances in the profession. In OECD countries, 15-year-old boys are more likely to anticipate working in science and engineering than girls (OECD, 2019[37]). In 2018, the ‘ICT professionals’ occupation ranked among the top three aspirations for 15-year-old boys in OECD countries, whereas it did not even make the top 10 for girls (OECD, 2020[38]). These gender differences in occupational expectations have remained relatively unchanged since 2000 (OECD, 2019[37]). Equally, the under-representation of girls amongst top performers in science and mathematics can at least partly explain the persistent gender gap in careers in STEM fields – which are often amongst the highest-paying occupations (OECD, 2019[37]).

Socio-economic disparities in cyber security education mirror high levels of inequality in higher education enrolment in general. Students from low-income households are less likely to enrol in undergraduate programmes than their high-income peers, regardless of the field of study (Arias Ortiz, Bornacelly and Elacqua, 2021[39]). Typically, students only need to achieve a minimum score on the SABER 11 national standardised test to be eligible for enrolment in higher education programmes. However, students from disadvantaged backgrounds often do not perform as well on this test, which assesses academic skills and knowledge acquired in secondary school and serves as an entrance exam, as their more advantaged peers (Gómez Soler, Bernal Nisperuza and Herrera Idárraga, 2020[40]). This is mainly due to the low quality of public education that most disadvantaged students are enrolled in, as well as unequal access to supplementary tutoring services for test preparation (Gómez Soler, Bernal Nisperuza and Herrera Idárraga, 2020[40]). Evidence indicates that these students have lower pass rate for the minimum requirements especially in STEM programmes (Londoño-Vélez, Rodríguez and Sánchez, 2020[41]). Moreover, students from lower socio-economic background face multiple additional barriers to enrol in higher education programmes, including limited digital literacy, financial constraints and lack of access to necessary tools such as computer and internet connectivity, preventing them from enrolling (Dialogo Inter-Americano, BID, Worldbank, 2021[42]). Figure 3.7 shows that 13 out of 100 000 working age adults from the lowest socio-economic background (Socio-economic stratum 1) were enrolled in systems engineering programmes, which is half of the chances of students from the highest socio-economic background (Socio-economic stratum 6). Most students enrolled in engineering programmes come from middle income households (Socio-economic stratum 3 and 4). Overall, higher education enrolment has increased in the last two decades in Colombia, especially among the most disadvantage learners, but there are concerns in terms of the quality of education these students engage with (Arias Ortiz, Bornacelly and Elacqua, 2021[39]).

There is also a major rural-urban divide in participation in education and training related to cyber security. Only 13% of system engineering students are from rural areas. The system engineering participation rate is 16 students for each 100 000 people in rural areas, compared 47 students for each 100 000 people in urban areas (See Figure 3.7).

Moreover, there are important differences in the provision of and participation in cyber security training programmes by subregion. Participation in non-formal training in cyber security related fields such as informatics is highly concentrated in subregions were the main cities or digital hubs are located such as Bogotá, Cundinamarca, Antioquia (Medellín) and Atlántico (Barranquilla). According to the National Statistics Department (Departamento Administrativo Nacional de Estadísticas, DANE), these regions together account for the 47% of total participation in in this field. However, when adjusting participation by subregion’s population, the participation rate shows more heterogeneity (see Figure 3.8). Subregions such as Casanare, Nariño, Vichada and Guaviare, which historically have faced limited provision of learning opportunities, have relatively higher participation rate in training programmes in cyber security related fields. In some of municipalities of these subregions, SENA is the only training provider available. The poorest subregion such as Putumayo and Choco have none or low participation rate in non-formal training in the field of informatics.

Individuals with a cyber security degree are more likely to be employed than those with degrees from other fields. In Colombia, 96% of individuals with an information system and services qualification, which includes those specialised in cyber security, are employed. This proportion surpasses that from professionals in other ICT fields (80%) (see Figure 3.9, Panel A). This illustrates the favourable labour market conditions for information system and services professionals in the country. The significant increase of cyberattacks in the last decade has led to considerable surge in demand for cyber security professionals (see Chapter 2). Furthermore, the high employability rate reflects the existing gap in the cyber security workforce. Across Latin America, approximately 500 000 cyber security professionals are needed in the labour market (ISC2, 2022[43]), making it highly probable to find employment opportunities in the field. Most of the information system and services professionals (79%) are employed by companies, organisation, or public institution (see Figure 3.9, Panel B). In contrast, only 19% of professionals in this field work as independent contractors or are self-employed, a share that is significantly lower than workers with degrees in other fields (42%).

Likewise, individuals who report having participated in non-formal training programmes in engineering and informatics, including cyber security topics, have relatively high employment rates: around 80% of these individuals are employed, which is higher than the national employment rate of 75% (see Figure 3.10). This strong association is also possibly because training participation is typically higher among employed individuals, and in some cases non-formal training is required to start a new position or role. However, practical, hands-on knowledge and expertise in specific, relevant areas are highly valued by employers, particularly in the cyber security field. Obtaining highly sought-after certificates such as EC-Council Ethical Hacker Certificate (CEH), CompTIA+ Security, and Certified Information Systems Security Professional (CISSP), which are highly required by employers in Colombia (See Chapter 2), can significantly enhance employment opportunities according to United States’ evidence (Albert, 2017[44]), and help individuals stay ahead in this competitive industry (Castaño-Muñoz and Rodrigues, 2021[45]).

Employment indicators for women are generally less strong than for men in the cyber security sector (see Box 3.6) Men who hold a cyber security qualification have a higher likelihood of being employed than their female peers. While employment rates for men with cyber security qualifications are higher than for other qualifications, this is not the case for women. However, women with cyber security qualifications do tend to achieve better employment outcomes compared to other ICT sectors. The Colombian Government has implemented policies aimed at diversifying the cyber security workforce and encouraging more young girls be interested in cyber security roles and education (e.g. Hacker Girls), and enrol in STEM courses in general (e.g. Por TIC Mujer) (see Box 3.14). Today, 96% of cyber security professionals are employed, and only 40% of these employed professionals are women, reflecting the still limited participation of women in cyber security education and training programmes.

In Colombia, the ICT sector as a whole demonstrates a high level of human talent absorption, with the majority of workers being employed formally. According to DANE, the proportion of informal workers in the information system and services sector has dropped to 12% in 2022, which is lower than percentage of professional informal workers from other ICT sectors (16%) (Figure 3.12). This trend indicates that the ICT industry, particularly the information system and service field, offers more formal employment opportunities compared to other sectors (see Chapter 2). Some of the factors driving this high level of formality include the increasing digitisation of businesses and public services, rising cyber threats, and growing awareness of the importance of protecting digital assets (OIT, 2022[46])

Professionals employed in the information system and services sector in Colombia tend to earn higher salaries compared to workers in the ICT sector as a whole. Figure 3.13 shows that 62% of professionals in information system and services earn more than two times the minimum wage, which is nearly three times higher (24%) than professionals in other ICT sectors and four times higher than (15%) those working in non-ICT sectors. On average a professional in information system and services earned around COP 4 500 000 monthly (approximately EUR 900),5 which is almost five times the minimum wage in 2022. These relatively high salaries in the cyber security sector indicate a strong demand for skilled professionals in the labour market. Organisations are willing to invest in attracting and retaining top cyber security talent to address cyber security skill gap in the country.

This section first focuses on the overarching policy framework in Colombia, highlighting elements that have sought to enhance cyber security skills in the country. The second part of this section describes how the provision of education and training, in particular within the higher education sector, has responded to the pressure to diversify learning opportunities in this field.

While Colombia has a comparatively strong cyber security strategy and policy compared to other Latin American countries, its education and training components are less developed. Within the region, Colombia lags behind countries like Mexico or Brazil in terms of cyber security education, training and skills (Figure 3.14). According to the National Cyber Security Index (NCSI),6 which measures progress in cyber security policies, including cyber security skills development, Colombia scores 53 points in this skills pillar, well below the OECD average of 87 points (EGA, 2023[48]). The Organization of American States argued that there is a strong need to develop a capacity-building framework and consolidate lines of action that can enhance cyber security education and training (OAS, 2020[49]). In 2020, the first set of clear policy actions was established by MinTIC to provide learning opportunities and increase enrolment in cyber security education (DNP, 2020[50]). Addressing cyber security skill shortages in Colombia requires a multifaceted policy response (OAS, 2023[51]). In particular, it is necessary to raise awareness among stakeholders about the importance of a qualified cyber security workforce and the need to co-ordinate efforts to respond to cyber risk. It is also essential to facilitate the creation of market-led solutions that diversify access to cyber security training and are aligned with labour market needs.

Colombia has enhanced its cyber security policy by adhering to the OECD Policy framework on digital security (OECD, 2022[53]) and the Organization of American States (OAS) guidelines in cyber security policy (OAS, 2023[54]). These two frameworks promote policies that encourage the development of cyber security capabilities. The OECD framework provides guidance for the design of digital security policies, offers recommendations to structure its governance, and establishes strategies to raise awareness about cyber security threats (OECD, 2022[53]). The OAS’s approach focuses on delivering policy actions, training, and professional support to member states (OAS, 2022[55]). As part of the Cyber Security Education Action Plan (CEAP), OAS provides guidelines for integrating cyber security into national education plans, as well as a toolkit of best practices to generate interest among learners and encourage employers to provide learning opportunities (OAS, 2020[49]).

Various policy documents have set out strategies regarding the development of cyber security skills in Colombia. The first cyber security and defence strategy, established in 2011, focused on strengthening the country’s digital infrastructure against cyber attacks (DNP, 2011[56]). The government provided guidelines to enhance the digital skills of the workforce, including cyber security in 2019 (DNP, 2019[57]). In response, SENA, the Ministry of Education and the Ministry of Labour and Social Protection started to promote cyber security education programmes at all educational levels in 2020. In addition, the MinTIC introduced financial incentives designed to boost participation among various target groups. The incentives were developed following guidelines of the National Council for Economic and Social Policy (Consejo Nacional de Política Económica Social, CONPES). Box 3.7 provides further details of these policy documents.

In response to the strategy outlined in CONPES 3995 (see Box 3.7), MinTIC has implemented initiatives to raise awareness of cyber security and provide training. The “Digital Skills in Cyber Security” initiative focuses on teaching organisations how to develop prevention and defence strategies and manage risk (MinTIC, 2021[61]). During its first phase in 2021, about 2 000 directors and ICT managers were trained in partnership with Universidad del Norte (see Box 3.8). The same policy document provides guidelines to develop a programme in strengthening enterprises’ digital skills more broadly. For instance, the “Digital Talent” project (Talento Digital) provides short-term training in cyber security fundamentals such as protecting sensitive information, managing financial data, and handling personal data (MinTIC, 2022[62]). The objective of this training is to equip employees with the skills needed to ensure operational security (see Box 3.8).

Higher education institutions (HEIs) are increasingly aware of the need to provide programmes and courses that meet the diverse needs of learners and the rapidly evolving skill requirements in the labour market. Colombian HEIs mainly offer formal education programmes as a gateway into cyber security jobs, however, they have been diversifying their offer. The diversification process has involved the development of non-formal programmes such as diploma certificates and other types of short training courses, as well as measures to increase flexibility (e.g. online and hybrid learning options, self-paced modules, and customisable curricula). Non-formal programmes have proven to be more dynamic and adaptable to continuously changing sectors like cyber security, making them well suited to diverse learner profiles.

Short non-formal training courses offered by universities are often recognised and developed in partnership with employers. They allow employers to retrain their employees or fill vacancies. While several current courses in the field of ICT lack an explicit focus on cyber security, they target a broader set of skills within the ICT sector, which may act as foundations for further, more specialised learning. For example, the continuing education department at the University of the Andes has partnered with several companies to develop a range of ICT courses (See Box 3.9). These courses are sometimes included in the regular course offerings, such as micro-credentials that can be recognised and credited towards formal programmes within the same university. Similarly, the engineering department of EAFIT University has recently launched NODO, a flexible learning centre that offers short training courses in ICT (See Box 3.9).

Industry-led certifications, such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), play a key role in signalling skills and underpinning career progression within the field of cyber security (See Chapter 2). Universities therefore sometimes link their non-formal training programmes to industry certifications, so that coursework includes preparation for the relevant exams. For example, the Universidad Distrital de Colombia offers short training courses and preparation for cyber security certifications. Similarly, the Universidad Nacional de Colombia has partnered with Cisco Networking Academy to offer training courses in networking and cyber security (see Box 3.10.)

To ensure high-quality cyber security education, the availability of proficient teaching staff is essential. However, Colombia faces a shortage in this field and in the wider ICT sector. This is a major constraint on the provision of education and training programmes. According to DANE, in 2022, over 150 000 teachers and instructors served in higher education institutions, but less than 3% held a degree in an ICT-related field. Only about 200 teachers and instructors have a degree in “information systems and services”, which encompasses cyber security.

Across all fields, Colombia has the highest ratio of overall number of students relative to the teaching staff in higher education compared to OECD countries (see Figure 3.16). This high ratio can potentially hinder the quality of education and training (Buckner and Zhang, 2020[66]), damage student engagement and completion (Snijders et al., 2020[67]). Additionally, the number of faculty staff has decreased in recent years, while enrolment in higher education has expanded considerably. Between 2019 and 2021 the number of teaching staff in higher education institutions went from 163 000 to 154 000 (LEE, 2021[68]). Moreover, there are substantial regional differences in the ratio of students per teaching staff which hinder the quality of higher education in some departments. According to the National System of Higher Education Information (Sistema Nacional de Información de la Educación Superior, SNIES), Arauca and Putumayo, two departments situated in remote areas with limited connectivity and high poverty levels, face the highest student-to-teacher ratios in the country. This exacerbates educational inequalities, disproportionately affecting disadvantaged youth and adults.

Higher education institutions offering cyber security programmes operate in an intensely competitive landscape, vying to retain and attract teachers with up-to-date technical knowledge and skills. They compete not just amongst themselves for the limited full-time academic staff, but also with companies grappling with a shortage of qualified cyber security professionals. Various elements, including remuneration, promotion practices, and leadership style, are pivotal in retaining and attracting professionals to academia, irrespective of the field (Clark, Cluver and Selingo, 2023[70]). However, in most scenarios, higher education institutions lack sufficient leverage to effectively compete with private sector companies.

Attracting and retaining instructors and professors in ICT fields is crucial for expanding the provision of cyber security programmes and reducing the skills gap in the sector. With particular emphasis on technical and technological programmes, as well as short training courses, both the government and educational institutions have sought to strengthen relationships with companies to provide training to ICT teachers. This includes updating their technical skills and improving teaching strategies. Encouraging collaborative strategies between the business sector and higher education institutions (HEIs) is vital to maintaining a pool of qualified educators in cyber security. Some HEIs have fostered partnership that involve instructor training and professional development. For instance, SENA, via the National School of Instructors (Escuela Nacional de Instructores, ENI), has established cyber security training programmes for instructors in collaboration with companies (see Box 3.11). Some partnerships focus on teaching specific software packages used in cyber security, alongside broad knowledge in the field, such as ethical hacking.

HEIs also adopt more flexible hiring approaches for professors and instructors, allowing professionals from the industry to dedicate some time to teaching while continuing their employment in companies. In institutions like Pontificia Universidad Javeriana or Universidad EAFIT, this employment arrangement is known as a “lecturer” position (Profesor de cátedra), which involves specific subjects and weekly teaching hours. Lecturers receive support from teaching assistants to alleviate academic responsibilities such as grading exams and conducting workshops. Universities leverage their relationships with companies, particularly those managed by their alumni, to invite experts in specific areas to teach courses or modules under this hiring model. According to consulted stakeholders, cyber security professionals who choose to teach as a lecturer are motivated by access to university resources for research (e.g. databases, indexed journals, library facilities, etc.) and the institution’s reputation.

Improving teachers’ English proficiency is also key to ensuring that they can access up-to-date training opportunities. As most significant advancements in this field occur abroad, the latest training is typically available in English. This is a challenge as both learners and teachers often have weak English skills. To address this, the MEN provides English language training as part of the National Bilingualism Programme (MEN, 2022[72]), benefiting schools, higher education institutions, and training providers. Additionally, to enhance English language skills amongst teachers and trainers, training institutions form strategic partnerships. For instance, SENA collaborates with the Heart for Change Foundation, providing English courses facilitated by native-speaking volunteers skilled in teaching English as a foreign language (SENA, 2018[73]). This approach equips instructors with the language skills needed for their professional development.

This section focuses on the priority of enabling more learners to access learning opportunities related to cyber security, including the need to increase access among currently underrepresented groups. First, it looks at the importance of developing basic digital skills in the wider population, as a means of raising awareness of cyber security and promoting interest among potential learners to pursue training in this field. Second, it focuses on measures designed to diversify the cyber security workforce by removing barriers that might prevent interested individuals from pursuing learning opportunities.

Participation in cyber security education and training requires individuals to possess solid basic digital skills. Cyber security is a complex field that demands a thorough understanding of various technological tools and systems to facilitate an individual’s progress through more advanced training. Furthermore, robust digital proficiency coupled with solid cognitive and problem-solving skills, as well as other competencies necessary for online tasks, are crucial for effectively utilising digital technologies and thriving as a cyber security professional (OECD, 2020[74])

Digital illiteracy is common in Colombia, especially among those from disadvantaged backgrounds. A quarter of computer users are unable to send emails with attachments, and a third are unable to connect other devices (OECD, 2019[75]). Colombia has the lowest percentage of households using the internet (70%) among OECD countries and low network coverage disproportionately affects low-educated individuals and poor households (Figure 3.17, Panel A). The share of low-income households with internet access is below that of countries with similar income levels, like Costa Rica, Chile, or the Slovak Republic (Figure 3.17, Panel B). Such unequal access to technology and their ineffective use undermines efforts to develop digital skills among the population, reinforcing and amplifying existing inequalities and impeding the diversification of the cyber security workforce (OECD, 2020[74]; Van Deursen et al., 2017[76]). According to the World Economic Forum Global Competitiveness Index, the Colombian workforce has one of the lowest levels of digital skills among OECD countries (see Figure 3.17, Panel C).

In response to these challenges, the Colombian Government has expanded the provision of training programmes covering key fundamental ICT subjects. The MinTIC’s website offers free courses and provides certified training on basic digital skills in partnerships with Platzi, CISCO, Microsoft and Google Activate (MinTIC, 2023[79]). These programmes aim to equip learners with basic concepts for digital navigation and facilitate progression to advanced training. Topics covered include, for example, introduction to the “digital learning”, “basic informatics in the cloud” and “digital rights and responsibilities”. MinTIC also offers a training course on tools and strategies to study online, to support successful completion in online courses.

MinTIC’s offer also includes more specialised ICT topics. The ‘Talento Digital’ website includes basic training for individuals interested in exploring more specialised ICT areas, such as “Introduction to artificial Intelligence”, “Introduction to cyber security” and “Fundamentals of cyber security” (see Table 3.8). These courses focus on broader concepts, without complex technical content, and provide a foundation for more advanced programmes. All training programmes offered on MinTic’s website are available in Spanish.

Several initiatives aim to simulate learners’ interest in ICT professions, such as cyber security. The MinTIC has implemented, for instance, initiatives in partnership with the British Council, to develop digital skills among children through fun activities (British Council, 2022[80]) – such as for example the “Code for Kids” project that aims to enhance the programming skills of disadvantaged children from an early age by strengthening the ICT competencies of primary school teachers in public schools and using easy-to-manage devices (MinTIC, 2020[81]). Some initiatives include digital literacy alongside other generic skills, such as soft skills. For example, the Sacúdete initiative (ICBF, 2023[82]) includes training in digital skills and ICT knowledge, as well as mentorship for soft skills development (see Box 3.12). Participants also have access to innovation labs, disruptive technology training, and digital bootcamps. The programme encourages interaction with inspiring young leaders in technology and other sectors.

Promoting participation in cyber security training also requires removing barriers to access faced by some potential learners – aside from those related to a lack of basic digital skills. High training costs and a lack of financial aid, as well as the predominance of English in online courses (spoken by only 2.5% of Colombians) are major barriers. In response to these challenges, the Colombian Government, trade associations, and the private sector have launched several initiatives to broaden access to cyber security education and training programmes. Efforts concentrate on boosting digital literacy (see above), stirring interest in cyber security education, and offering financial incentives and subsidies, especially to disadvantaged individuals.

The Colombian Government has implemented various initiatives to increase participation in ICT training, including cyber security. The ‘Talento Digital’ programme provides free certified short courses in fundamental cyber security skills (see above) (MinTIC, 2023[79]). The government also provides scholarships and grants for specialised ICT programmes. For example, the ‘One Ticket for the Future’ programme (Un tiquete para el futuro) provides 90% financing for ICT diplomas, with the remaining 10% covered upon completion (MinTIC and ICETEX, 2022[84]). With this support, individuals can select from 450 ICT programmes across 35 Colombian universities, including 70 programmes focused on cyber security topics such as cryptocurrencies, blockchain, ethical hacking, and cyber security architecture (MinTIC, 2022[27]). All individuals who have already been admitted to any of the programmes included in the ministry’s list can potentially benefit from this financing programme. However, up to 50% of the resources will be allocated as a priority to women, students who have been involved in training initiatives provided by the MinTIC, as well as veterans.

Universities and private training providers have also taken steps to improve access to ICT education and training. These initiatives include free courses, mentoring, tutoring and other types of individual support to address students’ learning needs. For example, students in the Universidad EAFIT’s flexible learning centre (NODO, see Box 3.9) not only receive free training and participate in practical challenges, but also benefit from support by professors and high-achieving students (Box 3.13). Other initiatives adopt a holistic approach, seeking to develop soft skills alongside technical expertise, especially for disadvantaged youth (Venator and Reeves, 2015[85]). For example, Generation Colombia delivers training in software development, among other topics, and provides courses to develop students’ soft skills. The aim is to equip students with the skillset needed to effectively navigate and succeed in the job market (Generation, 2023[86]). Similarly, the District Agency for Higher Education, Science, and Technology (Agencia distrital para la educación superior, la ciencia y la tecnologia, ATENEA) has implemented “Todos a la U”, a programme that provide financial support to most disadvantaged young people to engage with short training programmes in ICT offered by public and private universities, complemented with socioemotional skills workshops and courses for learning English (see Box 3.13)

Providing training in local languages or offering translation services to ensure that individuals with limited English proficiency can access training can also help broaden access to cyber security training. Weak English skills are a common barrier to participation: only 20% of online short courses in cyber security are available in Spanish (Guo, 2018[89]), while Colombia has one of the lowest levels of English proficiency among LATAM countries (EF, 2022[90]). Addressing this challenge, MinTIC has made sure that all training delivered by public providers is available in Spanish. In addition, the Ministry of Education offers resources for autonomous or guided English language learning through the National Bilingualism Programme, available for different proficiency levels (MEN, 2022[91]).

Barriers are also often linked to a limited understanding and misconceptions of cyber security roles. In that sense, gender stereotypes can hinder participation in cyber security education and training. Girls tend to be less confident in their maths, science and IT competences. This is often fuelled by societal and parental biases, and parents’ expectations about the future of their children – independently of performance in mathematics at the age of 15, as measured by the OECD’s PISA test (OECD, 2020[38]). This often leads to girls’ self-censorship and lower engagement in science and ICTs fields (OECD, 2018[92]). Despite the significant reduction in the performance gap between boys and girls in mathematics and sciences in Colombia (Arias Ortiz and Bornacelly, 2017[93]) and the increasing number of women having complex digital skills (ECLAC, 2022[94]), the proportion of female professionals in ICT is only 23% (ECLAC, 2023[95]). Several initiatives have been implemented to encourage women to engage in education and training in ICT. Examples include the “Hacker girls” programme implemented by MinTIC in Colombia, and regional initiatives, such as LATAM Women in Cyber security (WOMCY) (see Box 3.14 for further details).


[44] Albert, K. (2017), “The certification earnings premium: An examination of young workers”, Social Science Research, Vol. 63, pp. 138-149, https://doi.org/10.1016/j.ssresearch.2016.09.022.

[9] Alcaldía Mayor de Bogotá (2021), Fortalecimiento de las competencias de los jóvenes de media del distrito para afrontar los retos del siglo XXI, https://www.educacionbogota.edu.co/portal_institucional/sites/default/files/2022-02/FICHA%20EBI-D%20PROYECTO%207689.pdf.

[28] Ambito Jurídico (2022), Los diplomados son cursos de educación informal inferiores a 160 horas que dan lugar a una constancia de asistencia, https://www.ambitojuridico.com/noticias/general/los-diplomados-son-cursos-de-educacion-informal-inferiores-160-horas-que-dan-lugar.

[93] Arias Ortiz, E. and I. Bornacelly (2017), Nota CIMA #5: ¿Les va mejor a las niñas en educación?, Inter-American Development Bank, https://doi.org/10.18235/0001051.

[39] Arias Ortiz, E., I. Bornacelly and G. Elacqua (2021), Hablemos de política educativa en América Latina y el Caribe #6: Educación superior en América Latina: ¿Cómo las crisis económicas de las últimas décadas han afectado la matrícula?, Inter-American Development Bank, https://doi.org/10.18235/0003050.

[88] ATENEA (2023), Tercera convocatoria Todos a la U, https://agenciaatenea.gov.co/convocatorias/tercera-convocatoria-todos-la-u.

[36] Bonilla-Mejía, L., N. Bottan and A. Ham (2019), “Information policies and higher education choices experimental evidence from Colombia”, Journal of Behavioral and Experimental Economics, Vol. 83, p. 101468, https://doi.org/10.1016/j.socec.2019.101468.

[80] British Council (2022), Programación para niños y niñas, https://www.britishcouncil.co/instituciones/colegios/programacion-para-ninos-y-ninas.

[66] Buckner, E. and Y. Zhang (2020), “The quantity-quality tradeoff: a cross-national, longitudinal analysis of national student-faculty ratios in higher education”, Higher Education, Vol. 82/1, pp. 39-60, https://doi.org/10.1007/s10734-020-00621-3.

[45] Castaño-Muñoz, J. and M. Rodrigues (2021), “Open to MOOCs? Evidence of their impact on labour market outcomes”, Computers & Education, Vol. 173, p. 104289, https://doi.org/10.1016/j.compedu.2021.104289.

[70] Clark, C., M. Cluver and J. Selingo (2023), Talent management becomes a strategy, https://www2.deloitte.com/us/en/insights/industry/public-sector/articles-on-higher-education/talent-management-in-higher-education.html.

[23] Congreso de Colombia (2002), Ley 749 de Julio 19 de 2022De la formación y las instituciones de educación superior técnicas profesionales y tecnológicas, https://www.mineducacion.gov.co/1621/articles-86432_Archivo_pdf.pdf.

[99] Congreso de la República (1994), Ley General de Educación, Ley 115 de Febrero 8 de 1994., https://www.mineducacion.gov.co/1621/articles-85906_archivo_pdf.pdf.

[83] Consejeria presidencial para la juventud (2022), Con entregatón de 55 infraestructuras Sacúdete, Presidente Duque les cumple a los niños, niñas, adolescentes y jóvenes del país, https://colombiajoven.gov.co/prensa/con-entregaton-de-55-infraestructuras-sacudete-presidente-duque-les-cumple-a-los-ni%C3%B1os-ni%C3%B1as-adolescentes-y-jovenes#:~:text=Se%20han%20beneficiado%20372.308%20j%C3%B3venes,en%20el%20periodo%202018%2D2022.

[31] CYBERPRO Center (2023), Javeriana CyberPro Center, https://javerianacyberpro.com/.

[24] DANE (2022), Boletín especial: Características de la formación para el trabjo y la educación informal en Colombia, https://www.dane.gov.co/index.php/estadisticas-por-tema/mercado-laboral/formacion-para-el-trabajo.

[25] DANE (2022), Formación para el Trabajo - Boletin Técnico, https://www.dane.gov.co/files/investigaciones/boletines/ech/formacion/GEIH_FormacionTrabajo_abr_jun22.pdf.

[5] DANE (2021), Clasificación Industrial Internacional Uniforme de todas las actividades económicas, https://www.dane.gov.co/files/sen/nomenclatura/ciiu/CIIU_Rev_4_AC2021.pdf.

[4] DANE (2018), Clasificación Internacional Normalizada de la Educación - Campos de educación y formación adaptada para Colombia CINE-F 2013, https://www.dane.gov.co/files/sen/normatividad/CINE-F-2013-AC.pdf.

[47] DANE (2009), Metodología informalidad de la Gran Encuesta Integrada de Hogares - GEIH, https://www.dane.gov.co/files/investigaciones/boletines/ech/ech_informalidad/metodologia_informalidad.pdf.

[59] Departamento Nacional de Planeación (2020), Documento CONPES - Política Nacional de Confianza y Seguridad Digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf.

[42] Dialogo Inter-Americano, BID, Worldbank (2021), El estado de la conectividad educativa en América Latina: Desafios y oportunidades, https://thedialogue.wpenginepowered.com/wp-content/uploads/2021/11/El-estado-de-la-conectividad-educativa-en-America-Latina-Desafios-y-oportunidades-estrategicas-1.pdf.

[60] Diaz Acevedo, M. and Á. Cremades Guisado (2023), “La evolución de la estrategia de ciberseguridad de Colombia 2011-2021”, Universidad Nebrija, https://www.researchgate.net/publication/367043987_La_evolucion_de_la_estrategia_de_ciberseguridad_de_Colombia_2011-2021.

[50] DNP (2020), Documento CONPES 3995 - Política Nacional de Confianza y Seguridad Digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf.

[57] DNP (2019), Documento CONPES 3975 - Política nacional para la transformación digital e inteligencia artificial, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3975.pdf.

[58] DNP (2016), Documento CONPES 3854 - Política Nacional de Seguridad Digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3854_Adenda1.pdf.

[56] DNP (2011), Documento CONPES 3701 - Lineamientos de política para ciberseguridad y ciberdefensa, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3701.pdf.

[87] EAFIT (2023), Nodo, mientras que algunos resuelven el qué, nosotros creamos el cómo, https://www.eafit.edu.co/nodo (accessed on  april 2023).

[63] EAFIT university (2023), Nodo: Un ecosistema tecnológico para aprender a desaprender (Nodo: A technological ecosystem to learn to unlearn), https://nodoeafit.com/.

[95] ECLAC (2023), Gender equality and women’s and girls’ autonomy in the digital era: contributions of education and digital transformation in Latin America and the Caribbean, https://repositorio.cepal.org/bitstream/handle/11362/48702/S2300099_en.pdf?sequence=4&isAllowed=y.

[94] ECLAC (2022), Social Panorama of Latin America and the Caribbean 2022: Transforming education as a basis for sustainable development, https://www.cepal.org/en/publications/48519-social-panorama-latin-america-and-caribbean-2022-transforming-education-basis.

[33] Edapp (2022), 20 plataformas para crear y aprender online, https://www.edapp.com/blog/es/20-plataformas-de-cursos-online-gratuitos/.

[90] EF (2022), EF English Profiency Index, https://www.ef.com/assetscdn/WIBIwq6RdJvcD9bc8RMd/cefcom-epi-site/reports/2022/ef-epi-2022-english.pdf.

[48] EGA (2023), National Cyber Security Index, https://ncsi.ega.ee/ncsi-index/.

[29] El Colombiano (2021), Las ventajas de los diplomados, https://www.elcolombiano.com/tendencias/las-ventajas-de-los-diplomados-DN15812067 (accessed on  June 2023).

[6] Ferreyra, M. et al. (2017), At a Crossroads: Higher Education in Latin America and the Caribbean, World Bank, Washington, DC, https://doi.org/10.1596/978-1-4648-1014-5.

[1] Fortinet (2023), 2023 cyber security skills gap, https://edu.arrow.com/media/0pld3mup/2023-cybersecurity-skills-gap-report.pdf.

[11] Fundación politécnico Minuto de Dios (2023), Técnico Profesional en Servicios de Seguridad Informática, https://tecmd.edu.co/programas_titulados/tecnico-profesional-en-servicios-de-seguridad-informatica/.

[14] Fundación polítécnico Minuto de Dios (2023), Técnico profesional en servicios de seguridad informática (Professional technician in information security services), https://tecmd.edu.co/programas_titulados/tecnico-profesional-en-servicios-de-seguridad-informatica/.

[86] Generation (2023), Fórmate e impulsa tu carrera profesiona, https://colombia.generation.org/.

[97] GGL (n.d.), Geek Girls LatAm, https://geekgirlslatam.org/ (accessed on 11 September 2023).

[98] Gobierno Digital (2022), Hacker Girls, https://gobiernodigital.mintic.gov.co/seguridadyprivacidad/portal/Iniciativas/Hacker-Girls/.

[34] Godec, S., L. Archer and E. Dawson (2021), “Interested but not being served: mapping young people’s participation in informal STEM education through an equity lens”, Research Papers in Education, Vol. 37/2, pp. 221-248, https://doi.org/10.1080/02671522.2020.1849365.

[40] Gómez Soler, S., G. Bernal Nisperuza and P. Herrera Idárraga (2020), “Test Preparation and Students’ Performance: The Case of the Colombian High School Exit Exam”, Cuadernos de Economía, Vol. 39/79, pp. 31-72, https://doi.org/10.15446/cuad.econ.v39n79.77106.

[89] Guo, P. (2018), “Non-Native English Speakers Learning Computer Programming”, Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, https://doi.org/10.1145/3173574.3173970.

[82] ICBF (2023), Conócenos Sacúdete, https://sacudete.icbf.gov.co/.

[52] IDB and OAS (2016), Cybersecurity: Are We Ready in Latin America and the Caribbean?, https://publications.iadb.org/en/cybersecurity-are-we-ready-latin-america-and-caribbean.

[18] Institución Universitaria Escolme (2023), Tecnologo en redes y seguridad informática (Technologist in Network and information security), http://www.escolme.edu.co/.

[16] Institución Universitaria Pascual Restrepo (2023), Tecnología en desarrollo de software (Technologist in Software development), https://pascualbravo.edu.co/facultades/facultad-de-ingenieria/programmeas/tecnologia-en-desarrollo-de-software/.

[15] Institución Universitaria Salazar y Herrera (2023), Tecnologías en sistemas (Technologist in systems), https://www.iush.edu.co/es/Universidad/pregrados/escuela-de-ingenierias/tecnologia-sistemas.

[12] Instituto superior de educación social (ISES) (2023), Técnico profesional en soporte de hardware y software, https://www.ises.edu.co/soporte-de-hardware-software.

[43] ISC2 (2022), Cyber security workforce study, https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx.

[68] LEE (2021), Datos y Estadísticas, https://lee.javeriana.edu.co/datos-y-estadisticas.

[41] Londoño-Vélez, J., C. Rodríguez and F. Sánchez (2020), “Upstream and Downstream Impacts of College Merit-Based Financial Aid for Low-Income Students: Ser Pilo Paga in Colombia”, American Economic Journal: Economic Policy, Vol. 12/2, pp. 193-227, https://doi.org/10.1257/pol.20180131.

[3] Manpower Group (2022), Colombia’s 2022 Talent Shortage, https://go.manpowergroup.com/hubfs/Talent%20Shortage%202022/MPG_2022_TS_Infographic-Colombia.pdf.

[8] Medellin’s Secretary of Education (2022), Technical upper secondary programmes (Programas de media técnica), https://www.medellin.edu.co/secretaria/vivero-del-software/media-tecnica/.

[13] MEN (2023), Educación Técnica y Tecnológica en Colombia, https://www.mineducacion.gov.co/portal/micrositios-superior/Educacion-Tecnica-y-Tecnologica/.

[7] MEN (2023), Sistema Nacional de Información de la Educación Superior – SNIES (National Higher Education Information System), https://snies.mineducacion.gov.co/portal/.

[72] MEN (2022), Programa Nacional de Bilinguismo, https://educacionrindecuentas.mineducacion.gov.co/pilar-1-educacion-de-calidad/programa-nacional-de-bilinguismo/.

[91] MEN (2022), Programa Nacional de Bilinguismo (About the National Bilingual Program), https://eco.colombiaaprende.edu.co/about-bilingualism/?playlist=55b8e92&video=d3092d9.

[30] MEN (2020), Educación para el trabajo y desarrollo humano, https://www.mineducacion.gov.co/1759/articles-355413_recurso_pdf_FAQ.pdf.

[22] MEN (2017), Formación por ciclos propedéuticos, https://www.mineducacion.gov.co/portal/Educacion-superior/Informacion-Destacada/196476:Formacion-por-ciclos-propedeuticos.

[21] MEN (2015), Prácticas: Pasantias y contratos de aprendizaje, https://www.mineducacion.gov.co/1780/articles-354776_archivo_pdf_Consulta.pdf.

[35] MEN (2015), Programa Proyecta-T, https://proyectateherramienta.mineducacion.gov.co/MenVocOcup/.

[79] MinTIC (2023), Talento Digital - Cursos en linea, https://talentodigital.mintic.gov.co/734/w3-propertyvalue-217941.html (accessed on  April 2023).

[96] MinTIC (2022), En Colombia más de 20 mil mujeres se formaron con Por TIC Mujer en 2022, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/273364:En-Colombia-mas-de-20-mil-mujeres-se-formaron-con-Por-TIC-Mujer-en-2022.

[26] MinTIC (2022), MinTIC financiará diplomados en ciberseguridad para empresarios y equipos técnicos, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/208806:MinTIC-financiara-diplomados-en-ciberseguridad-para-empresarios-y-equipos-tecnicos.

[62] MinTIC (2022), Proyecto Fortalecimiento de las Competencias Digitales, https://mintic.gov.co/micrositios/convocatoria-habilidades-digitales/775/articles-172269_terminos_Ciberseguridad_2022.pdf.

[27] MinTIC (2022), Un ticket para el Futuro, https://www.mintic.gov.co/micrositios/unticketparaelfuturo/799/w3-channel.html.

[61] MinTIC (2021), Equipos de trabajo de 110 empresas recibirán capacitación gratuita en ciberseguridad con el Ministerio TIC, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/176180:Equipos-de-trabajo-de-110-empresas-recibiran-capacitacion-gratuita-en-ciberseguridad-con-el-Ministerio-TIC-Karen-Abudinen.

[81] MinTIC (2020), Ministerio TIC y el British Council forman profesores y estudiantes en programación, https://mintic.gov.co/portal/inicio/Sala-de-Prensa/Noticias/80650:Ministerio-TIC-y-el-British-Council-forman-profesores-y-estudiantes-en-programacion.

[84] MinTIC and ICETEX (2022), Créditos condonables para educación en Colombia - Fondo Un ticket para el Futuro Convenio Interadministrativo, https://web.icetex.gov.co/documents/20122/687162/Texto-de-la-Convocatoria-Diplomados-Fondo-Un-Ticket-para-el-Futuro.pdf.

[32] MNEMO (2022), SENA y MNEMO inauguran en Colombia el primer centro tecnológico de excelencia y simulación en ciberseguridad de América Latina (SENA and MNEMO launch Colombia’s first cybersecurity technology centre of excellence and simulation in Latin America), https://www.mnemo.com/sena-mnemo-ciberseguridad/.

[54] OAS (2023), Practica Guide for CSIRTs, https://www.oas.org/es/sms/cicte/ciberseguridad/publicaciones/Guia-CSIRT%202023%20Digital%20ENG.pdf.

[51] OAS (2023), Reporte sobre el desarrollo de la Fuerza Laboral de ciberseguridad en una era de escasez de talento y habilidades, https://www.oas.org/es/sms/cicte/docs/Reporte_sobre_el_desarrollo_de_la_fuerza_laboral_de_ciberseguridad_en_una_era_de_escasez_de_talento_y_habilidades.pdf.

[55] OAS (2022), National Cybersecurity Strategies, https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf.

[49] OAS (2020), Cyber security education: Planning for the future through workforce development, https://www.oas.org/es/sms/cicte/docs/White-Paper-Cybersecurity-Education.pdf.

[69] OECD (2023), Students per teaching staff (indicator), https://doi.org/10.1787/3df7c0a6-en (accessed on 23 June 2023).

[77] OECD (2022), ICT Access and Usage by Households and Individuals (database), https://stats.oecd.org/Index.aspx?DataSetCode=ICT_HH2.

[53] OECD (2022), OECD Policy Framework on Digital Security: Cybersecurity for Prosperity, OECD Publishing, Paris, https://doi.org/10.1787/a69df866-en.

[2] OECD (2021), OECD SME and Entrepreneurship Outlook 2021, OECD Publishing, Paris, https://doi.org/10.1787/97a5bbfe-en.

[38] OECD (2020), Dream Jobs? Teenagers’ career aspirations and the future of work, https://www.oecd.org/education/dream-jobs-teenagers-career-aspirations-and-the-future-of-work.htm.

[74] OECD (2020), OECD Digital Economy Outlook 2020, OECD Publishing, Paris, https://doi.org/10.1787/bb167041-en.

[75] OECD (2019), OECD Reviews of Digital Transformation: Going Digital in Colombia, OECD Reviews of Digital Transformation, OECD Publishing, Paris, https://doi.org/10.1787/781185b1-en.

[37] OECD (2019), PISA 2018 Results (Volume II): Where All Students Can Succeed, PISA, OECD Publishing, Paris, https://doi.org/10.1787/b5fd1b8f-en.

[92] OECD (2018), Bridging the digital gender divide, http://www.oecd.org/digital/bridging-the-digital-gender-divide.pdf.

[101] OECD (2014), “Learning Begets Learning: Adult Participation in Lifelong Education”, Education Indicators in Focus, No. 26, OECD Publishing, Paris, https://doi.org/10.1787/5jxsvvmr9z8n-en.

[46] OIT (2022), OIT destaca el potencial de las tecnologías para impulsar la e-formalización en América Latina, https://www.ilo.org/americas/sala-de-prensa/WCMS_855184/lang--es/index.htm.

[71] SENA (2023), Escuela Nacional de Instructores “Rodolfo Martínez Tono” (National School of Instructors), https://www.sena.edu.co/es-co/comunidades/instructores/Paginas/default.aspx.

[10] SENA (2023), Mesas sectoriales. Conectando sectores, https://www.sena.edu.co/es-co/Empresarios/Paginas/mesasSectoriales.aspx.

[73] SENA (2018), Escuela Nacional de Instructores - Comunicaciones - Biliinguismos Espanol-Ingles, https://www.sena.edu.co/es-co/comunidades/instructores/Convocatorias/CONVOCATORIA-BE-LINGUAL-SEGUNDO-SEMESTRE.pdf.

[67] Snijders, I. et al. (2020), “Building bridges in higher education: Student-faculty relationship quality, student engagement, and student loyalty”, International Journal of Educational Research, Vol. 100, p. 101538, https://doi.org/10.1016/j.ijer.2020.101538.

[17] Unidades tecnológicas de Santander (2023), Tecnologia en Desarrollo de Sistemas informáticos (Tecnologist in development of informatic systems), https://www.uts.edu.co/sitio/tecnologia-en-desarrollo-de-sistemas-informaticos/#1562800770722-cfdcde65-4afc.

[64] Universidad de los Andes (2023), Oferta académica de educación continua (Academic offer of continuing education), https://educacioncontinua.uniandes.edu.co/es.

[20] Universidad de Manizales (2023), Ingenieria en Seguridad de la información (Information Security Engineering), https://umanizales.edu.co/Programa/ingenieria-en-seguridad-de-la-informacion/.

[65] Universidad Distrital de Colombia (2023), Curso Certified Information Systems Security Professional – CISSP, https://www.egresadosudistrital.edu.co/index.php/capacitaciones/seguridad-informatica/curso-certified-information-systems-security-professional-cissp.

[19] Universidad Javeriana (2023), Ingenieria de Sistemas (System engineering), https://www.javeriana.edu.co/carrera-ingenieria-de-sistema.

[76] Van Deursen, A. et al. (2017), “The compundness and sequentiality of digital inequality”, International Journal of Communication, https://ijoc.org/index.php/ijoc/article/view/5739.

[85] Venator, J. and R. Reeves (2015), Building the soft skills for success, https://www.brookings.edu/blog/social-mobility-memos/2015/03/18/building-the-soft-skills-for-success/.

[100] Werquin, P. (2010), Recognising Non-Formal and Informal Learning: Outcomes, Policies and Practices, OECD Publishing, Paris, https://doi.org/10.1787/9789264063853-en.

[78] World Economic Forum (2019), Digital skills among population, https://www.weforum.org/reports/the-global-competitiveness-report-2020/.


← 1. Under Colombian definition, courses such as ‘diploma’, ‘seminar’, or ‘workshop’ that are offered sporadically, and have a duration of less than 160 hours, are considered informal education (Congreso de la República, 1994[99]). According to the OECD definition, these courses are considered part of non-formal education, which is defined as a sustained educational activity that takes place both within and outside educational institutions and caters to individuals of all ages. This includes open or distance learning courses, private lessons, organised sessions for on-the-job training, workshops, or seminars (OECD, 2014[101]; Werquin, 2010[100]). For this report, we use the OECD’s definition of non-formal education.

← 2. ETDH refers to education for employability and human development (Educación para el Trabajo y el Desarrollo Humano).

← 3. Course cost based on website search of Diploma certificates offered in April 2023. Conversion in euros based on the average Colombian pesos-Euro exchange rate in April 2023.

← 4. Micro-credentials are short qualifications that validate competency in a specific skill or knowledge area. They are quick to obtain, focused on targeted learning outcomes, and aligned with industry needs. They offer individuals the opportunity to acquire specialised knowledge without the time commitment required for longer-term educational programmes. Meanwhile, Macro-credentials are comprehensive certifications that encompass a wide range of skills and knowledge. They require longer study periods and indicate higher expertise or qualifications in a specific field. Generally awarded by educational institutions or professional organisations, they may involve degree programmes or professional certifications.

← 5. Conversion in euros based on the average Colombian pesos-Euro exchange rate in April 2023.

← 6. The National Cyber Security Index is a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI focuses on measurable aspects of cyber security implemented by the central government: 1) Legislation in force – legal acts, regulations, orders, etc; 2) Established units – existing organisations, departments, etc; 3) Co-operation formats – committees, working groups, etc; and 4) Outcomes – policies, exercises, technologies, websites, programmes, etc.

Metadata, Legal and Rights

This document, as well as any data and map included herein, are without prejudice to the status of or sovereignty over any territory, to the delimitation of international frontiers and boundaries and to the name of any territory, city or area. Extracts from publications may be subject to additional disclaimers, which are set out in the complete version of the publication, available at the link provided.

© OECD 2023

The use of this work, whether digital or print, is governed by the Terms and Conditions to be found at https://www.oecd.org/termsandconditions.