The Saudi Cybersecurity Workforce Development (SCyWF)

The Saudi National Cybersecurity Authority (NCA) is leading the national effort to protect the country’s cyber space. This mission requires a qualified national cybersecurity workforce capable of carrying out all types of cybersecurity work. The NCA’s mandate was issued by Royal Order number 6801, dated October 31, 2017. It includes building the national cybersecurity workforce, participating in the development of education and training programs, preparing professional standards and frameworks and developing and running tests to assess cybersecurity professionals. The NCA has developed the Saudi Cybersecurity Workforce Framework (SCyWF) as a foundational step towards carrying out that mandate.


The SCyWF categorizes cybersecurity work in Saudi Arabia, defines the job roles within each category and sets the requirements for each job role in terms of tasks, knowledge, skills and abilities (TKSAs). The main objective of the SCyWF is to serve as a reference model and a guideline for preparing, developing, recruiting, promoting and managing the cybersecurity workforce. It provides a common lexicon that improves communication and content development for talent management activities. It also helps in mapping learning outcomes of education and training programs to the knowledge, skills and abilities (KSAs) required for different cybersecurity job roles. Organizations are recommended to adopt this framework so they can align their cybersecurity workforce structures and activities with the national frameworks and guidelines. However, they can
customize the framework to address their requirements