The impact of cybersecurity (CS) on public well-being is increasing due to the continued digitisation process of all industry sectors. The protection of information systems rests upon a sufficient number of CS specialists and their competences. A cyber-competence map describing the capacity and trends of the CS workforce is an essential element of the workforce development strategy. Large enterprises tend to have narrowly specialised employees with clearly identifiable roles. Still, most enterprises in small countries are SMEs. Therefore, the tasks and responsibilities of many CS-related specialists overlap the functions of several roles. This paper aims to develop a small-state cybersecurity competence map consistent with the standards of professional organisations. The work applies a combined qualitative and quantitative methodological approach to collect data using questionnaires and expert interviews in the CS field organisations. The study includes a representative public survey, a large-scale survey of company executives, an exploratory CS expert survey, and a comprehensive job posting analysis. Finally, a national CS competence map is presented and verified using two qualitative semi-structured interviews with field professionals. Even though the map reflects a status of a small nation state, it is activity-based and might be applicable in any country. As a future research direction, we will investigate the impact of early and late exposure to cybersecurity competences in education and framework applicability.
Keywords: Activity-based competence map; Cybersecurity competences; IT security; Workforce capacity.
© 2023 The Authors.