Jul 10, 2025

Khalifa Al Shehhi
In an era where cyber threats pose significant risks to national security and economic stability, Saudi Arabia has recognized the urgent need to develop a qualified and resilient national cybersecurity workforce. To address this need, the Saudi National Cybersecurity Authority (NCA), established by Royal Order No. 6801 on October 31, 2017, has taken a leading role in safeguarding the nation's cyberspace while promoting local cybersecurity talent.
As part of its mandate, the NCA is responsible for:
Building the national cybersecurity workforce.
Developing education and training programs.
Preparing professional standards and frameworks.
Assessing cybersecurity professionals through structured testing.
To implement these goals, the Saudi Cybersecurity Workforce Framework (SCyWF) was developed as a foundational step to systematically build, align, and enhance the Kingdom's cybersecurity workforce. The SCyWF not only categorizes cybersecurity work but also defines job roles within each category while detailing the required tasks, knowledge, skills, and abilities (TKSAs) necessary for each role.
What is the Saudi Cybersecurity Workforce Framework (SCyWF)?
The Saudi Cybersecurity Workforce Framework (SCyWF) is a strategic, structured model developed by the Saudi National Cybersecurity Authority (NCA) to systematically build, manage, and advance the Kingdom's cybersecurity workforce. It categorizes cybersecurity work within Saudi Arabia, defines job roles in each category, and outlines the tasks, knowledge, skills, and abilities (TKSAs) required for each role, ensuring alignment with the Kingdom's Vision 2030 and the NCA's mission.
Purpose and Objectives
The SCyWF was developed to:
Serve as a reference model and guideline for preparing, developing, recruiting, promoting, and managing cybersecurity professionals.
Provide a standardized lexicon to enhance communication between HR, educators, and operational leaders.
Facilitate talent management activities and align curriculum development with practical job role requirements.
Map learning outcomes of education and training programs to the knowledge, skills, and abilities needed in different cybersecurity roles.
Organizations are encouraged to adopt the SCyWF to align their cybersecurity workforce structures with national frameworks and guidelines, while retaining the flexibility to tailor it to their specific operational requirements.
Alignment with International Best Practices
The SCyWF is developed in alignment with the National Initiative for Cybersecurity Education (NICE) Framework from NIST (SP 800-181), using its hierarchical methodology of categories, specialty areas, and job roles while adapting it to the unique demands of the Saudi cybersecurity landscape. Unlike NICE, the SCyWF defines categories, specialty areas, and job roles explicitly tailored to the Kingdom's cybersecurity workforce needs, ensuring a local context while maintaining international relevance.
Methodology and Structure of SCyWF
The Saudi Cybersecurity Workforce Framework (SCyWF) is developed using a structured, hierarchical methodology aligned with the U.S. NIST NICE Cybersecurity Workforce Framework (SP 800-181) while tailoring it to the specific cybersecurity workforce needs within Saudi Arabia.
Hierarchical Structure
The SCyWF organizes cybersecurity work in a three-level hierarchy:
Categories: Broad cybersecurity functions form the highest organizational layer.
Specialty Areas: Groups of job roles within each category share standard functions and TKSAs.
Job Roles: Defined sets of cybersecurity tasks, each requiring specific Tasks, Knowledge, Skills, and Abilities (TKSAs) for successful execution.
Scope Clarification:
The SCyWF specifically covers job roles directly related to cybersecurity. While many non-cyber roles (particularly IT roles) may have cybersecurity responsibilities, these are not included within SCyWF. However, it is expected that all employees will have cybersecurity awareness and adhere to good practices.
Keyword Definitions for Clarity:
Task: A set of activities required to complete part of a cybersecurity job role.
Knowledge: Data, facts, theories, and concepts necessary to understand a domain.
Skill: The capability to apply knowledge and tools effectively to perform tasks.
Ability: Behavior-based competencies necessary to execute work within the cybersecurity domain.
These TKSAs (Tasks, Knowledges, Skills, Abilities) have been adapted from the National Initiative for Cybersecurity Education (NICE) framework, incorporating adjustments to align with Saudi Arabia's local context and workforce development needs, ensuring relevance and practicality for organizations and professionals in the Kingdom.
SCyWF classification in Detail
The Saudi Cybersecurity Workforce Framework (SCyWF) organizes cybersecurity work in the Kingdom into a clear, hierarchical taxonomy, simplifying workforce development, job role alignment, and curriculum planning.
Categories and Their Roles
The SCyWF defines five main categories, each with a clear mission:
Cybersecurity Architecture, Research and Development (CARD):
Focuses on designing, developing, and researching cybersecurity systems and components.
Leadership and Workforce Development (LWD):
Covers leading cybersecurity teams and building human capital in cybersecurity.
Governance, Risk, Compliance, and Laws (GRCL):
Focuses on creating policies, managing cyber risks, and ensuring compliance with laws and regulations.
Protection and Defense (PD):
Encompasses monitoring, detecting, analyzing, and responding to cybersecurity threats.
Industrial Control Systems and Operational Technologies (ICS/OT):
Focuses on cybersecurity within industrial environments, including SCADA and ICS systems.
Specialty Areas Within Each Category
Each category is divided into Specialty Areas:
CARD: Cybersecurity Architecture (CA), Cybersecurity Research and Development (CRD)
LWD: Leadership (L), Workforce Development (WD)
GRCL: Governance, Risk, and Compliance (GRC), Laws and Data Protection (LDP)
PD: Defense (D), Protection (P), Vulnerability Assessment (VA), Incident Response (IR), Threat Management (TM)
ICS/OT: ICS/OT (ICS/OT)
These Specialty Areas further refine the functional focus within each category, ensuring precise role alignment and specialization.
Sample Job Roles Under SCyWF
The SCyWF defines 40 detailed job roles with associated TKSAs (Tasks, Knowledges, Skills, Abilities). Examples include:
Cybersecurity Architect (CARD-CA-001): Designs and oversees cybersecurity systems and networks.
Chief Information Security Officer (LWD-L-001): Directs organizational cybersecurity strategy.
Cybersecurity Risk Officer (GRCL-GRC-001): Manages and assesses cyber risks within the organization.
Cybersecurity Defense Analyst (PD-D-001): Uses monitoring tools to analyze and mitigate threats.
ICS/OT Cybersecurity Incident Responder (ICSOT-ICSOT-005): Investigates and responds to incidents in ICS environments.
Benefits of SCyWF for Organizations and Professionals
Implementing the Saudi Cybersecurity Workforce Framework (SCyWF) brings clear, structured advantages for organizations, HR teams, training providers, and cybersecurity professionals across the Kingdom.
For Organizations
Standardized Lexicon for HR and Training
SCyWF provides a common language and structure, reducing confusion and ensuring consistency across HR practices, training programs, and operational processes.
Alignment with National Frameworks
Organizations can align their cybersecurity workforce structures and development plans with national guidelines, ensuring compliance with the Saudi National Cybersecurity Authority's directives while allowing for internal customization.
Talent Management and Resource Planning
The SCyWF enables systematic:
Role mapping
Resource allocation
Workforce capacity and readiness assessments
By linking each job role to defined tasks, knowledge, skills, and abilities (TKSAs), it facilitates precise workforce planning and management.
Enhanced Curriculum and Training Development
Educational institutions and internal training teams can align learning outcomes and training modules with the practical job role requirements, ensuring that graduates and trainees meet the operational needs of the cybersecurity industry.
For Professionals
Clear Career Paths
The SCyWF provides professionals with a transparent view of cybersecurity career paths, enabling them to identify the skills and knowledge required to advance within their roles.
Competency-Based Growth
By detailing TKSAs for each role, SCyWF allows professionals to target specific competencies for improvement, facilitating targeted upskilling and personal development.
Alignment with Saudi Market Requirements
As the framework is tailored for the Kingdom, professionals aligning with SCyWF can ensure their skills and knowledge remain relevant to employers and market needs in Saudi Arabia.
A Strategic Workforce Enabler
SCyWF is more than a reference document; it is a strategic enabler for national cybersecurity resilience by:
Supporting the development of a qualified, scalable workforce.
Providing a basis for assessments and certifications.
Enabling alignment between cybersecurity operations and HR practices.
Strengthening the Kingdom's cybersecurity posture in line with Vision 2030.
Challenges and Recommendations for Adoption
While the Saudi Cybersecurity Workforce Framework (SCyWF) provides a clear and structured path for building a strong cybersecurity workforce, its practical implementation in organizations can face several challenges.
Challenges and Recommendations for Adoption
While the Saudi Cybersecurity Workforce Framework (SCyWF) provides a clear and structured path for building a strong cybersecurity workforce, its practical implementation in organizations can face several challenges.
Challenges in Adopting SCyWF
Length and Complexity
The SCyWF, while comprehensive, is detailed and extensive, which may overwhelm HR teams and departments that lack cybersecurity maturity.
Lack of Awareness and Training
Some organizations may not be fully aware of SCyWF's existence or its benefits, resulting in the underutilization of a valuable national resource.
Integration with Existing Structures
Many organizations already have legacy job structures and internal training programs that may not align immediately with SCyWF, requiring resource investment for mapping and restructuring.
Periodic Updates
Cybersecurity is dynamic, and frameworks require regular updates to stay aligned with evolving threats and technologies, posing a challenge for organizations to keep their adoption current.
Recommendations for Organizations
Start with a Pilot Phase
Adopt SCyWF within a department or a business unit as a pilot project to test integration with existing HR and training systems.
Develop an Internal Mapping Plan
Map your current cybersecurity roles and training programs against SCyWF categories, specialty areas, and job roles to identify gaps.
Leverage SCyWF for Training Development
Utilize SCyWF to align your internal and external cybersecurity training programs with practical job role requirements, ensuring that learning outcomes align with real-world needs.
Train HR and Leadership Teams
Conduct awareness sessions for HR and department leaders to familiarize them with SCyWF's structure and benefits.
Plan for Regular Review Cycles
Establish a review cycle to align your workforce and training structures with SCyWF updates, ensuring continued relevance in your cybersecurity workforce.
Recommendations for Professionals
Use SCyWF as a career planning guide to understand the skills, knowledge, and abilities required for advancement in your cybersecurity career within Saudi Arabia.
Align personal development plans and training choices with SCyWF's detailed TKSAs for targeted skill-building.
Seek out certifications and courses that align with SCyWF's frameworks to ensure practical employability in the Kingdom's cybersecurity job market.