Foundational Enabler: Grow a Robust Cyber Talent Pipeline
Facts and Figures: Singapore’s Cybersecurity Workforce and Industry
Key Trends Impacting the Cybersecurity Workforce
Salaries of Cybersecurity Professionals
Cybersecurity Talent Roadmap
Facts and Figures: Singapore Education Ecosystem
Opportunities for Youths and Students to Explore and Learn about Cybersecurity
Programme Details for Youths and Students
Cybersecurity Talent Development Programmes for Fresh
and Skills Roadmaps for Organisations
Unlocking the Cybersecurity Fort: Finding Talent for Your Organisation
Overview of Manpower Sources for the Cybersecurity Sector
Programme Details for Employers
How to Reach Cybersecurity Talent in Singapore
Retaining Cybersecurity Professionals
Empowering Educators and Career Guidance Counsellors to Guide the Next
Purpose and Intended Audience for This Guidebook
As the cyber threat landscape evolves rapidly and brings greater complexity to the cybersecurity industry, manpower initiatives must be continuously reviewed to reflect the changing needs of the industry and workforce. This guidebook provides an overview of the industry trends and available opportunities within Singapore’s cybersecurity industry, such as education and learning programmes for youths, students, fresh graduates, mid-career individuals, employers, as well as educators and school career counsellors.
For youths and students, this guidebook informs them of the array of activities and programmes available. From cybersecurity boot camps, competitions, skills training programmes, and learning journeys, to career mentoring sessions, there are many programmes for them to tap on. Through these programmes, they can explore cybersecurity as a career, and build up their technical knowledge and soft skills.
For fresh graduates and mid-career individuals that are interested in the cybersecurity sector, this guidebook provides an overview of the various talent programmes. They can evaluate available programmes and initiatives, and select the ones that will allow them to build on existing competencies and skill sets. This will prepare them to join the cybersecurity industry directly or through relevant conversion programmes.
For employers, this guidebook provides an overview of talent programmes that they can participate in to fulfil their manpower and business needs. It also helps companies to identify and understand the vital skills required for success in the cybersecurity industry. By recognising these skills, companies can better invest in training, learning, and development programmes to enhance their employees’ skills and support their career progression via vertical and lateral career pathways in the Skills Framework for Information and Communication Technology (ICT) across all stages of their careers.
For educators and school career counsellors, this guidebook is a resource for them to understand the opportunities in the cybersecurity industry. This will help to bridge the gap between academia and industry, as well as raise awareness about the career prospects for cybersecurity among their students.
This guidebook was developed by Cyber Security Agency of Singapore (CSA), with the support and guidance from the following partners:
Government
• Government Technology Agency of Singapore (GovTech)
• Infocomm Media Development Authority (IMDA)
• SkillsFuture Singapore (SSG)
• Workforce Singapore (WSG)
Professional Bodies
• Association of Information Security Professionals (AiSP)
• Singapore Computer Society (SCS)
Academia
• National University of Singapore (NUS)
• Nanyang Technological University (NTU)
• Singapore Institute of Technology (SIT)
• Singapore Management University (SMU)
• Singapore Polytechnic (SP)
Industry
• CSA’s Professionalisation Advisory Group
⸰ Capitaland
⸰ OCBC Bank
⸰ Schneider Electric
⸰ SMRT
• SCS Skills Development Committee
⸰ Ensign Infosecurity
⸰ GIC
⸰ NCS Singapore
⸰ Singapore Airlines
⸰ Singtel
⸰ ST Engineering
⸰ Synapxe
⸰ Temasek Holdings
• Republic Polytechnic (RP)
• Ngee Ann Polytechnic (NP)
• Temasek Polytechnic (TP)
• Institute of Technical Education (ITE)
We hope that this guidebook will be a valuable and practical resource for anyone who is interested in being part of the cybersecurity ecosystem, and helping to foster a vibrant and resilient cybersecurity workforce in Singapore.
About CSA’s Singapore Cybersecurity Strategy
In 2016, CSA launched our first Singapore Cybersecurity Strategy to lay the foundation for our cybersecurity preparedness today. As our operational, technological, and geopolitical environments are ever-changing, this strategy is periodically reviewed and refreshed to address new and emergent cyber threats.
Compared to Strategy 2016, Strategy 2021 takes a more proactive stance on addressing
threats, broadening our scope of protection, and seeking to develop deeper partnerships with industry and other organisations. By taking these steps, we can better adapt to changes in our cyber operating environment. Strategy 2021 also places greater emphasis on workforce and ecosystem development as key enablers of our nation’s cybersecurity.
The Three Strategic Pillars That Drive Strategy 2021
Build Resilient Infrastructure
Strengthen the security and resilience of our digital infrastructure
Enable a Safer Cyberspace
Create a cleaner and healthier digital environment
Enhance International Cyber Cooperation
Foster an open, secure, stable, accessible peaceful an interoperable cyberspace
These strategic pillars are underpinned by two foundational enablers, namely, Develop a Vibrant Cybersecurity Ecosystem and Grow a Robust Cyber Talent Pipeline
In this guidebook, we focus on one of the foundational enablers—Grow a Robust Cyber Talent Pipeline.
Foundational Enabler: Grow a Robust Cyber Talent Pipeline
Goal: To develop and sustain a strong cybersecurity workforce that meets our security and economic needs.
Amidst an ever-evolving technological landscape, the breadth and depth of cybersecurity responsibilities for the Government, enterprises, and organisations will continue to grow. To achieve the objectives, we will need to groom new talent and upskill existing professionals. It is therefore critical for Singapore to cultivate a robust cybersecurity talent pipeline. We can do so by leveraging our strong pre-employment and continuing education systems. This will enhance Singapore’s competitive advantage, especially because there is a global shortage of cybersecurity professionals.
Manpower Strategy 1: Capture the interest of youths and enable them to pursue cyber as a career
We are seeking to attract promising youths to the cybersecurity industry to build a pipeline of local talents for the longer term. The Government works closely with schools and other partners to engage youths through cybersecurity bootcamps, competitions, training programmes, learning journeys, and career mentoring. In addition, the Government equips school teachers and career counsellors with knowledge on the cybersecurity sector under the SG Cyber Educators initiative so that they can guide students in their career choices. Selected male youths with an aptitude and interest in cybersecurity can also serve their National Service under the Cyber Work-Learn scheme. By providing opportunities for continued skills development and hands-on experiences, we can enhance the talent pipeline.
To ensure that our cybersecurity workforce is well equipped with the requisite skills and knowledge, we need to create an upskilling culture and foster a dynamic sector with strong professional communities. Industry partners, Institutes of Higher Learning (IHLs), and professional associations are the key partners that we need to achieve those objectives. This collaboration will also enable the Government to work with stakeholders to further support youths, women, and mid-career professionals who wish to pursue a cybersecurity career.
Manpower Strategy 2: Attract diverse talents
Apart from youths, the Government is also looking to attract more women and mid-career professionals from adjacent fields to join the cybersecurity industry. To do this, we work closely with industry and international partners to encourage girls to take up cybersecurity education programmes and inspire women to take on cybersecurity roles. Neurodiverse individuals are also welcome, as we encourage organisations to provide suitable work environments for them. We also encourage mid-career professionals to join the cybersecurity sector via professional conversion programmes.
Manpower Strategy 3:
Enhance career pathways and facilitate development of deep skills
Skills development frameworks, developed and maintained by the Government, can be used to guide our cybersecurity professionals on career pathways and skills training. For example, the Government has launched the Skills Framework for ICT (Cybersecurity Track) and the Operational Technology Cybersecurity Competency Framework (OTCCF) as tools for organisations to leverage for the enhancement of their cybersecurity professionals’ career pathways. We have also been improving access to training and networking opportunities for cybersecurity professionals. Today, professionals can tap on training grants to upgrade their technical skills or join programmes such as Cybersecurity Strategic and Leadership Programme (CSLP), which sharpens their cybersecurity leadership skills.
Manpower Strategy 4: Raise, train, and sustain cybersecurity professionals in the public sector
Cybersecurity professionals in the public sector can also benefit from the structured and fulfilling career pathways that have been developed by the Government. For example, CSA leverages Cybersecurity Development Programme (CSDP) to train a common pool of cybersecurity experts for the public sector. Upon completion of the programme, participants can choose to pursue a career within the public service or enter the private sector. CSA has also established the CSA Academy, which provides cybersecurity professionals in the Government and Critical Information Infrastructure (CII) sectors with intermediate to advanced level cybersecurity courses that are not readily available in the training market.
Manpower Strategy 5: Support our cybersecurity community and recognise excellence
The cybersecurity industry, professional bodies, and academia are key stakeholders in Singapore’s journey to grow a strong cyber workforce. Our industry and community partners, with the support of the Government, often organise community events, workshops, conferences, and programmes that help strengthen the talent pipeline and develop our professionals. One of the initiatives that CSA supports is The Cybersecurity Awards, an annual event that recognises enterprises and individuals who have made significant contributions to the local cybersecurity ecosystem. The Government also engages professional bodies such as those for engineers, accountants, auditors, and lawyers to curate suitable cybersecurity training courses through the SG Cyber Associates programme. Through this initiative, noncybersecurity professionals are equipped with cybersecurity fundamentals that can aid them during their course of work.
4
1
Facts and Figures: Singapore’s Cybersecurity Workforce and Industry
In recent years, the Singapore cybersecurity workforce has:
Tripled in size within six years, from 4,000 in 2016 to around 12,000 in 2022
A gross median monthly salary of S$6,8001 for cybersecurity professionals, which is above the tech sector median of S$6,0922
The highest number of certification holders per capita in the world for Certified Information Systems Security Professional (CISSP) and in Southeast Asia for Offensive Security Certified Professional (OSCP)
Developed a niche in Managed Security Service Provider (MSSP) services, resulting in talent with specialised skills such as Penetration Testing, Incident Response, and Forensic Investigation3
An estimated annual gross Pre-Employment Training (PET) pipeline of more than 900 graduates from over 20 tertiary-level cybersecurity courses
2024
25%
Seen an increase of more than 25% since 2015 in the number of cybersecurity researchers, scientists, engineers in cyber-physical systems and security software assurance in local IHLs or Research Institutes (RIs)4
In addition to Singapore’s cybersecurity market growing faster than previously forecasted,
Singapore’s cybersecurity market value tripled from ~S$570 million in 2015 to ~S$1.5 – S$$1.8 billion in 20215
The global cybersecurity market was estimated to be valued at US$145 –US$165 billion in 2021, and projected to grow to US$255 billion by 20266
Southeast Asia is one of the fatest growing regions for cybersecurity, with ~15% cumulative annual growth in market size
5 Market size measures the aggregate amount of end-user spending on cybersecurity in Singapore, which includes the spending for cybersecurity products and services used in Singapore.
6 Market size calculated using data triangulation involving (i) secondary reports from Mordor Intelligence, The Business Research Company and EYP Internal reports, (ii) supply side discussion with global or local experts (e.g. cybersecurity providers, distributors, MSSPs) and (iii) demand estimated based on end-user survey: % of IT Spend from total revenue X % of Cybersecurity Spend from IT Spend.
Key Trends Impacting the Cybersecurity Workforce
Artificial Intelligence
The growth of Artificial Intelligence (AI) presents both opportunities and challenges to the cybersecurity workforce. AI has the capability to enhance threat detection, automate routine tasks, and improve response times to potential breaches. As such, cybersecurity professionals should understand how to work with AI-enhanced tools, how to integrate them into their workflows, and how to manage and oversee the security processes. However, AI can also create new challenges and risks for the cybersecurity industry, such as deepfakes and AI-powered cyber-attacks that require increasingly complex countermeasures.
Diversity and Inclusion
There is a push for greater diversity and inclusion in the cybersecurity workforce, with efforts to attract more women, midcareer individuals, and individuals from diverse backgrounds to the industry. To have the right balance of skills and diverse perspectives, organisation should practise fair and inclusive hiring.
Regulatory Changes
Regulatory changes can influence the overall cybersecurity strategies of organisations. Cybersecurity professionals may need to adapt their approaches to align with the new compliance requirements, potentially leading to changes in risk management, incident response, and governance practices.
Demand for Skilled Cybersecurity Professionals
As the frequency of cybersecurity incidents increase, organisations recognise the importance of implementing robust cybersecurity measures. This creates a higher demand for skilled cybersecurity professionals, resulting in a competitive job market for cybersecurity talent, locally and globally. In addition, the shortage of skilled cybersecurity professionals has also driven up salaries and created opportunities for adjacent professionals to convert or transition into cybersecurity roles. There is also a growing emphasis on soft skills such as communication, problemsolving, and collaboration, as cybersecurity professionals will need to work closely with different stakeholders.
Remote Work and Digital Transformation
The rapid shift to digital transformation has exposed organisations to new cybersecurity risks, including vulnerabilities in newly implemented digital systems as well as the potential for increased phishing and social engineering attacks. This is because flexible work arrangements require employees to have access to company systems and data from external locations and devices, which inevitably expands the cyber-attack surface. This necessitates a stronger focus on securing remote access and endpoints, resulting in an increased need for cybersecurity professionals who can secure remote work environments and digital infrastructure.
Salaries of Cybersecurity Professionals
Starting salaries of tertiary graduates hired in the tech sector vary widely, depending on the job role and remuneration package, as well as the candidate’s educational background, certifications, and internship experience.
Monthly Salaries of Fresh Graduates (i.e. ITE7, Polytechnic8, and University Graduates9)
ITE and Polytechnics
Salaries of Experienced Hires
The growing demand for cybersecurity talent has put a premium on experienced hires, and employers may have to be prepared to meet global benchmarks to attract top talent to their teams. Below are some aggregated data of median annual salary ranges for experienced cybersecurity professionals in the industry, with at least five years of relevant work experience.10
Cybersecurity Roles – Salary Ranges by Experience Level
Note: The salary data was based on job placements done by Morgan McKinley Pte Ltd between 2023 and 2024. It may not fully represent all industries, or specific roles. Salaries can fluctuate due to various factors, such as qualifications, experience, and market trends. This data should be used as a general guide only, and individuals are encouraged to conduct further research or seek additional insights before making any decisions based on the information presented.
7 Ministry of Education, Graduates’ Employment Survey 2023 (Institute of Technical Education)
8 Ministry of Education, Graduates’ Employment Survey 2022 (Polytechnics)
9 Ministry of Education, Graduates’ Employment Survey 2023 (Autonomous Universities)
10 2024 Singapore Salary Guide, Morgan McKinley, January 2024
Cybersecurity Talent Roadmap
In Singapore, the private and public sectors actively collaborate to create training opportunities to build a strong pipeline of cybersecurity talent for the industry. However, while it is important to hire the right people, it is equally necessary to invest and groom the organisation’s human capital by helping employees to grow, learn, and develop their careers further. As such, the efforts by cybersecurity industry include the conceptualisation of the cybersecurity talent roadmap, a comprehensive range of manpower programmes, and initiatives designed to not only support with hiring, but also to aid in the development and retention of talent.
Programmes and Initiatives for Youths
(Pre-Employment)
MOE Education Pathways
Pre-Employment Training (PET)
• Autonomous Universities
• ITE
• Polytechnic
• Primary, Secondary Schools and Junior Colleges
Attachments / Internships
• Polytechnic / ITE Job Attachments
• University Internships
Explore Experience
Scholarships
• Government / University Scholarships
• Private / External Scholarships
Supporting Youths with Cybersecurity Initiatives and Programmes
Advanced Cybersecurity Training for Youth Talents
• SG Cyber Olympians
Mentorship for Students and Professionals
• Cybersecurity Career Mentoring Programme
Advanced Cybersecurity Training for Youth Talents
• Sentinel Programme (ITE / Polytechnic / JC Year 1)
• Sentinel Programme (Secondary 1)
Acquire ICT Knowledge through CCA
• Infocomm Media Club Activities (For all levels of MOE schools)
In 2022, Singapore projected a budget of S$13.6 billion for education, making it the country’s third highest expenditure after defence and health. There are more than 20 cybersecurity courses delivered by ITE, Polytechnics, and Autonomous Universities (AUs), producing approximately 900 graduates annually. These educational establishments also support lifelong learning among the
workforce by offering modular and industryrelevant courses. Furthermore, Singapore’s universities have earned global recognition, with NUS and NTU ranking 8th and 26th respectively in the 2024 QS World University Rankings.
The post-secondary and tertiary education institutes below offer cybersecurity related courses for PET and Continuous Education and Training (CET).
Six Autonomous Universities
Institute of Technical Education
Five Polytechnics
Opportunities for Youths and Students to Explore and Learn about Cybersecurity
Programme Details for Youths and Students
Cultivating Youth Interest in Cybersecurity
Coding for Youths (Primary to Secondary School)
Code for Fun Programme
Owners: IMDA and Ministry of Education (MOE)
The Code for Fun Programme (CFF) is jointly offered by IMDA and MOE to all government and government-aided primary and secondary school. CFF exposes students to computational thinking through coding, inventive thinking through digital making, and emerging technologies such as AI. Since 2020, all upper primary school students go through CFF or a comparable coding programme. Students in almost two-thirds of secondary schools participated in the programme in 2024. More than 50,000 students are reached through these programmes every year.
Acquire ICT Knowledge through CCAs
Infocomm Media Clubs Programme
Owners: IMDA and MOE schools
Students that are keen to pursue their interest in technology and media can join infocomm and media-related clubs in MOE primary and secondary schools, junior colleges, and Millennia Institute. IMDA’s Infocomm Media Clubs (IMC) programme aims to provide IMC students with the opportunity to pursue their interest, deepen their learning and gain industry exposure. The programme covers a wide range of exciting and enriching programmes, from bootcamps to learning journeys, leadership training, as well as a national tech competition. Through partnerships with industry partners like Apple, Google and AWS, IMC students have the opportunity to learn emerging technologies like AI and data science, and use the knowledge to solve real-world problems. Learning journeys provide students with out-ofclassroom experiences to understand how technology and media are applied in the industry, and the national tech competition provides students the opportunity to showcase their skills at a national platform.
Pre-Employment Training MOE Education Pathways
Primary, Secondary Schools and Junior Colleges Curricula
MOE recognises the importance of equipping students to use technology safely and responsibly. Cybersecurity education is delivered as part of Cyber Wellness lessons within the Character and Citizenship Education (CCE) Curriculum. MOE further enhances learning with assembly talks and enrichment programmes on cybersecurity. Recognising the importance of computational
thinking and digital literacy in today’s world, MOE has introduced computing subjects into the curricula of secondary schools and junior colleges. The subjects aim to equip students with essential skills in coding, problemsolving, and data analysis from an early stage of their academic journey. These subjects will offer pathways to the O-Levels, A-Levels, and International Baccalaureate qualifications.
Institute of Technical Education Courses
ITE offers a comprehensive selection of cybersecurity courses to meet the growing demand for professionals in this field. These courses equip students with the knowledge and practical skills necessary to address the evolving challenges of cybersecurity. Through a combination of theoretical learning and hands-on training, ITE’s cybersecurity courses cover areas such as network security, digital forensics, and information security management, ensuring
that students are well-prepared to handle real-world cybersecurity scenarios.
• Higher Nitec in Cyber & Network Security
• Higher Nitec in Security System Integration
• Higher Nitec in IT Systems & Networks
• Higher Nitec in Operational & Information Technology
Polytechnic Courses
Polytechnics offer a slew of courses in cybersecurity to meet the increasing demand for skilled professionals in this critical field. These institutes collaborate closely with industry partners and cybersecurity experts to ensure that their curricula remain relevant and aligned with industry needs. Students are equipped with a strong foundation in cybersecurity principles, practices, and technologies. Through a combination of theoretical knowledge and practical hands-on experience, students learn about network security, ethical hacking, digital forensics, and risk management. Additionally, students are given access to labs and resources to simulate real-world cybersecurity scenarios, preparing them to address the complex challenges of today’s digital landscape.
Nanyang Polytechnic
• Diploma in Infocomm & Media Engineering
• Diploma in Cybersecurity & Digital Forensics
• Diploma in Infocomm & Security Information Technology
Ngee Ann Polytechnic
• Diploma in Electronic & Computer Engineering
• Diploma in Cybersecurity & Digital Forensics
• Diploma in Information Technology
Republic Polytechnic
• Diploma in Infocomm Security Management (renamed to Diploma in Cybersecurity & Digital Forensics from AY2025)
• Diploma in Information Technology (renamed to Diploma in Enterprise Cloud Computing & Management from AY2025)
Autonomous Universities Courses
Singapore Polytechnic
• Diploma in Information Technology
• Diploma in Computer Engineering
• Cybersecurity & Digital Forensics
Temasek Polytechnic
• Diploma in Computer Engineering
• Diploma in Cybersecurity & Digital Forensics
• Diploma in Information Technology
Singapore’s AUs offer robust information security and computer sciences courses that are designed specially to meet industry needs. These courses provide students with a deep understanding of information security principles, technologies, and best practices, preparing them for a career in the IT or cybersecurity industry. By blending academic rigour with practical experience, students are well-prepared for careers in the IT or cybersecurity sectors, positioning them to address the complex challenges of today’s digital landscape.
National University of Singapore
• Bachelor of Computing in Computer Science
• Bachelor of Computing in Information Security
Nanyang Technological University
• Bachelor of Engineering in Computer Science
• Bachelor of Engineering in Computer Engineering
Singapore Management University
• Bachelor of Science (Computer Science)
Singapore Institute of Technology
• Bachelor of Engineering with Honours in Information and Communications
Technology (Information Security)
Singapore University of Technology and Design
• Bachelor of Engineering (Computer Science and Design)
Industry Attachments and Internships
University Internships, and Polytechnic / ITE Job Attachments
Internships and industry attachments offer invaluable benefits to both students and employers. For students, they provide handson experience in cybersecurity, allowing them to apply theoretical knowledge to real-world situations. They gain practical skills, industry insights, and professional networks, enhancing their employability upon
Scholarships
graduation. Employers, on the other hand, benefit from fresh perspectives, access to potential future cybersecurity talent, and the opportunity to mentor and train the next generation of young professionals. Internships also serve as a low-risk method for employers to evaluate potential employees.
There are various tertiary scholarships* available for students. These scholarships are offered by various organisations, including the Government, educational institutions, and private organisations. Scholarships can cover various expenses such as tuition fees, living expenses, and study-related costs. They can also provide additional benefits such as mentorship, internship opportunities, and networking events.
Smart Nation Scholarship
The Smart Nation Scholarship is offered by the CSA, GovTech, and IMDA. It aims to groom a new generation of leaders in the digital and technology sector. Recipients of this scholarship will have the opportunity to contribute to Singapore’s Smart Nation initiatives and drive digital transformation across different public agencies.
Defence Science and Technology Agency (DSTA) Merit Cyber Scholarship
The DSTA Merit Cyber Scholarship is designed for individuals with a passion for cybersecurity. It provides opportunities for recipients to develop their expertise in cybersecurity and contribute to Singapore’s national security efforts.
The CSA-NCL Scholarship aims to drive the development of professionals in Singapore’s cybersecurity sector and support the NCL initiative. This scholarship will be awarded to qualified students who are enrolled in NUS’s Master’s programmes that are focused on cybersecurity.
SG Digital Scholarship (Undergraduate or Postgraduate)
The SG Digital Scholarship is offered by IMDA and is targeted at individuals who are keen to pursue a career in the digital industry. Recipients of this scholarship will have the chance to contribute to Singapore’s digital economy and be part of the nation’s digital transformation journey.
Supporting Youths with Cybersecurity Initiatives and Programmes
The SG Cyber Youth Odyssey serves as a learning roadmap for key initiatives under CSA’s SG Cyber Youth, including Youth Cyber Exploration Programme (YCEP), Advanced Youth Cyber Exploration Programme (A. YCEP) and SG Cyber Olympians. It was developed in consultation with educators, industry practitioners, and training partners. Non-CSA programmes and initiatives listed below are mapped to the appropriate stages within the SG Cyber Youth Odyssey learning roadmap.
The learning roadmap comprises four stages—‘Excite’, ‘Explore’, ‘Experience’, ‘Excel’—that nurture students with varying degrees of cybersecurity knowledge to gradually explore and further their interest in cybersecurity, and eventually start a career in the industry. Each stage builds upon knowledge from the previous stages and guides youths towards gaining a deeper understanding of various cybersecurity topics. The topics covered in the roadmap are wide ranging, and they include fundamentals of cybersecurity, and technical areas such as penetration testing and network security.
SG Cyber Youths
Youth Cyber Exploration Programme (YCEP)
Owners: CSA and CyberSG TIG Collaboration Centre
To build up the future cybersecurity talent pipeline, CSA is moving upstream to engage youths at the pre-tertiary level. YCEP is a cybersecurity bootcamp specially designed to get students excited about their journey towards a cybersecurity career. Launched in 2018, YCEP is organised by the five polytechnics and supported by CSA. This programme exposes students to the possibilities and prospects in the world of cybersecurity, teaches them fundamental cybersecurity concepts and gives them opportunities to participate in practical assignments and competitions.
The A. YCEP is a continuation of YCEP, which is targeted at pre-tertiary students with some cybersecurity knowledge who are considering a career / future career option in this industry.
Advanced Cybersecurity Training for Talented Youths
SG Cyber Olympians
Owner: CSA
The SG Cyber Olympians programme aims to nurture a pool of young Singaporeans with exceptional cybersecurity talent to support Singapore’s expanding cybersecurity hub. CSA works with the cybersecurity community and educators to identify top young talent and equip them with advanced cybersecurity skills, complementing the more structured educational approach in polytechnics and universities. For example, the programme provides opportunities for these young talent to take part in cyber sparring, mentorship programmes, specialised training, and overseas competitions.
Sentinel Programme (Secondary 1, ITE Year 1, Junior College Year 1, Polytechnic Year 1)
Owner: Ministry of Defence (MINDEF)
The Sentinel Programme is a talent development programme to equip youths with cybersecurity and digital skills. Selected secondary school students would go through a progressive training curriculum throughout their secondary school years to explore cybersecurity and digital applications, starting from the middle of their Secondary 1 year. At the tertiary level, selected junior college, polytechnic, and ITE students go through a comprehensive training curriculum to deepen their cybersecurity and digital skills.
Mentors for Students and Professionals
Cybersecurity Career Mentoring Programme
Owner: SCS
Launched in mid-2017, the Cybersecurity Career Mentoring Programme is a joint initiative by CSA and SCS, that aims to provide a platform for students and professionals to receive career guidance and support from experienced cybersecurity mentors and industry experts.
Participants also interact closely with mentors in breakout discussions, giving them the opportunity to develop industry networks and professional connections. Through these activities, participants gain valuable insights into the industry, which will help them with making an informed decision about pursuing a career in cybersecurity.
Volunteers for Cybersecurity-related Activities
Student Volunteer and Recognition Programme
Owner: AiSP
The Student Volunteer and Recognition Programme aims to encourage volunteerism amongst students while developing their interest in cybersecurity. It is organised by AiSP and backed by the CSA, with additional support from private sector players.
This programme will involve IHLs such as ITE, polytechnics, and universities in Singapore. Students are encouraged by their educators to explore their potential in cybersecurity and develop their personal and professional abilities through volunteerism. Currently, the programme is open to existing full-time students in local IHLs. There is also a track for full-time secondary school and preuniversity students in Singapore, which aims is to attract more youths to continue volunteering in Singapore’s cybersecurity ecosystem when they enter IHLs.
Cybersecurity Talent Development Programmes for Fresh Graduates and Mid-career Individuals
Manpower Programmes and Initiatives to Strengthen the Cybersecurity Talent Pipeline
Conversion Programmes for Fresh Graduates and Mid-career Individuals
Career Transition, Workforce Conversion and Work-Study Programmes
CSA is currently developing the ACP, which aims to empower mid-career professionals to transition into the cybersecurity industry. The programme is strategically designed to equip participants with the essential cybersecurity knowledge, skills, and practical experience required to meet the industry’s manpower needs, with a focus of filling the industry demand for new entrants with 3–5 years of work experience.
This initiative not only addresses the industry’s talent shortage, but also fosters a diverse and skilled workforce, ultimately bolstering Singapore’s cyber resilience and digital security capabilities.
Career Conversion Programme (CCP)
Owner: WSG
CCPs are placement programmes targeted at mid-career switchers, to facilitate skill conversion and enable them to move into new occupations or sectors with good prospects and opportunities for progression.
Relevant cybersecurity CCPs for midcareer switchers:
• CCP for Tech Professionals –Associate Security Analyst
• CCP for Tech Professionals –Cybersecurity Associate
• CCP for Tech Professionals –Information Security Auditor
• CCP for Tech Professionals –Red Alpha Cybersecurity Specialists
SkillsFuture Career Transition Programme (SCTP)
Owner: SSG
SCTP supports mid-career individuals in acquiring industry-relevant skills to improve employability and pivot to new sectors or job roles. It is a train-and-place programme that is available on a part-time or full-time format, typically ranging from three to 12 months. The SCTP is delivered by CET Centres and IHLs and trainees can expect to receive employment facilitation support on top of training.
WSDip aims to provide ITE fresh graduates with a head start in careers related to their discipline of study. It provides opportunities to build on skills and knowledge acquired in school through a work-study arrangement, which is a structured career progression pathway within an organisation. The programme is designed in collaboration with industry to ensure that fresh graduates are equipped with the relevant skills to take up suitable job roles in the sector.
Relevant cybersecurity WSDip:
• [ITE] WSDip in Cyber Security & Forensics
Work-Study Post Diploma (WSPostDip)
Targeted at fresh Polytechnic graduates, WSPostDip provides them with a head start in their career related to their discipline of study and more opportunities to build on the skills and knowledge acquired in school through a work-study arrangement. The programme is designed in collaboration with industry to ensure that fresh graduates are equipped with the relevant skills to take up suitable job roles in the sector.
Relevant cybersecurity SCTPs for midcareer switchers:
• [TP] SCTP Impact Cybersecurity Professional Course
• [NTUC LearningHub] SCTP Cybersecurity Associate
• [NYP] SCTP Certificate in ICT (Cyber Security & Data Analytics)
• [SUTD] SCTP Security Operations Center Analyst
Relevant cybersecurity WSPostDip:
• [SP] WSPostDip in Specialist Diploma in Cyber Security
Work-Study Degree (WSDeg)
The SkillsFuture WSDeg enables students to smoothly transition from academia to the workplace. It closely integrates classroom learning with structured On-the-Job Training (OJT). These programmes involve companies and universities co-designing and co-delivering curricula that closely interconnects theory and practice, as well as co-assessing students’ performance at the workplace.
Relevant cybersecurity WSDeg:
• [NUS] Bachelor of Computing (Information Security)
• [NUS] Bachelor of Technology (Cybersecurity)
• [SIT] Bachelor of Engineering with Honours in Information and Communications Technology (Information Security)
Cyber Operator or Specialist (Work-Learn Scheme)
Owner: MINDEF
Cyber Operators or Specialists will have opportunities to develop their cybersecurity skills through:
(a) vocational training, (b) OJT, and (c) academic training.
Vocational training will equip them with vocational knowledge and skills, including how cybersecurity fundamentals are applied in MINDEF / SAF’s context. Following vocational training, they will commence OJT, where they will be trained in specific systems, and learn tasks and SOPs for the specific units they are deployed to, and hone their skills through specialised
Traineeships and Apprenticeships
(By
IMDA’s TechSkills Accelerator
Company-Led Training (CLT) Programme
Owner: IMDA
cybersecurity operations. They may also have the opportunity to gain professional certifications as they continue to develop and upgrade their cybersecurity skill sets. MINDEF has also partnered local universities to offer an undergraduate worklearn programme for Cyber Operators or Specialists to continuously upgrade their skills and competencies. Cybersecurity modules can be taken on a part-time basis at either the SIT or NUS to earn academic credits that can contribute towards the eventual completion of the degree. The work experience and qualifications gained will position Cyber Operators or Specialists well for a career in the cybersecurity industry.
(TeSA) Initiative)
Tech Immersion and Placement Programme (TIPP)
Owner: IMDA
The CLT programme aims to accelerate the professional development of tertiary graduates and mid-career professionals, including mature Professional, Manager, Executive and Technician (PMETs), through an OJT programme that will help them attain competencies for jobs in demand by industry, especially those that support the digital economy sector transformation efforts. The CLT programme aligns with the Skills Framework for ICT and focuses on developing tech skills like AI, Cybersecurity, Internet of Things (IoT) and Data Analytics.
TIPP aims to prepare professionals from nonICT backgrounds for ICT roles. Through these Singapore-based training courses offered by industry practitioners, trainees will build up an impressive portfolio of ICT projects. They also get to interact with leading experts in the respective fields to help them prepare for exciting roles in the ICT industry such as web developer, agile software developer, mobile app developer, user experience designer, and data analyst. After the training programme, they will be required to find placements in tech job roles.
TeSA for ITE and Polytechnics (TIP) Alliance
Owner: IMDA
The TIP Alliance is an industry-led initiative driven by IMDA and supported by industry partners. Launched in September 2022, it is co-chaired by the Singapore Computer Society (SCS) and SGTech.
The TIP Alliance aims to place and train polytechnic and ITE graduates with tech qualifications, drive the shift in hiring practices in industry from qualification-based to skills-based, giving capable jobseekers equal opportunities to succeed, and shape the polytechnic and ITE curriculum to stay relevant with industry trends.
Participating companies will endeavour to provide clear end-to-end pathways for students and graduates to kickstart their
careers in tech jobs across various sectors and acquire relevant skills. These include providing enhanced internships, OJT via apprenticeships, as well as opportunities to obtain further education and industryrecognised certifications. This is so graduates can achieve better career growth and maximise their potential, regardless of their starting point or educational background.
The TIP Alliance comprises global and local companies that employ tech talent, including Accenture, Carousell, DBS, Dell Technologies, Ensign InfoSecurity, Google, GovTech, Inspire-Tech, NCS, OCBC, Oracle, PSA International, Singtel, ST Engineering, Temus and UOB.
12-Month Programme for New Government Cybersecurity Professionals
Cybersecurity Development Programme (CSDP)
Owner: CSA
The CSDP is a 12-month programme that equips recent graduates and mid-career professionals with cybersecurity skills and knowledge. The programme aims to effectively build the cybersecurity capabilities in the public sector, keeping Singapore’s cyberspace safe and secure.
In the first three months, CSDP officers will undergo classroom trainings with CSA Academy, Singapore University of Technology and Design (SUTD), and NP. Thereafter, they will be deployed to one of CSA’s divisions or partner agencies for a 9-month job posting. The classroom training phase will see the CSDP officers acquiring industry certifications, such as EC-Council’s Certified Ethical Hacker (CEH) (including CEH Masters) and CISCO’s Cyber Ops Associate. Officers will also be required to take modules offered by SUTD to receive the ModularMaster
Certificate in Cybersecurity upon completion of the development programme. In addition, CSDP officers will undergo soft skills training to further hone their stakeholder management and communication skills. CSDP officers will be given the opportunity to acquire hands-on experience in one of the following areas for nine months (list is non-exhaustive):
• Malware Analysis
• Digital Forensic and Incident Response
• Emerging Technologies, Penetration Testing
• Cybersecurity Solutions and Consultancy, Cybersecurity Operations Centre
• Threat Intelligence
• Governance, Risk and Compliance
Foundational Training for Non-Cybersecurity Professionals
SG Cyber Associates
Owner: CSA and CyberSG TIG Collaboration Centre
CSA launched the SG Cyber Associates programme to provide foundational and targeted cybersecurity training to enable non-cybersecurity professionals to develop cybersecurity skills that are relevant to their work.
With rapid digitalisation and growing cyber threats across different domains, cybersecurity skills are quickly becoming a valuable skill set. At present, there are many industry sectors and smaller organisations that may not be sufficiently equipped to understand and deal with cyber threats that affect their operations. To bridge this gap, CSA collaborates with professional bodies and training partners to introduce SG Cyber Associates to professions such as engineers, auditors, and lawyers, as well as IT and software professionals.
As part of the foundational training programme, CSA partners with vendors to provide online training, assessment, and certification. Currently, CSA has partnered with ISC2 to offer foundational training to participants in Singapore who wish to obtain an entry-level certification in cybersecurity.
As for the targeted training programme, CSA will work with professional bodies to develop customised cybersecurity training to meet the specific needs of their members. To start, CSA has partnered with Institution of Engineers Singapore (IES) and TP to develop and organise courses on specific technology domains such as IoT security for IES members.
Going forward, CSA will be working with more professional bodies and training partners to scale-up training opportunities under the SG Cyber Associates programme.
Lifelong Learning in Cybersecurity
Institutes of Higher Learning
Owners: AUs, Polytechnics and ITE
The courses* provided by the various IHLs are as follows:
Institute of Technical Education
• Higher Nitec in Technology –Cyber & Network Security
• CoC in Cyber Security (Network, Internet & Forensics)
• CoC in Cyber Security Fundamentals
• CoC in Cyber Security – Cyber Hygiene
• CoC in Cyber Security – Ethical Hacking
• Cyber Range Training on Incident Response
• Executive Suite Cybersecurity Programme
Temasek Polytechnic – Temasek SkillsFuture Academy
• Fundamentals of Cyber Security
• Fundamentals of Cybersecurity and Applications
• Specialist Diploma in Information Security & Forensics
• Security Vulnerability Assessment
• EC-Council Certified Ethical Hacker
• Introduction to Cybersecurity
Singapore Polytechnic – Professional & Adult Continuing Education Academy
• Cyber Security for Non-IT professionals
• Digital Confidence for Internet of Things & Cybersecurity
• Diploma in Infocomm and Digital Media (Cyber Security)
• Industrial Control Systems Cybersecurity
• Maritime Cyber Security (Basic) Training Programme
• Specialist Diploma in Cyber Security Management
• Specialist Diploma in Operational Technology Cybersecurity (Ethical Hacking and Incident Response)
• Specialist Diploma in Operational Technology (Industrial Control Systems)
Ngee Ann Polytechnic – CET Academy
• Specialist Diploma in Cybersecurity Practice
• Specialist Diploma in Cloud Security
• Cyber Security Essentials
• Ethical Hacking & Penetration Testing
• Post Diploma Certificate in Server Administration and IT Networking
• Post-Diploma Certificate in Cloud Native Architecture & Security
• Post Diploma Certificate in Core Offensive and Defensive Cybersecurity Skills
Nanyang Polytechnic – Centre for Industry & Lifelong Learning
• Specialist Diploma in Cybersecurity
• SkillsFuture Series Short Courses (Certified Threat Intelligence Analysis)
• SkillsFuture Series Short Courses
ᴏ Certified Cloud Security Engineer
ᴏ Certified Pentester
ᴏ Certified Threat Intelligence Analyst
ᴏ Cyber Defence Fundamentals
ᴏ Cyber Security Awareness
ᴏ Secure Software Development and Testing
*Course offerings listed above are non-exhaustive. For details of the latest course listings, course suitability, duration, and available course funding, please consult the respective education institutes for advice and updated information.
Republic Polytechnic – Academy for Continuing Education
• Fundamentals of Enterprise Security
• Fundamentals of Ethical Hacking
• Fundamentals of Cybersecurity Incident Response
• Cybersecurity Essentials
• PDPA for Everyone: Making Privacy a Priority
• Practitioner Certificate in Personal Data Protection (Singapore)
• Introduction to Operational Technology Cybersecurity
• Fundamentals of Operational Technology (OT) Cybersecurity
• Operational Technology Cybersecurity Operations
Singapore Management University –Professional & Continuing Education for Adult Learners
• Cyber Security Risk Management for Finance Professionals
• Cyber Forensics
• Cyber Security for Business and Risk Management Programme
• ISACA Certified in Risk and Information Systems Control (CRISC)
Lithan Academy
• Cyber Security Planning
Institute of Singapore Chartered Accountants
• Essentials of Information Systems Risk and Controls
CSA Academy (for CSA, Government and CII sectors only)
Owner: CSA
CSA Academy oversees the enhancement of Singapore’s cybersecurity capabilities through skill and talent development programmes. The academy works with internal and external stakeholders such as employers, Government agencies, IHLs, industry associations, and training providers to drive deep skills training and competency development of the cybersecurity workforce in CSA, the Government, and the CII sectors.
GovTech Digital Academy (applicable for Singapore public service officers only)
Owner: GovTech
GovTech aims to deepen technical capabilities with programmes that are geared towards advanced and in-depth training, guided by the latest industry trends and best practices. The academy offers a range of courses and workshops covering topics such as cybersecurity, data analytics, cloud computing, and software development. These programmes are designed to equip Government officers with the skills and knowledge needed to tackle complex technical challenges and drive digital transformation within the public sector.
*Course offerings listed above are non-exhaustive. For details of the latest course listings, course suitability, duration, and available course funding, please consult the respective education institutes for advice and updated information.
Under the SG Cyber Leaders programme, CSA has appointed SMU as the programme partner for the CSLP. The programme will support current and future cybersecurity leaders with developing a deep understanding of the key drivers that shape cybersecurity strategies, to cultivate a culture of innovation and to lead the cybersecurity functions in their organisations effectively.
The programme comprises a 15-day learning journey designed for current and aspiring cybersecurity leaders who are responsible for making cybersecurity a critical and integral part of their organisations’ business strategy. This programme is supported by SMU’s renowned faculty, and a global pool of cybersecurity experts and senior executives from the industry.
Cybersecurity for Women
01010010 11010111 00110101 01010110 00101010
Programme Details for Women
Encouraging Women to Join the Profession
Outreach and Training Activities for Women
SG Cyber Women
Owners: CSA
As part of Singapore’s efforts to build up the cybersecurity talent pipeline, CSA has worked with industry partners to develop the SG Cyber Women (#SGCyberWomen) initiative, a targeted initiative to leverage on an under-represented talent pool by encouraging more women, from as early as pre-tertiary education, to join the cybersecurity profession. From outreach to skill development, CSA will coordinate and support the community’s efforts to achieve the following objectives:
• Engage women through education and community engagement;
• Develop their professional skill sets through learning and training; and
• Advance their cybersecurity career through support and inspiration.
The available programmes include ISACA’s SheLeadsTech, CSA’s Women in Cyber, Women on Cyber, AiSP Career Talks by Ladies in Cyber, and DIV0’s Women in Cybersecurity.
SG Women in Tech
Owners:
IMDA
SG Women in Tech (#SGWIT) is an initiative by IMDA in partnership with the tech industry and community. It aims to attract, inspire, and develop girls and women to pursue a career in the dynamic infocomm tech sector.
The initiatives under SGWIT are:
• Relaunch Programme to invite women who are keen to re-enter the workforce to be supported by tech skills enhancement and supporting structure to return to work smoothly
• SG100 Women in Tech List to profile women and girls from diverse backgrounds and ages who are successful in techrelated careers as role models
• Corporate Pledge to encourage companies to create a better support system for women in the workplace, especially for younger women pursuing a career in tech
• Girls in Tech movement for young female students to pursue their interest in tech and eventually, a tech career
Cyber Talent Strategies, Professional Pathways, and Skills Roadmaps for Organisations
Unlocking the Cybersecurity Fort: Finding Talent for Your Organisation
For Any Business, Getting the Right Talent is Half the Battle Won
In today’s digital landscape, the demand for cybersecurity professionals has never been higher, which is compounded by the increasing sophistication of cyber threats. As such, the need for skilled cybersecurity professionals becomes increasingly critical, resulting in organisations grappling with talent shortages globally. Additionally, attracting talent to this field poses unique challenges. To address these challenges effectively, organisations must adopt a multifaceted approach that goes beyond traditional recruitment strategies. Here are some strategies to attract cybersecurity talents, as suggested by the World Economic Forum.11
Defining Your Needs
Before embarking on your journey to search for the right talent, it is essential to have a clear understanding of your organisation’s cybersecurity needs. This involves assessing your existing security infrastructure, identifying potential vulnerabilities, and determining your long-term security objectives. Once you have a clear picture of your requirements, you can start seeking candidates with skills that align with your goals.
For organisations that have determined that having a dedicated, in-house cybersecurity team is not viable, outsourcing to a MSSP that provides cybersecurity services may be a
better option. MSSPs have teams of experts with specialised knowledge and experience in handling various security threats and challenges. By engaging a MSSP, the organisation gains access to a high level of expertise that may not be feasible to maintain in-house. This is helpful for smaller organisations or organisations with less digitalised environments, such as those with limited IT and cybersecurity expertise and resources. As implementing a baseline cyber hygiene in-house can be challenging, such organisations can consider engaging a Chief Information Security Officer-as-a-Service that has been pre-approved by CSA to develop a cybersecurity health plan.
Understanding the Challenges
One of the primary hurdles in attracting cybersecurity talent is overcoming the general perception that cybersecurity roles are highly technical and inaccessible to those without a specialised background. This discourages potential candidates, particularly those from non-technical fields, from pursuing careers in cybersecurity. Additionally, the lack of awareness about the variety of roles and career paths available within the cybersecurity sector further exacerbates the talent shortage. Organisations across all sectors are vying for the limited pool of skilled professionals, making it difficult for smaller companies and public sector organisations to compete with the salaries and benefits offered by larger corporations.
11 Source:
Prioritising Candidates with Relevant Certifications
Cybersecurity certifications, such as CISSP, CEH, or CompTIA Security+, can be valuable indicators of a candidate’s expertise and commitment to the field. Many professionals in the industry pursue these certifications to demonstrate their knowledge and skills. Prioritise candidates with relevant certifications, as they often indicate a commitment to lifelong learning.
Seeking Diverse Skill Sets
The field of cybersecurity is vast and multifaceted. It is not enough to have one cybersecurity expert; a good team must comprise diverse skill sets to cover all aspects of security, such as network defence, threat intelligence, incident response, penetration testing, ethical hacking, and compliance.
Casting a Wide Net
It is important to cast a wide net and explore various recruitment channels. Utilise job boards, professional networking platforms, and industry-specific conferences to reach potential candidates. You can also consider partnering with recruitment firms to access a pool of talent with relevant cybersecurity skill sets.
Building strong relationships with universities and IHLs is crucial for attracting new talent. Organisations can participate in career fairs and collaborate with these institutions to develop cybersecurity curricula that align with industry needs, and offer internships and apprenticeships.
Offering Competitive Compensation and Benefits
Competitive salaries and comprehensive benefit packages are another way for organisations to attract talent. However, there are also non-monetary benefits that organisations can offer, such as flexible working hours, remote work options, and opportunities for professional development. Highlighting the potential for career growth within the organisation can also make roles more appealing to prospective candidates.
Emphasising Soft Skills
While technical expertise is critical, soft skills are equally important in the cybersecurity world. Cybersecurity professionals need to effectively communicate security risks to nontechnical stakeholders and collaborate with cross-functional teams to implement security measures. Look for candidates who possess strong communication, problem-solving, and analytical skills.
Investing in Employer Branding
A strong employer brand can enhance an organisation’s ability to attract talent. Companies should showcase their commitment to cybersecurity excellence through thought leadership, participation in industry events, and positive workplace culture. By building a reputation as a leader in cybersecurity, organisations can attract candidates who are passionate about making a difference in the field.
Creating a Positive Work Environment
Creating a positive work environment is essential to foster productivity, creativity, and employee wellbeing. It begins with open communication and a culture of mutual respect, where all team members feel valued and heard. Encouraging collaboration and teamwork, recognising and celebrating achievements, and providing opportunities for growth and development are also crucial. By championing these principles, you create a supportive and inclusive workplace that embraces diversity and empowers individuals to contribute their unique perspectives, leading to a more vibrant and dynamic environment.
Focusing on Skill Development and Career Progression
Providing clear pathways for career advancement and investing in continuous learning opportunities can make cybersecurity roles more attractive. Organisations should offer training programmes, certifications, and mentorship opportunities to help employees develop their skills and advance their careers. This not only helps with attracting talent, but also with retaining it.
Overview of Manpower Sources for the Cybersecurity Sector
From mid-2010s till now, there has been good growth in the number of cybersecurity professionals in Singapore. The local cybersecurity industry is forecasted to see manpower demand grow between 6–9% Compound Annual Growth Rate (CAGR), from 2021–2026, with higher-than-average growth in manpower demand being expected for security analyst, vulnerability assessment and penetration tester, threat analyst, and security or engineer roles. Additionally, adoption of new technologies will drive the demand for talent with specialised
cybersecurity skills. This is, in part, attributed to the fast-growing cybersecurity market and strict regulatory requirements. Increased spending on cybersecurity in the Banking and Financial Services Institutes industry is driven by strict regulations as well as the rise of FinTech and digital solutions, which require advanced authentication and data security frameworks. The healthcare industry has also been increasing spending on cybersecurity to counter targeted cyber-attacks, as personal health data is immutable and highly valuable.
Singapore Cybersecurity Market Segmented by Industry (2021-26F, USD b)
The cybersecurity sector draws its manpower from diverse sources to meet its growing talent demand. Fresh graduates and those with relevant certifications and internship experience are key sources for entry-level roles as they introduce new perspectives and up-todate knowledge to the organisation. Mid-career Individuals contribute to the sector by joining at entry to management-level roles, leveraging their prior experience and leadership skills.
Additionally, other manpower sources such as SGEnable’s initiatives and Yellow Ribbon Project (YRP) offers people from diverse backgrounds opportunities to contribute their unique abilities and experiences to the field. Embracing this diversity not only addresses the talent shortage, but also fosters an inclusive and dynamic cybersecurity workforce that is able to address the evolving challenges in the digital landscape.
Ter tiary Level
• Fresh graduates
Mid-Career
• Mid-career individuals
• Back-to-work women
Other Sources
• SGEnable
• SG Yellow Ribbon
Manpower Pipeline for the Cybersecurity Sector
Programme Details for Employers
Professional Development Pathways, and Occupational or Skill Roadmaps
CSA is looking into the feasibility of developing a Cybersecurity Professionalisation Framework to build career pathways, raise workforce quality, and attract talented locals to join the profession and protect our national security interests and drive industry growth. The framework is intended to set baseline technical competencies and ethical standards, which will result in higher workforce quality to meet industry demand and simplify the hiring process for both local and multinational companies.
Skills Pathway for Cybersecurity
Owner: SCS
The Skills Pathway for Cybersecurity was developed by SCS in its role as a Skills Development Partner appointed by SSG, and supported by CSA and AiSP. The initiative aims to foster the growth of skilled professionals in cybersecurity by providing industry-relevant training leading to industryrecognised certifications. It also offers opportunities for individuals to be considered for internships and job interviews.
The framework will also set clear career and skills development pathways that will enhance the professional standing and attractiveness of the sector for a lifelong career, reducing attrition. This could help to grow a smaller, high-quality core group of trusted practitioners to conduct sensitive work and reduce consumers’ risk for cybersecurity services and products. Lastly, the framework will enhance Singapore’s position as a trusted business hub by improving confidence in the quality and benchmarking of employees in domestic and international markets.
Information Security Body of Knowledge (BOK)
Owner: AiSP
The Information Security BOK 2.0 presents a high-level set of concepts, terms, and activities that are relevant to the information security professional domain in Singapore, as defined by AiSP. BOK 2.0 has taken reference from the current Skills Framework for Infocomm Technology on cybersecurity topics, ensuring that BOK’s coverage is appropriate for Singapore’s cybersecurity ecosystem. In line with CSA’s aim to prepare professionals for workplace and industry application, BOK will be continuously enhanced.
With the increased connectivity between ICT and OT systems, the demand for job roles requiring competencies in both ICT and OT domains have correspondingly increased. While the existing Skills Framework for ICT is useful, it was developed to reflect the situation in the broader ICT workforce. However, more granularity is needed for OT cybersecurity in terms of coverage and applicability. As such, the OTCCF provides the foundation to attract and develop talent for the emerging OT cybersecurity sector in Singapore.
The OTCCF aims to address this gap by providing greater clarity to key stakeholders, such as:
• OT and ICT system owners, who can refer to the OT cybersecurity capabilities required to attract the right people, train them adequately, and map out their career pathways;
• Training providers, who can refer to the technical competencies required by different job roles and be guided to develop best-in-class courses and certifications that cater to local training needs; and
• OT professionals or potential jobseekers, who can identify skill sets for cross- and up-skilling for a meaningful career in the OT cybersecurity domain. The available career pathways include job roles with vertical and lateral advancement opportunities.
Skills Framework for Infocomm Technology
Owner: IMDA, SSG
Designed to promote skills mastery and lifelong learning for the Singapore workforce, the Skills Framework for Infocomm Technology is jointly developed by SSG, and IMDA, along with industry associations, education institutions,
training providers, organisations, and unions. The Skills Framework for ICT identifies Sector Information, Occupations, and Job Roles within the industry, as well as Existing and Emerging skills required to facilitate mastery.
Industry-Recognised
Cybersecurity Certifications
AiSP
AiSP is an independent cybersecurity association that is developing, supporting as well as enhancing industry technical competence and management expertise to promote the integrity, status and interests of Information Security Professionals in Singapore.
To support the development of personnel in this demanding profession since 2010, AiSP has been offering its Qualified Information Security Professional (QISP®) Programme. The QISP® examination enables the professionals in Singapore to attest their knowledge based on the Information Security Body of Knowledge (IS-BOK). Other than that, AiSP also maintains a list of cybersecurity certificates offered by other organisations that is recognised and approved for AiSP ordinary membership.
CompTIA
CompTIA is an American non-profit trade association that issues professional certifications for the IT industry. It is considered one of the IT industry’s top trade associations.
Based in Downers Grove, Illinois, CompTIA issues vendor-neutral professional certifications in over 120 countries. The organisation also publishes industry studies to track industry trends and changes. Since its establishment, over 2.2 million people have earned CompTIA certifications. CompTIA has four IT certification series that test knowledge standards from entrylevel to expert—CompTIA ITF+, CompTIA A+, CompTIA PenTest+, and more.
CREST
CREST is an international not-for-profit, membership body representing the global cybersecurity industry. Its goal is to create a secure digital world for all through quality assurance and delivering professional certifications for the cybersecurity industry.
CREST accredits 300 member companies, operates across dozens of countries, and certifies thousands of professionals worldwide. They work with governments, regulators, academia, training partners, professional bodies, and other stakeholders around the world. Their members undergo a rigorous quality assurance process and employ competent professionals, allowing organisations that purchase their cybersecurity services to do so with confidence. CREST provides a recognised career path from early career through to experienced senior tester level, with certifications in penetration testing (CREST Practitioner Security Analyst), threat intelligence (CREST Practitioner Threat Intelligence Analyst), and incident response (CREST Practitioner Intrusion Analyst).
EC-Council
EC-Council is the world’s largest cybersecurity technical certification body. They operate in 145 countries globally and are the owners and developers of the world-famous CEH, CHFI, ECSA, License Penetration Testing (Practical) programmes, among others. EC-Council have trained and certified over 300,000 information security professionals globally, and have influenced the cybersecurity mindset of countless organisations worldwide.
EC-Council’s certification programmes are recognised worldwide and have received endorsements from various government agencies including the US Federal Government via the Montgomery GI Bill, and the US Government NSA and the CNSS, certifying EC-Council’s CEH, ENSA, CHFI, EIDRP, EICSA, and LIPT programme for meeting the 4011, 4012, 4013A, 4014, 4015, and 4016 training standards for information security professionals. Most recently, ECCouncil has also received ANSI accreditation.
ISACA
ISACA is a global professional association and learning organisation with 170,000 members who work in digital trust fields such as information security, governance, assurance, risk, privacy, and quality. With a presence in 188 countries and with 225 chapters worldwide, ISACA is recognised around the world for its guidance, credentials, education, training, and community. To serve its professional community across the globe, ISACA has established three offices based in North America, Europe and China. Common certifications that ISACA offers are CISA, CISM, CGEIT, and CRISC.
ISC2
ISC2 is a non-profit organisation which specialises in training and certifications for cybersecurity professionals. It has been described as the “world’s largest IT security organisation”. The most widely known certification offered by ISC2 is the CISSP certification.
SANS Institute
The SANS Institute (officially the Escal Institute of Advanced Technologies) is an American private for-profit company founded in 1989 that specialises in information security, cybersecurity training, and certificate provision. Under their training programmes, they provide topics such as cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals, and covers both security fundamentals and technical aspects of information security.
As of 2021, SANS is the world’s largest cybersecurity research and training organisation. Some of the popular certifications offered include SEC504: Hacker Tools, Techniques, and Incident Handling; SEC401: Security Essentials – Network, Endpoint, and Cloud; and SEC275: Foundations: Computers, Technology, and Security.
How to Reach Cybersecurity Talent in Singapore
The rise of tech has expanded the range of job channels dedicated to tech talent procurement. Here are some tech-specific recruitment channels that organisations can tap on to access tech talent, including cybersecurity professionals.12
Global Manpower Recruitment Agencies
Morgan McKinley
This professional services recruitment consultancy connects specialist talent with employers across a wide range of industries and disciplines. Tech is one of the firm’s focus areas in Singapore.
Salt
Salt is a global digital recruitment agency specialising in Creative, Marketing, Sales, and Technology sectors.
Adecco
This talent advisory and solutions firm, which operates in 60 countries, provides an array of workforce and consulting services, including junior to mid-level talent acquisition, outsourcing, and payroll services.
Michael Page
This global recruitment agency is part of PageGroup and covers a spectrum of recruitment specialties including banking and financial services, healthcare and life sciences, and technology.
Singapore-focused Online Job Portals
Jobstreet
Founded in Malaysia in 1997, Jobstreet is one of Asia’s leading employment marketplaces and the top job portal in Singapore, hosting over 57,000 job openings.
Tech in Asia Jobs
The job portal of Asia’s largest English language technology-focused news site. This new and effective platform has over 4,000 job listings from Asia’s tech companies.
MyCareersFuture
An initiative by WSG, in partnership with GovTech, it aims to provide Singaporeans with a fast and smart job search service that matches them with relevant jobs, based on their skills and competencies.
International Online Job Portals
LinkedIn
The world’s largest professional network with more than 562 million users in more than 200 countries and territories worldwide.
Glassdoor
This global job site has ratings and reviews of over 600,000 companies. It also provides personalised salary estimates based on each jobseeker’s work experience and today’s job market.
Indeed.com
Indeed has over 200 million unique visitors every month and provides free access for candidates to search for jobs, post resumes, and research companies.
Singapore-based Manpower Agencies
HRnetGroup
Founded in Singapore, this HR consultancy firm operates across 13 Asian cities and provides recruitment services for the chemical and industrial, finance, life sciences, and technology fields, including functional roles.
PERSOLKELLY
This workforce solutions provider is a joint venture, established in 2016, between PERSOL Holdings and Kelly Services. It caters to the rising workforce employment needs of an emerging Asia Pacific market.
Boutique Manpower Agencies and Start-ups
Wantedly
This platform is aimed at connecting people and companies based on passions and values, rather than salary and benefits.
Glints Jobs
A platform targeted at young people in Asia, this firm focuses on matching young adults to internship and permanent employment opportunities.
Kaishi
Initially set up to meet the recruitment demands of the early-stage investment and tech community in Singapore, Kaishi now has clients across China, Europe, and North America.
Retaining Cybersecurity Professionals
Retaining skilled cybersecurity professionals is just as critical as attracting them. With increasing cyber threats and the growing complexities of the digital landscape, organisations cannot afford to lose experienced cybersecurity talent. However, high turnover rates, burnout, and competition from other sectors make retaining these professionals a challenge. To address these issues, organisations should strive to prioritise the wellbeing, growth, and engagement of their workforce by implementing the following targeted strategies that were suggested by the World Economic Forum.13
Cultivating a Positive Work Environment
A supportive and inclusive workplace culture is essential for retaining cybersecurity professionals. Organisations should focus on creating an environment where employees feel valued, respected, and empowered. This includes promoting work-life balance, offering flexible working arrangements, and ensuring that workloads are manageable. By prioritising the wellbeing of their employees, stress levels are reduced and overall job satisfaction is increased.
Investing in Professional Development
Continuous learning and career growth opportunities are crucial for retaining top talent. Organisations should offer ongoing training, certifications, and mentorship programmes to help cybersecurity professionals advance their skills and careers. By providing clear pathways for career progression and supporting employees in achieving their professional goals, organisations gain employee loyalty and their long-term commitment.
13 Source: World Economic Forum, Strategic
Recognising and Rewarding Contributions
Recognition and appreciation are powerful motivators. Organisations should implement programmes that acknowledge the contributions of cybersecurity professionals, such as employee awards, public recognition, and performance bonuses. Providing regular feedback and celebrating successes can also boost morale and reinforce a sense of purpose and belonging within the team.
Fostering Leadership and Management Excellence
Effective leadership is key to employee retention. Organisations should ensure that managers are equipped with the necessary skills to lead and support their teams. This includes providing training in soft skills such as communication, empathy, and conflict resolution. Leaders should also prioritise creating a positive and collaborative team dynamic, providing psychological safety, and being transparent about the organisation’s strategic goals.
Prioritising Mental Health and Wellbeing
The high-paced and dynamic environment of the cybersecurity industry can take a toll on employees’ mental health. Organisations should take proactive steps to support their wellbeing, such as by offering mindfulness and stress reduction programmes, providing access to mental health resources, and encouraging employees to take regular breaks and vacations. By prioritising mental health, organisations can reduce burnout and improve overall job satisfaction.
Enhancing Onboarding and Integration Processes
A strong onboarding process sets the tone for an employee’s experience within the organisation. Ensuring that new hires have the tools, resources, and support needed to succeed from day one is crucial. A well-designed onboarding programme should also introduce new employees to the organisation’s culture, values, and career development opportunities.
Providing Opportunities for Role Diversity
Cybersecurity professionals often seek variety and challenge in their work. Organisations should offer opportunities for employees to explore different roles within the cybersecurity field, such as allowing them to move from incident response to threat intelligence, or from compliance to penetration testing. Providing internal internships or crossfunctional projects can keep employees engaged and help them develop a broader skill set.
Building a Resilient Team Structure
Organisations should focus on building resilience across their teams by distributing responsibilities and ensuring that all team members are cross-trained in essential skills. This approach not only reduces pressure on individual employees, but also ensures continuity and stability within the organisation.
Empowering Educators and Career Guidance Counsellors to Guide the Next Generation of Cybersecurity Professionals
Programme Details for Educators and Career Guidance Counsellors
Empowering Educators and Career Guidance Counsellors with Cybersecurity Knowledge
Symposium and Workshops for Educators
SG Cyber Educators
Owner: CSA
School leaders (principals and vice-principals), teachers, and Education and Career Guidance counsellors play an important role in shaping students’ education and career choices. Through the SG Cyber Educators programme, CSA aims to (a) equip educators with knowledge on the cybersecurity landscape and career outlook, (b) provide best practices on cybersecurity education and information on current cybersecurity trends and developments, and (c) build a network of partners for regular engagement so that educators can stay connected and plugged in to the cybersecurity ecosystem.
This programme is a collaboration with MOE and partners from the cybersecurity industry and academia. Its key initiatives comprise:
• The Singapore Cybersecurity Education Symposium, the first of its kind in the
region, aims to provide educators with a better understanding of cybersecurity and career outlook through talks and discussions. It equips educators with the know-how to guide and inspire youths to learn more about cybersecurity and consider future careers as cybersecurity professionals;
• The Cybersecurity Insight Series comprise information-sharing sessions organised by CSA with partners such as CISCO, Kaspersky Security, SCS, and NYP, to keep educators updated on the latest cybersecurity trends and career opportunities; and
• Learning journeys to provide an immersive experience for school leaders and educators to learn about the different aspects of cybersecurity. These learning journeys will include site tours and hands-on activities to CSA and its partners’ sites.
Conclusion
As Singapore continues to advance in the digital space, we must also raise our cybersecurity levels to protect ourselves from new technological exploits and malicious actors. The ever-evolving cyber threat landscape demands a proactive and skilled workforce that can defend against increasingly sophisticated cyber-attacks. This guidebook has outlined key initiatives and strategies that aim to build a robust cybersecurity talent pipeline to safeguard our nation’s digital future.
Through a comprehensive approach—engaging youths, encouraging mid-career transitions, promoting diversity, and fostering continuous learning—we have laid the foundation for nurturing a skilled and inclusive cybersecurity workforce. The involvement of multiple stakeholders, from the Government to schools highlight the collaborative effort required to address the manpower demand by the cybersecurity industry.
We believe that the initiatives in the guidebook will inspire future generations, upskill professionals, and create a robust and resilient ecosystem. By embracing the opportunities and challenges that come with digital transformation, we can secure our digital future and create a safe and resilient cyberspace for generations to come.
GLOSSARY OF TERMS, ABBREVIATIONS AND ACRONYMS
AACP
CBAccelerated Conversion Programme
AI Artificial Intelligence
AU Autonomous University
AiSP Association of Information Security Professionals
ANSI American National Standards Institute
A. YCEP Advanced Youth Cyber Exploration Programme
BOK Body of Knowledge
CCA Co-Curricular Activities
CCP Career Conversion Programme
CCE Character and Citizenship Education
CAGR Compound Annual Growth Rate
CEH
CGEIT
CHFI
CII
CISA
CISM
CISO
CISSP
Certified Ethical Hacker
Certified in the Governance of Enterprise IT
Computer Hacking Forensics Investigator
Critical Information Infrastructure
Certified Information Systems Auditor
Certified Information Security Manager
Chief Information Security Officer
Certified Information Systems Security Professional
CLT Company-Led Training
CNSS Committee on National Security Systems
CompTIA Computing Technology Industry Association
CRISC
CSA
CSDP
CSLP
Certified in Risk and Information Systems Control
Cyber Security Agency of Singapore
Cyber Security Development Programme
Cybersecurity Strategic and Leadership Programme
DDSTA
Defence Science and Technology Agency
EC-Council
ECSA
EICSA
EIDRP
ENSA
HHTX
International Council of E-Commerce Consultants
EC-Council Certified Security Analyst
EC-Council Certified Security Analyst
EC-Council Disaster Recovery Professional
EC-Council Network Security Administrator
ITF+ IT Fundamentals G
ICT
GovTech Government Technology Agency L
Home Team Science and Technology Agency
Information and Communication Technology
IES Institution of Engineers Singapore
IHL Institute of Higher Learning
IMDA Infocomm Media Development Agency
IoT Internet of Things
ISC2
International Information System Security Certification Consortium
PMET Professional, Manager, Executive and Technician
RRA Research Assistant
RE Research Engineer
RI Research Institute
RP Republic Polytechnic
SSAF
Singapore Armed Forces
SANS SysAdmin, Audit, Network, and Security
SCS
SIT
SMU
SOP
SP
Singapore Computer Society
Singapore Institute of Technology
Singapore Management University
Standard Operating Procedure
Singapore Polytechnic
SSG SkillsFuture Singapore
SUSS
SUTD
T WSingapore University of Social Sciences
Singapore University of Technology and Design
TeSA TechSkills Accelerator
TIP TeSA for ITE and Polytechnics
TIPP Tech Immersion and Placement Programme
TP Temasek Polytechnic
WOG
Whole-of-Government
WSDeg Work-Study Degree
WSDip Work-Study Diploma
WSPostDip Work-Study Post-Diploma
WSG Workforce Singapore
YYCEP Youth Cyber Exploration Programme
About CSA
Established in 2015, the Cyber Security Agency of Singapore (CSA) seeks to keep Singapore’s cyberspace safe and secure to underpin our Nation Security, power a Digital Economy and protect our Digital Way of Life. It maintains an oversight of national cybersecurity functions and works with sector leads to protect Singapore’s Critical Information Infrastructure. CSA also engages with various stakeholders to heighten cybersecurity awareness, build a vibrant cybersecurity ecosystem supported by a robust workforce, pursue international partnerships and drive regional cybersecurity capacity building programmes. CSA is part of the Prime Minister’s Office and is managed by the Ministry of Digital Development and Information. For more news and information, please visit www.csa.gov.sg
