This chapter explores cyber security education and training in Colombia, focusing on preparation for entry-level cyber security roles. It describes the landscape of education and training programmes, current learner profiles, and labour market outcomes. Special attention is dedicated to efforts to create a strong framework for the provision of cyber security programmes, including national strategies for cyber security skills, and efforts to diversify provision within higher education and to tackle teacher shortages. The chapter also looks at access and inclusion, describing challenges and initiatives designed to promote participation in cyber security learning, including among female learners and those from disadvantaged backgrounds.
Building a Skilled Cyber Security Workforce in Latin America
3. The landscape of cyber security education and training programmes: The case of Colombia
Abstract
Introduction: Setting the scene for more effective cyber security skills policies
Chapter 2 highlights the significant and growing demand for cyber security professionals in Latin American countries (LATAM), in particular in Chile, Colombia, and Mexico. This trend reflects the expansion of connectivity, especially in urban areas, the adoption of a broader range of digital technologies, and an increase in remote work opportunities. However, the recent surge in demand for cyber security professionals has not been met with a sufficient supply of trained workers, resulting in shortages that can potentially expose vulnerabilities in cyber security. These shortages are already observed today, as evidenced by research conducted by Fortinet (2023[1]), which indicates that 41% of LATAM organisations surveyed struggle to fill cloud security roles.
This chapter focuses on the Colombian context, providing a detailed overview of its cyber security education and training landscape, along with associated policies to grow and diversify its cyber security workforce. Education and training focused on developing cyber security skills is key to counteract cyber security threats and tackle skill shortages. At the same time, it is essential to have a broader understanding of the population’s digital skill capacity, which is a pre‑condition to having interest in and capacity to pursue advanced and specialised learning opportunities in cyber security.
While Colombia has made substantial progress to improve internet connectivity and the use of information and communication technologies (ICT), a significant share of the population still lacks basic digital and technical skills. This hinders the digital transition and the ability to meet labour market demands, particularly in cyber security (OECD, 2021[2]). In Colombia 59% of all companies face challenges in IT and technology-related fields finding the talent they need (Manpower Group, 2022[3]).
The shortage of cyber security skills in Colombia likely stems from the fact that it is an emerging field. Education and training systems that provide cyber security programmes are still adapting to employers’ requirements and to learners’ ability to acquire these skills. Colombia faces several challenges and opportunities in this context. Firstly, it is vital to establish skill policy frameworks to create the right environment for the expansion of cyber security education and training. Increasing flexibility in provision, in particular within higher education institutions, can help to respond swiftly to changing skills needs in the sector and serve a diverse group of learners. Providers also need creative strategies to tackle teacher shortages in ICT. Secondly, the lack of basic digital skills and low English proficiency in the population is a common barrier to participation in cyber security learning opportunities. Moreover, women are hugely underrepresented in the ICT sector, and making the cyber security profession more appealing to women can help both promote equity and respond to employer needs.
Following this introduction, this chapter first provides a snapshot of cyber security education and training programmes in Colombia. This is followed by a discussion of efforts to develop a framework that allows the Colombian skills system to respond to labour market needs in the field of cyber security. The final section discusses strategies and policies in place to stimulate greater participation in these programmes, including initiatives aimed at enhancing digital literacy and facilitating access for underrepresented learners.
The information in this chapter is derived from interviews conducted with key stakeholders in the cyber security sector, including training providers and various government entities. The analysis also draws on desk research and analysis of data form multiple household surveys and administrative information.
A glimpse into cyber security education and training programmes in Colombia
This section provides an overview of the education and training landscape in cyber security skills in Colombia. It first describes formal and non-formal education and training programmes that focus on cyber security, mostly within higher education. This is followed by a description of the profile of learners who pursue programmes in cyber security and an analysis of labour market outcomes associated with programmes in cyber security.
The provision of cyber security education and training in Colombia
Cyber security education and training aimed at developing skills for entry-level jobs include both formal and non-formal programmes1 (see Figure 3.1). Formal education includes professional technical (two‑year programme at ISCED Level 5), technologist (three‑year programme, ISCED Level 5), and undergraduate programmes (four‑to-five‑year programme, ISCED Level 6) specific to this field, with the majority of cyber security training being offered at the graduate level (specialisation and master’s degree, ISCED Level 7). This study focuses on qualifications below or at ISCED Level 6 (see Box 3.1). In addition to cyber security-specific programmes, some programmes in systems engineering and related fields include cyber security education and training as part of their curriculum and course content, or as areas of emphasis covering topics such as information security, information systems management, ethical hacking, network security, and information auditing. Articulation arrangements are also common within the system and software engineering programmes, facilitating the transition between higher education qualifications. These articulation arrangements are also offered with an emphasis on cyber security.
Box 3.1. Defining the scope of cyber security education and training for this case study
In Colombia, cyber security education and training covers a wide range of topics and cater to various levels of knowledge and expertise – from cyber security awareness, aimed at educating the general public on identifying and avoiding cyber threats, to more advanced technical skills, such as intrusion detection software management or penetration testing, designed for a specialised workforce in cyber security occupations. These technical skills are typically imparted through structured training programmes led by vocational and higher education institutions, with dedicated trainers and experts.
This study focuses on education and training programmes for entry-level cyber security roles. Such positions typically do not require substantial work experience or advanced degrees in the field, and therefore the focus in this chapter is on formal professional technical (two‑year programme, ISCED 5), technologist (three‑year programme, ISCED 5), and undergraduate (four‑to-five‑year programme, ISCED 6) courses, alongside comparable non-formal education and training programmes like diploma certificates. These foundational qualifications are instrumental in broadening access to the profession, promoting diversity, and providing steppingstones towards more advanced education and training.
For its data analysis, this study employs the Colombian-adapted versions of the International Standard Classification of Education (ISCED), Fields of Education and Training (ISCED-F 2013) and the International Standard Industrial Classification (ISIC Rev 4) to identify the cyber security field of study and sector, respectively. As shown in Table 3.1, the ISCED-F 2013 category “Design and Management of Information Systems, Network and Database”, henceforth termed “Information Systems and Services”, encompasses the cyber security field. The most relevant cyber security sectors are “Computer Programming, Consultancy, and Related Activities” and “Information Services Activities”, although cyber security jobs can be found across many different sectors. These categories help identify individuals who have participated in cyber security education and training programmes, depending on the data source.
Table 3.1. Identifying cyber security occupations and sectors in the Integrated Household Survey (Gran Encuesta Integrada de Hogares, GEIH) in Colombia
Based on the Colombian adaptation of ISCED field of study classification |
Based on the Colombian adaptation of ISIC classification for sectors |
|||
---|---|---|---|---|
Broad field |
Specific field |
Detailed field |
Division |
Group – Class |
06 Information and communication technologies |
061 Information and communication technology |
0611 Computer use |
62 Computer programming, consultancy, and related activities |
621 Computer programming activities |
0612 Design and management of information systems, network and database. |
622 Computer consultancy and computer facilities management activities |
|||
0613 Software application development and analysis |
63 Information service activities |
631 Data processing, hosting and related activities |
||
0619 ICTs not elsewhere classified |
632 Other information service activities |
Note: The cells highlighted are field of studies not considered as part of cyber security within ICT field.
Source: DANE (2018[4]), Clasificación internacional normalizada de la educación – campos de educación y formación adaptada para Colombia (CINE‑F 2013 A.C.) (Normalised International Classification of Education – fields of education and training adapted for Colombia); DANE (2021[5]), Clasificación Industrial Internacional Uniforme de todas las actividades económicas – Revisión 4 adaptada para Colombia. (International Standard Industrial Classification of all economic activities – Revision 4 adapted for Colombia).
Non-formal education and training encompasses courses that may lead to certificates but do not yield a formal qualification. Diplomados or Diploma certificates represent the most prevalent type of certified non-formal, short training courses in this field, providing targeted instruction and practical experience. The recent surge in demand for specialised ICT skills such as cyber security, has led to a notable expansion in other forms of short courses, such as micro- and macro-credentials. These courses offer flexible and accessible learning opportunities, allowing individuals to acquire the necessary expertise quickly and efficiently. By focusing on specific skill sets and competencies, these courses help address immediate local skill demands and enable professionals to stay abreast of the latest industry developments.
Formal and non-formal education in cyber security is delivered by various types of providers, each with distinct characteristics that cater to different learning needs and preferences. Higher education institutions, such as universities and technical institutes, offer formal programmes in fields related to cyber security, including systems engineering, computer science, and information technology. These institutions provide comprehensive, structured education and training, equipping students with a solid foundation in cyber security principles and practices. Universities and technical institutions can also provide non-formal education such as Diploma certificates. Private training centres, online learning platforms and industry-specific organisation offer only non-formal education programmes such as short courses, workshops and certifications in specialised cyber security sectors.
Formal education and training: The role of vocational and higher education
The provision of formal education programmes in cyber security in Colombia, specifically for entry-level jobs, covers various levels, ranging from professional technical and technologist programmes to undergraduate degrees. These programmes are designed to cater to the diverse educational and professional backgrounds of students, from those seeking entry-level skills to experienced professionals looking to enhance their expertise. In addition, technical upper secondary education mainly provides essential knowledge on ICT and aims to steer learners’ interest towards further ICT training, but it does not cover cyber security subjects (see Box 3.2). Higher education includes vocational and undergraduate programmes. The former includes professional technical and technologist courses that focus on practice‑oriented training, preparing students for careers in cyber security operations and management. Undergraduate programmes delve deeper into the theoretical foundations and advanced concepts of cyber security, emphasising research, innovation, and critical thinking. Depending on the level and type of programme, courses may be delivered full-time or part-time, while flexible schedules and blended learning options serve learners who cannot be fully dedicated to study or who are located in remote areas.
The offer of education programmes in this field has been growing in response to emerging demand. Colombian providers offered 494 formal programmes in systems, telematics, and related engineering fields in 2022 (hereinafter systems engineering programmes), including professional technical (52), technologist (195), and undergraduate programmes (247) (see Figure 3.2, Panel A). While the supply of technologist and undergraduate programmes in this field has increased by 12% compared to 2014, the number of more foundational technical programmes have dropped by 30%. The growth of technologist and undergraduate programmes may reflect higher demand for professionals with advanced skills in more technology-intense fields such as systems engineering (Ferreyra et al., 2017[6]). Also, the trend toward obtaining a higher education qualification may contribute to the decline in professional technical programmes in LATAM. Particularly in Colombia, the number of professional technical programme offerings across all fields has dropped by 39% in the last decade (MEN, 2023[7]). Students may increasingly pursue technologist and undergraduate degrees to improve their job prospects and earning potential (Ferreyra et al., 2017[6]). This trend can lead to a decrease in enrolment and offerings of more foundational professional technical programmes.
Box 3.2. Technical upper-secondary education (Media técnica)
Technical upper-secondary education provides foundational technical knowledge in specific fields such ICT, preparing for entry-level jobs and advanced training at higher levels of education. It typically covers the final two years of basic education (i.e. students aged 15 to 16) and is delivered in vocational schools or technical institutes. Technical upper-secondary programmes offering ICT as area of specialisation introduce students to essential concepts and principles of ICT, developing theoretical knowledge and practical skills, drawing on up-to-date scientific and technical knowledge. Programmes also aim to foster student interest in the field, establishing a strong foundation for more advanced training in ICT areas such as cyber security.
Public institutions, predominantly National Learning Service (Servicio Nacional de Aprendizaje, SENA), lead the provision of technical upper secondary programmes, leveraging partnerships with local governments, city councils, and the business sector. For example, since 2015, the Medellín city council has built ties with various technical schools, like SENA and ETDH Microempresas de Colombia,2 benefiting roughly 19 000 students across 189 institutions in 2019 with advanced ICT training (Medellin's Secretary of Education, 2022[8]). Similarly, Bogotá’s city council has fostered educational continuity through projects like ‘Strengthening the Skills of District Youth to Face the Challenges of the 21st Century,’ which smooths the transition of students into ICT-specialised education (Alcaldía Mayor de Bogotá, 2021[9]).
The provision of cyber security programmes in formal education is relatively small but has been growing. While in 2014 no programmes existed in this field, by 2022 four cyber security programmes were available: one professional technical (in Information Security Services), three technologists (in Computer network and information security, in Computer Network Security Management and in Network and information security), and one undergraduate programme (Engineering in information security). In addition, 58% of systems engineering programmes include cyber security topics as subjects or as an area of emphasis.
Participation in education and training programmes in cyber security or related fields is limited. According to the National Information System of Higher Education (SNIES), in 2022, only 15% of students in higher education were enrolled in systems engineering programmes, and this proportion has fallen since 2016. Most learners who study systems engineering programmes cover cyber security topics (see Figure 3.2, Panel B). In 2022, two out of every five students in systems engineering technologist and undergraduate were enrolled in programmes that included cyber security subjects or offered cyber security as a field of specialisation. According to consulted stakeholders, the importance of cyber security within technologist and undergraduate programmes may be due to the complexity and prerequisites of the field, as well as the growing demand for professionals with advanced skills in cyber security. Conversely, only 4% of students of professional technical programmes in the field of systems engineering enrolled in a programme that covers cyber security subjects.
Professional technical and technologist programmes
In Colombia, ICT programmes at short-cycle tertiary level (ISCED Level 5) include two types of programmes: professional technical programmes and technologist programmes, with the latter providing more advanced knowledge and skills. These programmes are similar to associate degrees in the United States, higher technical qualifications in the United Kingdom and Brevet de Technicien Supérieur (BTS) programmes in France. Both professional technical and technologist programmes prepare for entry into the labour market, while allowing for progression to higher levels of education. Delivered by vocational and technical institutions, they target various ICT disciplines such as programming, network administration, and systems management. Both professional technical and technologist programmes are designed through collaboration between employers and educational providers, ensuring that the course content meets industry demands. The National Learning Service (SENA), the largest public professional technical and technologist provider, engages with employers through sectoral roundtables to design and update programmes and curricula. Three out of 84 sectoral roundtables concentrate on the ICT sector, covering areas like digital and information security (SENA, 2023[10]). This approach ensures alignment between educational programmes and the evolving needs of the ICT industry.
Professional technical programmes emphasise foundational skills in ICT. Programmes take two years to complete and usually involve a work-based learning component. They include areas such as hardware and software technical support, as well as software programming. In 2022, only one programme was offered in the field of cyber security (see Table 3.2, first row) with 45 students enrolled. This programme provides foundational knowledge and skills in cyber security such as running vulnerability threat and risk tests and implementing cyber security protocols. Most professional technical programmes focus on broader ICT education, with cyber security addressed as one component within the curriculum. For example, some programmes have modules or courses related to cyber security, such as network and risk management, and incident response. According to SNIES, 11% of professional technical programmes in the field of system engineering include cyber security subjects (6 programmes in total) such as ‘support of information system security’ and ‘introduction to information security’. This approach ensures that students gain a comprehensive understanding of ICT concepts, while developing some specialised knowledge and skills in cyber security. The curriculum is structured to incorporate real-world scenarios and practical exercises, encouraging students to apply their learning to address current and emerging cyber security challenges.
Table 3.2. A sample of cyber security professional technical programmes in Colombia, 2022
Programme |
Duration |
Description |
Provider and location |
|
---|---|---|---|---|
Professional technical programmes in cyber security |
Professional technician in information security services |
4 semesters |
A professional technician in computer security services is able to monitor and provide support and solutions in computer security. In this programme, students learn how to run vulnerability threat and risk test following technical policies and protocols available in the cyber security field. |
Fundación Polítécnico Minuto de Dios, in Bogota |
Professional technical programmes including cyber security subjects or as area of emphasis |
Professional technician in software and hardware support |
4 semesters |
This programme equips students with foundational technical skills to implement, operate, and maintain systems and applications using tools, enabling them to provide support in the use of computer systems. This programme include training on information security and support of information systems. |
Instituto superior de educación social (ISES) |
Source: MEN (2023[7]), Sistema Nacional de Información de la Educación Superior – SNIES (National Higher Education Information System), https://snies.mineducacion.gov.co/portal/; Fundación polítécnico Minuto de Dios (2023[11]), Técnico profesional en servicios de seguridad informática (Professional technician in information security services), https://tecmd.edu.co/programas_titulados/tecnico-profesional-en-servicios-de-seguridad-informatica/; Instituto superior de educación social (ISES) (2023[12]), Técnico profesional en soporte de hardware y software (Professional technician in software and hardware Support), https://www.ises.edu.co/soporte-de-hardware-software.
Technologist programmes in cyber security provide a more advanced level of education than technical programmes, preparing students for mid-level roles in the industry. These programmes typically involve both theoretical instruction and practical applications, with emphasis on problem-solving and critical-thinking skills (MEN, 2023[13]). The durations of technologist programmes in cyber security are generally between two and three years. Programmes cover a wide range of topics, including network security, ethical hacking, digital forensics, risk management, security operations, and incident response. Students are also exposed to emerging technologies and trends in the field, such as cloud security, Internet of Things (IoT) security, and artificial intelligence applications in cyber security. Three technologist programmes focus specifically on cyber security: ‘Computer network and information security’, ‘Computer network security management’ and ‘network and information security’ (see Table 3.3). In addition, students can select among the 63 programmes in the field of system engineering which include cyber security as part of the programme structure or as an area of emphasis. For instance, the technologist school ‘Institución Universitaria Salazar Herrera’ in Medellin offers a programme in ‘Technologist in systems’, with information security as area of specialisation. This area includes three subjects: ‘ethical hacking’, ‘network security’ and ‘security testing’
Table 3.3. A sample of cyber security technologist programmes in Colombia, 2022
Programme |
Duration |
Description |
Provider and location |
|
---|---|---|---|---|
Technologist programme in cyber security |
Technologist in computer network and information security. |
6 semesters |
This programme offers students theoretical and practical foundation to implement security controls, configure devices securely, manage vulnerabilities an detect network security incidents |
Corporación Universitaria Minuto de Dios (Uniminuto), in Bogota |
Technologist in computer network security management. |
6 semesters |
This programme offers students the foundations to provide technological support for network-based services and resources, as well as carry out vulnerability management, reporting, monitoring, and detection of security incidents and consolidate network performance metrics. |
Corporación Universitaria Minuto de Dios (Uniminuto), in Bogota. |
|
Technologist in Network and information security. |
6 semesters |
Students enrolled in this programme are able to set up, give support and ensure secured connectivity in organisations. This programme also provides foundations for risk management for highly technological environments and big data infrastructure. |
Institución Universitaria Escolme, in Antioquia |
|
Technologist programmes including cyber security subjects or as area of emphasis |
Technologist in Systems with emphasis on information security |
6 semesters |
Students in this programme engage in developing and implementing computer applications for desktop and mobile devices, as well as designing and managing computer networks for various organisations. This programme offers students security information as specialisation pathway. |
Institución Universitaria Salazar y Herrera |
Technologist in Software development. |
6 semesters |
The Technologist in Software Development programme provides students with essential skills for the software industry. Focusing on efficient processes and social, technical, economic, and environmental responsibility, the curriculum covers four key areas: operational design, information system development, software testing, and database maintenance and support. |
Institución Universitaria Pascual Restrepo |
|
Technologist in Development of informatic systems. |
6 semesters |
A technologist from this programme will be capable of efficiently implementing a software product and performing its respective maintenance. This programme includes several subjects related to computer security, such as information technology security, information systems planning, and server administration. |
Unidades tecnológicas de Santander |
Source: MEN (2023[7]), Sistema Nacional de Información de la Educación Superior – SNIES (National Higher Education Information System), https://snies.mineducacion.gov.co/portal/; Fundación polítécnico Minuto de Dios (2023[14]), Técnico profesional en servicios de seguridad informática (Professional technician in information security services), https://tecmd.edu.co/programas_titulados/tecnico-profesional-en-servicios-de-seguridad-informatica/; (2023[15]), Tecnologías en sistemas (Technologist in systems), https://www.iush.edu.co/es/Universidad/pregrados/escuela-de-ingenierias/tecnologia-sistemas; Institución Universitaria Pascual Restrepo (2023[16]) Tecnología en desarrollo de software (Technologist in Software development), https://pascualbravo.edu.co/facultades/facultad-de-ingenieria/programmeas/tecnologia-en-desarrollo-de-software/; Unidades tecnológicas de Santander (2023[17]), Tecnologia en Desarrollo de Sistemas informáticos (Tecnologist in development of informatic systems), https://www.uts.edu.co/sitio/tecnologia-en-desarrollo-de-sistemas-informaticos/#1562800770722-cfdcde65-4afc; Institución Universitaria Escolme (2023[18]), Tecnologo en redes y seguridad informática (Technologist in Network and information security), www.escolme.edu.co.
Undergraduate programmes
Undergraduate programmes (ISCED Level 6) in Colombia take four to five years to complete. ICT programmes provide students with a solid expertise in various aspects of ICT, while also offering the opportunity to delve deeper into cyber security-related subjects through specialised coursework, projects, or internships. The curriculum typically covers essential topics such as cryptography, network security, ethical hacking, software security, and information assurance, while also incorporating cross-cutting topics and technologies like cloud security, IoT security, and artificial intelligence in cyber security. Only one undergraduate programme is available in cyber security. However, most undergraduate programmes in system engineering cover cyber security topics as part of the curriculum or area of emphasis (58% in 2022) (see Figure 3.2, Panel B).
Table 3.4 describes a cyber security programme and a system engineering programme with an emphasis in cyber security. The former provides students with a comprehensive understanding of cyber security issues from the beginning. Further in the training, it provides specialised knowledge on hacking techniques, forensics, databases and infrastructure security. System engineering programmes with cyber security content also include specialised training in cyber security-specific topics such as software security and infrastructure security, however, most of these subjects are not compulsory. Both programmes combine theoretical foundations with practical applications relevant to a wide range of cyber security roles, from security analysts and consultants to network administrators and digital forensic specialists, including cyber security research (see Chapter 2).
Table 3.4. A sample of cyber security undergraduate programmes in Colombia, 2022
Programme |
Duration |
Description |
Provider and location |
---|---|---|---|
Information security engineering |
9 semesters |
This programme offers knowledge and skills to secure, audit, and protect information. Students completing this programme have a critical and creative vision to mitigate and manage the risk according to the current communication needs of public, private and governmental institutions. Students are prepared in state‑of-the‑art technologies for certification in cyber security tools and standards from world-class companies such as Cisco, Fortinet, ISO 27000, Microsoft and Linux |
Universidad de Manizales, in Caldas |
System engineering |
8 semesters |
The focus on advanced software development and digital security covers two areas: infrastructure, which targets secure solutions for lower computer system layers, and development, which aims to create complex applications for upper layers. |
Pontificia Universidad Javeriana, in Bogotá |
Source: MEN (2023[7]), National Higher Education Information System (Sistema Nacional de Información de la Educación Superior – SNIES); Universidad Javeriana (2023[19]), Ingenieria de sistemas (Systems engineering), https://www.javeriana.edu.co/carrera-ingenieria-de-sistemas; Universidad de Manizales (2023[20]), Ingenieria en seguridad de la información (Information security engineering), https://umanizales.edu.co/Programmea/ingenieria-en-seguridad-de-la-informacion/.
Most undergraduate programmes in systems engineering provide a range of degree pathways and cater to diverse student interests and career goals. One popular option involves participating in industry internships, apprenticeships or work placements during the final year of study (MEN, 2015[21]). These hands-on experiences, which typically last between one semester and a year, enable students to gain valuable insights and practical skills within the sector. Alternatively, students may opt to pursue postgraduate studies early by enrolling in master’s level courses in information security or other related fields during their final year of undergraduate education. This approach allows for a smoother and faster transition into advanced studies.
Articulation arrangements between different levels
In higher education, students can also enrol in articulated programmes in ICT fields, designed to facilitate transitions between levels. The term “propaedeutic cycle” is commonly used in Colombia to refer to articulation arrangements and it is particularly common in systems and software engineering degrees (see Box 3.3). Articulation arrangements play a crucial role in smoothing the transition from general ICT technical programmes to technologists and undergraduate programmes such as software engineering with emphasis in cyber security. The framework is flexible, so students can choose the intensity and level of specialisation. This approach is designed to prepare students for more specialised studies in their chosen field, building on the solid foundation in core ICT concepts and principles they already acquired (MEN, 2017[22]).
Table 3.5 shows some of the universities that offer this propaedeutic cycle in system engineering or software engineering with emphasis on cyber security. For instance, Colombian Industrial Technologist school (Corporación Tecnológica Industrial Colombiana – TEINCO) offers a two‑years technical programme in information system which equip students with skills to manage databases, websites and information systems and implement protocols for software development. After finishing, students can enroll to obtain a technologist degree in software development by adding one more year of specialised studies, and taking more field specific subjects such as system information design and software and system analysis. If students are interested in obtaining an undergraduate degree in systems engineering with emphasis in cyber security, they only require an additional year and a half of advanced courses such as software development, system auditing, and ethical hacking.
Table 3.5. Programmes with propaedeutic cycle with system engineering or software engineering with focus on cyber security
Programme |
Level of education |
Duration |
Description |
Provider and location |
---|---|---|---|---|
Professional technician in Information system (Baseline programme) |
Technical programme (ISCED 5) |
4 semesters |
This programme equips students with the foundational technical skills to develop information systems and websites, manage databases, and implement protocols for software development. |
Corporación Tecnológica Industrial Colombiana – TEINCO |
Software development technology |
Technologist programme (ISCED 5) |
+ 2 semesters |
In the additional two semesters, the programme provides the technical knowledge on system information design, cyber security, software engineering and system analysis. |
|
System engineering |
Undergraduate programmes (ISCED 6) |
+3 semesters |
In the last three semesters, the programme imparts more advanced training on system auditing, ethical hacking, software engineering, and informatic legislation. |
|
Professional technician in software programming (Baseline programme) |
Technical programme (ISCED 5) |
4 semesters |
This programme equips students with skills to identify organisational needs, automate data processing, implement information management policies, develop software applications, and provide hardware and software technical assistance. |
Corporación Institución de Administración y Finanzas |
Software development technology |
Technologist programme (ISCED 5) |
+ 3 semesters |
In the additional three years, the programme covers data processing automation, software development engineering, quality, and advanced networking and database management skills. |
|
Software engineering |
Undergraduate programmes (ISCED 6) |
+3 semesters |
In the final three years, students learn advanced software engineering, artificial intelligence, software auditing, information security, and secure systems architecture. |
Note: The starting programme is highlighted in grey.
Source: MEN (2023[7]), National Higher Education Information System (Sistema Nacional de Información de la Educación Superior – SNIES); Corporación Tecnológica Industrial Colombiana (TEINCO) – https://teinco.edu.co/; CIAF Institución de Educación Superior – https://www.ciaf.edu.co/landing/vistas/IngenieriadeSoftware.html.
Box 3.3. Propaedeutic cycle in Colombia: Technical, technologist and undergraduate programmes articulation
Higher undergraduate education in Colombia is organised into three flexible, sequential, and complementary stages through propaedeutic cycles, which is a preliminary stage in an education programme that equips students with the foundational knowledge and skills needed for advanced study in a specific subject area. Students can start with a professional technical programme (2 or 3 years), progress to a technologist programme (+1 year), and finally attain a university professional level (+1 or +2 years) (See Figure 3.3). Propaedeutic cycles allow students to opt for a professional technical or technologist career, earning a degree certifying their specific competencies. Graduates can then proceed to the next cycle, obtaining a corresponding degree. Each cycle also offers opportunities for specialisation.
As stated in Law 749 of 2002, the first cycle encompasses professional technical training, focusing on tasks related to independent technical activities. The second cycle pertains to technologist training, developing “responsibilities of conception, direction, and management.” The third cycle constitutes the professional level, enabling “autonomous practice of high-level professional activities and mastery of scientific and technical knowledge.” Every cycle serves a unique educational purpose, professional profile, and performance field. The aim is to create a coherent, interconnected chain of cycles, forming a multilevel training process with increasingly complex and broader competencies (Congreso de Colombia, 2002[23]).
Source: Ministry of National Education, https://www.mineducacion.gov.co/portal/Educacion-superior/Informacion-Destacada/196476: Formacion-por-ciclos-propedeuticos.
Non-formal training: Continuing education and job training programmes
Non-formal education and training in cyber security in Colombia takes many forms, addressing various topics within the field and catering to a wide range of learners. These programmes, which include short-term courses, online learning, and specialised training offered by higher education institutions, industry experts, and private organisations, provide flexible learning opportunities for individuals seeking to develop or enhance their cyber security skills. Within this diverse landscape, this section focuses on the most relevant and innovative initiatives, such as Diplomados or Diploma certificates and the novel offer led by higher education institutions such as micro- and macro-credentials and non-formal learning pathways. These training programmes aim to respond to labour market needs and encourage broader and diverse participation in training.
In Colombia, participation in non-formal education has dropped in all fields of study including informatics and engineering (which are related to cyber security). Panel A of Figure 3.4 shows that around 2.1 million individuals participated in non-formal training in 2022, 42% less than in 2016. The COVID‑19 pandemic largely explains this drastic decline in participation in non-formal education. Compared to 2021, after the peak of the COVID‑19 pandemic, the number of participants in non-formal training increased by 18% (DANE, 2022[24]). The drop in enrolment is more pronounced in fields different from informatics and engineering which reflects that the demand of ICT skills training remains strong. Also, with the rise of online learning platforms and Massive Open Online Courses (MOOCs), individuals may prefer accessing training and educational content online rather than attending non-formal training person, and such remote options are more often available in the ICT field. In 2022, 80% of non-formal learners enrolled in informatics and engineering took their training online – almost four times more than in 2016 (see Figure 3.4, Panel B). Most of the learners of informatics and engineering non-formal training are enrolled in short or low- and medium-low-intensity courses (less than 100 hours of training) (73%) and in those mainly provided by public institutions (65%).
Informatics is one of the fields learners are most engaged in after ‘business and administration’, ‘health and social services’ and ‘security services’ (DANE, 2022[25]). Around 175 thousand people participated in training in informatics in 2022, which reflects the government’s effort in expanding access to ICT training by funding formal and non-formal programmes. Strategies such as ‘A ticket for the future’ (Un tiquete para el futuro) and ‘Digital skills in cyber security’ are among the initiatives implemented in the last five years (MinTIC, 2022[26]; 2022[27]), as discussed later in this chapter.
Diploma certificates (Diplomados)
Diploma certificates are short, intensive courses that provide specialised education and training in a specific subject or field, such as cyber security. This type of training serves a diversity of students, including working professionals and those seeking a career change. Diploma certificates are not regulated by the municipal secretary of education or MEN (Ambito Jurídico, 2022[28]), however, they are considered the most common non-formal training available and in high and increasing demand by potential learners (El Colombiano, 2021[29]). Ranging in duration between 40 and 120 hours, Diploma certificates combine theoretical instruction and practice‑oriented learning experiences (MEN, 2020[30]). They serve as a flexible and accessible form of non-formal education, allowing individuals to expand their expertise and keep up with industry trends. Diploma certificates typically take between 3 to 12 months to complete and involve practical training, case studies, and group discussions. Their costs vary substantially, ranging between COP 600 000 (Colombian Pesos) and COP 4 500 000 (approximately EUR 120 and EUR 915),3 depending on the length and course content. These courses are highly specialised and can be taken in‑person or online. Their schedule is flexible, and courses may be offered on evenings and/or weekends, to allow students to balance their studies with other commitments.
The content of diploma certificates in cyber security can vary by level of difficulty and specialisation (see Table 3.6). General diploma certificates equip students with foundational technical knowledge in cyber security and computer security management. These courses also aim to raise awareness about information security issues and cyberattacks. For instance, Javeriana University offers an online diploma certificate that introduces cyber security operations, covering the essential knowledge for understanding cyber security fundamentals. Other diploma certificates address more advanced and complex topics, such as Universidad del Bosque’s diploma certificate focused on Ethical Hacking. This programme enables students to develop knowledge about the technical, strategic, and legal aspects of computer security. Some diploma certificates go hand in hand with competency certifications or industry-required standards. For example, Universidad Piloto de Colombia’s computer security diploma certificates includes an Internal Auditor course and certification in ISO 27001, which is deemed highly relevant in the sector.
Table 3.6. A sample of Diploma certificates in cyber security
Programme |
Duration |
Modality |
Description |
Provider |
---|---|---|---|---|
Diploma certificate in Introduction of cyber security operations |
51 hours |
Virtual / Online |
This course provides comprehensive training in cyber threats and information security risk for students pursuing a cyber security career, enabling them to identify vulnerabilities and respond effectively. |
Pontificia Universidad Javeriana, Bogotá |
Diploma certificate in cyber security |
120 hours |
Virtual / Online Synchronous |
This course equips students with skills to create and implement policies ensuring an organisation’s computer resources’ confidentiality, integrity, and availability. The curriculum covers topics such as cyber security, network security, software development security, penetration testing, and cyber security management. |
Universidad del Norte, Barranquilla |
Diploma certificate in computer security |
100 hours |
In person |
The computer security diploma certificate equips students with tools to counter threats and implement information protection schemes aligned with ISO 27001 standards. The 65% practical programme includes labs in cryptography, vulnerability analysis, ethical hacking, digital forensics, and workshops on risk management, business continuity, and auditing. |
Universidad Piloto de Colombia, Bogotá |
Diploma certificate in Ethical Hacking |
100 hours |
Virtual / Online |
This diploma certificate aims to tackle challenges related to information security and data protection by comprehensively addressing strategic, technical, and legal aspects, all while adhering to industry regulations and employing best practices |
Universidad del Bosque, Bogotá |
Source: Universidad del Norte – https://www.uninorte.edu.co/web/educacion-continuada/diplomado-en-ciberseguridad; Universidad Piloto de Colombia, https://www.unipiloto.edu.co/diplomado-en-seguridad-informatica/; Tech school of information technology https://www.techtitute.com/co/informatica/diplomado/seguridad-informatica; Pontificia Universidad Javeriana, https://javerianacyberpro.com/ciber-academia/introduccion-a-la-ciberseguridad/.
Typically, diploma certificates are offered by higher education institutions, professional associations, and private organisations. Some educational institutions form partnerships with private sector companies or specialised international providers. One example is the collaboration between the Pontificia Universidad Javeriana and CyberPro Global, a leading international provider of cyber security education and training. Together, they have established the Javeriana CyberPro Centre, which aims to identify training needs and offer comprehensive cyber security education and support (see Box 3.4). Similarly, SENA developed the ‘Technological centre of excellence and simulation in cyber security’ jointly with MNEMO (an IT and cyber security services company) to deliver diploma certificates in information security and courses related to the field.
Box 3.4. Partnerships to provide Diploma certificates in cyber security
Javeriana CyberPro Centre
The Pontificia Universidad Javeriana and CyberPro Global have partnered to create Colombia’s first cyber security Centre, the Javeriana CyberPro Center. Offering an innovative approach, the centre combines different educational methods, practical challenges, and cyber services. It provides diploma certificate courses focused on cutting-edge technologies for cyber security and information security professionals.
Cyber-Fundamentals: Students explore crucial aspects of the cyber landscape, gaining knowledge for a cyber security career. The course covers importance, tools, and concepts through hands-on exercises in specialised environments for an engaging learning experience.
CISO: Designed for managers with at least three years of experience in IT, departments, divisions, or security, this programme enhances participants’ cyber security management expertise and helps them achieve international certification. The course focuses on understanding planning and maintenance processes for integrated security management systems, equipping students with the tools to lead technology teams effectively.
Cyber-awareness: This programme cultivates a strong cyberculture within organisations by educating employees and creating a “human firewall.” It emphasises sharing best practices among management, employees, and stakeholders to prevent or mitigate security breaches. Participants gain the knowledge and tools to understand risk and implement suitable policies.
The Javeriana CyberPro Center also provides tailored training programmes for companies with distinct cyber security needs. These organisations benefit from initial consultation and a customised proposal addressing their requirements, resources, schedule constraints, and other considerations.
Technological Center of Excellence and Simulation in Cyber security (SENA-MNEMO).
The National Learning Service (Servicio Nacional de Aprendizaje – SENA, a public VET institution) together with MNEMO, an IT and cyber security services company, founded the Center of Technological Excellence (Centro de Excelencia – CEDEX) to deliver comprehensive training for instructors and learners in the field of cyber security. Through this collaboration, they provide various educational opportunities, including trainings, diploma certificates, bootcamps, and international certifications. The centre also features a specialised laboratory for immersive classes, allowing students to practice in real-world company environments. Since the centre’s inception, approximately 23 000 students in the ICT sector have benefited from its offerings.
Source: CYBERPRO Center (2023[31]), Javeriana Cyberpro centre, https://javerianacyberpro.com/; MNEMO (MNEMO, 2022[32]) – SENA y MNEMO inauguran en Colombia el primer centro tecnológico de excelencia y simulación en ciberseguridad de América Latina (SENA and MNEMO launch Colombia’s first cybersecurity technology centre of excellence and simulation in Latin America), https://www.mnemo.com/sena-mnemo-ciberseguridad/.
Other types of short courses, non-traditional learning pathways and online training
Diploma certificates are only one form of non-formal education and training programmes. The non-formal training sector is hugely diverse, with different types of training modalities and covering a variety of sectors. Short courses, like diploma certificates and many other non-formal training activities, have become some of the most common types of non-formal training among learners interested in the field of informatics and engineering (see Figure 3.4, Panel B). These courses usually last a few weeks or months and are often available online and cover a wide range of topics, from foundational knowledge in cyber security, to more specialised topics depending on the course’s focus.
In recent years, due to the high demand for ICT skills, the provision of short-term courses in Colombia has become more structured, offering them as part of learning pathways or building blocks for developing more advanced and specialised skills, such as in cyber security. Micro- and macro-credentials4 are examples of these initiatives, validating and certifying the mastery of specific skills or competencies as part of a learning path in a specific field. In some cases, micro- and macro-credentials can be recognised as part of academic credits (i.e. measure of the value or weight assigned to a particular course or module) within a formal programme. For example, Universidad EAN provides training pathways in ICT skills within the cyber security sector. Paths such as ‘software development,’ ‘information management and databases,’ and ‘network and communication management’ enable students to acquire micro and macro-credentials, validating their knowledge and facilitating access to job opportunities or the recognition of subjects that are part of a formal educational programmes. Some of these short courses are provided online and through e‑learning platforms (see Box 3.5).
Box 3.5. Online courses in digital skills available in Spanish: Insights from e‑learning platforms
The top e‑learning platforms in Latin America, including Coursera, EdX, LinkedIn Learning, and Tutellus (Edapp, 2022[33]), offer around 40 000 digital skills and computer science courses, with 24% of the total online course offerings being in the digital field (see Table 3.7). Cyber security course availability is limited, but LinkedIn Learning provides the most extensive selection, with 530 Spanish-language courses as of April 2022. Courses cater to different levels of expertise, budgets, and time commitments, ranging from beginner topics to advanced certification programmes. Learners with no experience in the field can enrol in courses such as ‘Information Security Principles and Regulations (Principios y regulaciones de seguridad de la información)’. For learners with more experience, there are options such as ‘Vulnerability and penetration test (Vulnerabilidades y pruebas de penetración)’ or ‘Cyber security for Tech Professionals (Ciberseguridad para profesionales de ICT)’. These platforms also update their course offerings regularly to keep up with industry trends and emerging technologies.
Table 3.7. Online short courses offered in Spanish on a selected of e‑learning platforms
Online training provider / Platform |
Total number of training courses (approx.) * |
Total number of courses offered in digital skills and computer sciences |
% Out of the total number of courses offered |
Total number of courses offered in cyber security |
% Out of the total number of courses offered in computer sciences |
---|---|---|---|---|---|
Coursera |
4 500 + |
978 |
22 |
15 |
2 |
EdX |
700 + |
106 |
15 |
11 |
10 |
LinkedIn Learning |
16 000+ |
4 133 |
26 |
530 |
13 |
Udemy |
17 000+ |
2 748 |
2 |
301 |
11 |
Tutellus |
NA |
1 240 |
|
11 |
|
Total |
38 000+ |
9 205 |
24 |
868 |
9 |
Note: The numbers for digital and computer science and cyber security were retrieved from each platform course finder. The filters available by default were used for the number of digital and computer science courses. For the number of cyber security courses, “cyber security” word combinations were used in each platform’s search engine after filtering by digital and computer science fields. Only the courses offered in Spanish were taken into account.
Source: Information collected online directly from providers’ platforms on April, 2022. The total number of training courses is taken from the e‑learning platform websites.
The profiles of cyber security learners
Diversity among cyber security learners
Cyber security education and training programmes are accessible to learners of all ages. However, in formal education, a significant portion of learners in technical professional, technologist and undergraduate programmes in systems engineering are from the younger cohorts (see Figure 3.5). In 2022, the majority of students nearing completion of technical, technologist programme, or higher education programmes in systems engineering were between 18‑25 years old (70% and 59%, respectively), and this share has increased compared to 2017. Conversely, participation of older learners (46+) in cyber security education and training is limited. This is consistent with international research that finds that teens and young adults who faces rapid adoption of mobile internet and faster appropriation of technology, have more changes to engage with STEM education and aspired to work in STEM jobs (Godec, Archer and Dawson, 2021[34]).
In non-formal training, learners from different age groups engage with training in cyber security related fields. Figure 3.6 shows that in the participation rate in informatics and engineering training is higher among 30‑49 year‑olds than any other age group (47%). Also, young people are more likely to enroll in cyber security related field training than those aged 50 or more (38% vs. 15% respectively).
Similarly to other countries, ICT in Colombia is a male‑dominated field. In 2022, around one-fifth of students about to complete their technical and technologist programme (24%) and undergraduate programmes (20%) were women, and this ratio has slightly decreased in the last five years (see Figure 3.6). In non‑formal training, women are also underrepresented: only 29% of learners in informatics and engineering are females, which is noticeably less than the proportion of women studying in other fields (52%). The Colombian Government has made progress in providing information regarding labour market outcomes especially in the STEM field, such as the Proyecta-T programme (MEN, 2015[35]), and the labour opportunities available for women in the sector, but policies oriented to guide students to use the information available and support their career decision making process (Bonilla-Mejía, Bottan and Ham, 2019[36]), especially among women, may remain insufficient. Colombia has experienced high levels of economic inequality, which can disproportionately affect women and limit their access to educational resources, including career guidance. Also, lack of female role models in the ICT field make young women less likely to pursue an ICT career path.
The lack of diversity in the cyber security field, particularly regarding gender, may be attributed to stereotypes ingrained in young people from an early age. Such stereotypes and misconceptions about careers in cyber security can influence career expectations and choices, potentially perpetuating current gender diversity imbalances in the profession. In OECD countries, 15‑year‑old boys are more likely to anticipate working in science and engineering than girls (OECD, 2019[37]). In 2018, the ‘ICT professionals’ occupation ranked among the top three aspirations for 15‑year‑old boys in OECD countries, whereas it did not even make the top 10 for girls (OECD, 2020[38]). These gender differences in occupational expectations have remained relatively unchanged since 2000 (OECD, 2019[37]). Equally, the under-representation of girls amongst top performers in science and mathematics can at least partly explain the persistent gender gap in careers in STEM fields – which are often amongst the highest-paying occupations (OECD, 2019[37]).
Regional and socio-economic disparities in cyber security education and training programmes
Socio-economic disparities in cyber security education mirror high levels of inequality in higher education enrolment in general. Students from low-income households are less likely to enrol in undergraduate programmes than their high-income peers, regardless of the field of study (Arias Ortiz, Bornacelly and Elacqua, 2021[39]). Typically, students only need to achieve a minimum score on the SABER 11 national standardised test to be eligible for enrolment in higher education programmes. However, students from disadvantaged backgrounds often do not perform as well on this test, which assesses academic skills and knowledge acquired in secondary school and serves as an entrance exam, as their more advantaged peers (Gómez Soler, Bernal Nisperuza and Herrera Idárraga, 2020[40]). This is mainly due to the low quality of public education that most disadvantaged students are enrolled in, as well as unequal access to supplementary tutoring services for test preparation (Gómez Soler, Bernal Nisperuza and Herrera Idárraga, 2020[40]). Evidence indicates that these students have lower pass rate for the minimum requirements especially in STEM programmes (Londoño-Vélez, Rodríguez and Sánchez, 2020[41]). Moreover, students from lower socio-economic background face multiple additional barriers to enrol in higher education programmes, including limited digital literacy, financial constraints and lack of access to necessary tools such as computer and internet connectivity, preventing them from enrolling (Dialogo Inter-Americano, BID, Worldbank, 2021[42]). Figure 3.7 shows that 13 out of 100 000 working age adults from the lowest socio-economic background (Socio‑economic stratum 1) were enrolled in systems engineering programmes, which is half of the chances of students from the highest socio-economic background (Socio‑economic stratum 6). Most students enrolled in engineering programmes come from middle income households (Socio‑economic stratum 3 and 4). Overall, higher education enrolment has increased in the last two decades in Colombia, especially among the most disadvantage learners, but there are concerns in terms of the quality of education these students engage with (Arias Ortiz, Bornacelly and Elacqua, 2021[39]).
There is also a major rural-urban divide in participation in education and training related to cyber security. Only 13% of system engineering students are from rural areas. The system engineering participation rate is 16 students for each 100 000 people in rural areas, compared 47 students for each 100 000 people in urban areas (See Figure 3.7).
Moreover, there are important differences in the provision of and participation in cyber security training programmes by subregion. Participation in non-formal training in cyber security related fields such as informatics is highly concentrated in subregions were the main cities or digital hubs are located such as Bogotá, Cundinamarca, Antioquia (Medellín) and Atlántico (Barranquilla). According to the National Statistics Department (Departamento Administrativo Nacional de Estadísticas, DANE), these regions together account for the 47% of total participation in in this field. However, when adjusting participation by subregion’s population, the participation rate shows more heterogeneity (see Figure 3.8). Subregions such as Casanare, Nariño, Vichada and Guaviare, which historically have faced limited provision of learning opportunities, have relatively higher participation rate in training programmes in cyber security related fields. In some of municipalities of these subregions, SENA is the only training provider available. The poorest subregion such as Putumayo and Choco have none or low participation rate in non-formal training in the field of informatics.
Labour market outcomes of cyber security education and training programmes
Employment rate
Individuals with a cyber security degree are more likely to be employed than those with degrees from other fields. In Colombia, 96% of individuals with an information system and services qualification, which includes those specialised in cyber security, are employed. This proportion surpasses that from professionals in other ICT fields (80%) (see Figure 3.9, Panel A). This illustrates the favourable labour market conditions for information system and services professionals in the country. The significant increase of cyberattacks in the last decade has led to considerable surge in demand for cyber security professionals (see Chapter 2). Furthermore, the high employability rate reflects the existing gap in the cyber security workforce. Across Latin America, approximately 500 000 cyber security professionals are needed in the labour market (ISC2, 2022[43]), making it highly probable to find employment opportunities in the field. Most of the information system and services professionals (79%) are employed by companies, organisation, or public institution (see Figure 3.9, Panel B). In contrast, only 19% of professionals in this field work as independent contractors or are self-employed, a share that is significantly lower than workers with degrees in other fields (42%).
Likewise, individuals who report having participated in non-formal training programmes in engineering and informatics, including cyber security topics, have relatively high employment rates: around 80% of these individuals are employed, which is higher than the national employment rate of 75% (see Figure 3.10). This strong association is also possibly because training participation is typically higher among employed individuals, and in some cases non-formal training is required to start a new position or role. However, practical, hands-on knowledge and expertise in specific, relevant areas are highly valued by employers, particularly in the cyber security field. Obtaining highly sought-after certificates such as EC-Council Ethical Hacker Certificate (CEH), CompTIA+ Security, and Certified Information Systems Security Professional (CISSP), which are highly required by employers in Colombia (See Chapter 2), can significantly enhance employment opportunities according to United States’ evidence (Albert, 2017[44]), and help individuals stay ahead in this competitive industry (Castaño-Muñoz and Rodrigues, 2021[45]).
Employment indicators for women are generally less strong than for men in the cyber security sector (see Box 3.6) Men who hold a cyber security qualification have a higher likelihood of being employed than their female peers. While employment rates for men with cyber security qualifications are higher than for other qualifications, this is not the case for women. However, women with cyber security qualifications do tend to achieve better employment outcomes compared to other ICT sectors. The Colombian Government has implemented policies aimed at diversifying the cyber security workforce and encouraging more young girls be interested in cyber security roles and education (e.g. Hacker Girls), and enrol in STEM courses in general (e.g. Por TIC Mujer) (see Box 3.14). Today, 96% of cyber security professionals are employed, and only 40% of these employed professionals are women, reflecting the still limited participation of women in cyber security education and training programmes.
Box 3.6. Female labour market outcomes in cyber security sector
Despite the government’s efforts to diversify the cyber security workforce (as discussed later in this chapter), women in Colombia continue to be underrepresented in this sector. However, the proportion of women working in cyber security is higher than other ICT sectors. Currently, 40% of employed cyber security professionals in the country are women, 14 percentage points higher than in other ICT fields (34%), but significantly lower than in non-ICT fields of study (58%) (See Figure 3.11, Panel A). Women with a cyber security degree, such as system engineering with an emphasis in cyber security, have a lower probability of employment than their male peers, with an employment rate of 85% compared to 97% for men (see Figure 3.11, Panel B). However, the gender difference in the employment rate for cyber security professionals (12 percentage points) is smaller than in other ICT fields (18 percentage points) and in line with the gap observed outside of the ICT field (13 percentage points).
Formality of employment
In Colombia, the ICT sector as a whole demonstrates a high level of human talent absorption, with the majority of workers being employed formally. According to DANE, the proportion of informal workers in the information system and services sector has dropped to 12% in 2022, which is lower than percentage of professional informal workers from other ICT sectors (16%) (Figure 3.12). This trend indicates that the ICT industry, particularly the information system and service field, offers more formal employment opportunities compared to other sectors (see Chapter 2). Some of the factors driving this high level of formality include the increasing digitisation of businesses and public services, rising cyber threats, and growing awareness of the importance of protecting digital assets (OIT, 2022[46])
Wages
Professionals employed in the information system and services sector in Colombia tend to earn higher salaries compared to workers in the ICT sector as a whole. Figure 3.13 shows that 62% of professionals in information system and services earn more than two times the minimum wage, which is nearly three times higher (24%) than professionals in other ICT sectors and four times higher than (15%) those working in non-ICT sectors. On average a professional in information system and services earned around COP 4 500 000 monthly (approximately EUR 900),5 which is almost five times the minimum wage in 2022. These relatively high salaries in the cyber security sector indicate a strong demand for skilled professionals in the labour market. Organisations are willing to invest in attracting and retaining top cyber security talent to address cyber security skill gap in the country.
A framework for dynamic skills development in cyber security
This section first focuses on the overarching policy framework in Colombia, highlighting elements that have sought to enhance cyber security skills in the country. The second part of this section describes how the provision of education and training, in particular within the higher education sector, has responded to the pressure to diversify learning opportunities in this field.
Developing a cyber security policy framework to address skills shortages
While Colombia has a comparatively strong cyber security strategy and policy compared to other Latin American countries, its education and training components are less developed. Within the region, Colombia lags behind countries like Mexico or Brazil in terms of cyber security education, training and skills (Figure 3.14). According to the National Cyber Security Index (NCSI),6 which measures progress in cyber security policies, including cyber security skills development, Colombia scores 53 points in this skills pillar, well below the OECD average of 87 points (EGA, 2023[48]). The Organization of American States argued that there is a strong need to develop a capacity-building framework and consolidate lines of action that can enhance cyber security education and training (OAS, 2020[49]). In 2020, the first set of clear policy actions was established by MinTIC to provide learning opportunities and increase enrolment in cyber security education (DNP, 2020[50]). Addressing cyber security skill shortages in Colombia requires a multifaceted policy response (OAS, 2023[51]). In particular, it is necessary to raise awareness among stakeholders about the importance of a qualified cyber security workforce and the need to co‑ordinate efforts to respond to cyber risk. It is also essential to facilitate the creation of market-led solutions that diversify access to cyber security training and are aligned with labour market needs.
Colombia has enhanced its cyber security policy by adhering to the OECD Policy framework on digital security (OECD, 2022[53]) and the Organization of American States (OAS) guidelines in cyber security policy (OAS, 2023[54]). These two frameworks promote policies that encourage the development of cyber security capabilities. The OECD framework provides guidance for the design of digital security policies, offers recommendations to structure its governance, and establishes strategies to raise awareness about cyber security threats (OECD, 2022[53]). The OAS’s approach focuses on delivering policy actions, training, and professional support to member states (OAS, 2022[55]). As part of the Cyber Security Education Action Plan (CEAP), OAS provides guidelines for integrating cyber security into national education plans, as well as a toolkit of best practices to generate interest among learners and encourage employers to provide learning opportunities (OAS, 2020[49]).
Various policy documents have set out strategies regarding the development of cyber security skills in Colombia. The first cyber security and defence strategy, established in 2011, focused on strengthening the country’s digital infrastructure against cyber attacks (DNP, 2011[56]). The government provided guidelines to enhance the digital skills of the workforce, including cyber security in 2019 (DNP, 2019[57]). In response, SENA, the Ministry of Education and the Ministry of Labour and Social Protection started to promote cyber security education programmes at all educational levels in 2020. In addition, the MinTIC introduced financial incentives designed to boost participation among various target groups. The incentives were developed following guidelines of the National Council for Economic and Social Policy (Consejo Nacional de Política Económica Social, CONPES). Box 3.7 provides further details of these policy documents.
Box 3.7. Developing a policy framework to enhance cyber security skill policies and strategies in Colombia
Colombia has published several documents to develop national cyber security strategies, including measures regarding the cyber security workforce (see Figure 3.15). Two key documents (CONPES 3701 in 2011 and CONPES 3854 in 2016) were designed to improve the government’s capabilities to manage cyber security risk and develop infrastructure for cyber defence (DNP, 2011[56]; 2016[58]). Cyber security skills, however, received limited attention and educational strategies were mainly focused on training in basic preventive measures in cyber security targeting all individuals.
Two additional documents have since sought to address cyber security skill gaps. First, CONPES 3975 was released in 2019. It focused on reducing barriers to digital technology integration, promoting innovation, and strengthening digital skills in the workforce (DNP, 2019[57]). SENA and MEN were designated as the leaders for cyber security education and training programmes. SENA integrates the work of sectorial working groups to design vocational programmes aligned with employers’ cyber security skill needs.
Second, in 2020, the DNP and MinTIC prepared CONPES 3995, which emphasised the need to expand learning opportunities in cyber security. It provided guidelines for initiatives to diversify the cyber security workforce, such as increasing participation among women and individuals from vulnerable backgrounds. MEN and MinTIC started to oversee the promotion of cyber security education in higher education institutions, including SENA, with support from international curriculum development experts in this field (DNP, 2020[50]). MinTIC also took responsibility for financial incentives to increase enrolment in cyber security education (DNP, 2020[50]).
Source: Diaz Acevedo and Cremades Guisado (2023[60]), La evolución de la estrategia de ciberseguridad de Colombia 2011‑21, Universidad de Nebrija.
In response to the strategy outlined in CONPES 3995 (see Box 3.7), MinTIC has implemented initiatives to raise awareness of cyber security and provide training. The “Digital Skills in Cyber Security” initiative focuses on teaching organisations how to develop prevention and defence strategies and manage risk (MinTIC, 2021[61]). During its first phase in 2021, about 2 000 directors and ICT managers were trained in partnership with Universidad del Norte (see Box 3.8). The same policy document provides guidelines to develop a programme in strengthening enterprises’ digital skills more broadly. For instance, the “Digital Talent” project (Talento Digital) provides short-term training in cyber security fundamentals such as protecting sensitive information, managing financial data, and handling personal data (MinTIC, 2022[62]). The objective of this training is to equip employees with the skills needed to ensure operational security (see Box 3.8).
Box 3.8. Translating cyber security policy frameworks into policy actions
Raising awareness of cyber security issues
The MinTIC, through the “Digital skills in cyber security” programme, funds training for employees in enterprises, covering 100% of training expenses (MinTIC, 2021[61]). The programme includes two diploma certificate courses, one for directors and high-level managers, and another for IT managers or IT team leaders. Both cover topics such as risk management, information security, cyberattack prevention and incident response. The programme aims to promote a culture of cyber security and improve the ability of companies to protect themselves against digital risk and threats.
Training employees with relevant digital skills
One of the strands of the Digital Talent programme offered by MinTIC aims to provide training on ICT topics with especial focus on cyber security issues. The programme is oriented mainly to employees of preselected companies. The programme provides full funding, covering technical training, certification exams, and other related expenses. The goal of the programme is to promote the development of digital and cyber security skills within the workforce and to equip them with the skills needed to ensure operational security. This programme helps increase access to education and training for individuals who may not have the financial means to do so otherwise.
Creating a cyber security national learning centre
The government has established a technological development centre (BIOS), focused on applied research, offering services in the areas of biotechnology and data science. Starting from 2023, the MinTIC has allocated COP 7 billion (EUR 1.5 million) to transform BIOS into a specialised national learning centre in cyber security, in line with the recommendations of the Organization of American States. This centre will provide education and training programmes mainly in cyber security covering different level of difficulties, areas of knowledge and taking many forms (e.g. diploma certificates and industry certifications, as well as advanced education programmes such as master degrees). The MinTIC also plans to lead the creation of a transnational centre for the prevention of cybercrime in Latin America.
Source: MinTIC (2021[61]) Equipos de trabajo de 110 empresas recibirán capacitación gratuita en ciberseguridad con el Ministerio TIC, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/176180: Equipos-de-trabajo-de-110-empresas-recibiran-capacitacion-gratuita-en-ciberseguridad-con-el-Ministerio-TIC-Karen-Abudinen; MinTIC (2022[62]) Proyecto Fortalecimiento de las Competencias Digitales, https://mintic.gov.co/micrositios/convocatoria-habilidades-digitales/775/articles-172269_terminos_Ciberseguridad_2022.pdf Con inversión de $7.000 millones, MinTIC convertirá a Bios en centro formador en ciberseguridad
Diversifying the cyber security offer in higher education
Higher education institutions (HEIs) are increasingly aware of the need to provide programmes and courses that meet the diverse needs of learners and the rapidly evolving skill requirements in the labour market. Colombian HEIs mainly offer formal education programmes as a gateway into cyber security jobs, however, they have been diversifying their offer. The diversification process has involved the development of non-formal programmes such as diploma certificates and other types of short training courses, as well as measures to increase flexibility (e.g. online and hybrid learning options, self-paced modules, and customisable curricula). Non-formal programmes have proven to be more dynamic and adaptable to continuously changing sectors like cyber security, making them well suited to diverse learner profiles.
Short non-formal training courses offered by universities are often recognised and developed in partnership with employers. They allow employers to retrain their employees or fill vacancies. While several current courses in the field of ICT lack an explicit focus on cyber security, they target a broader set of skills within the ICT sector, which may act as foundations for further, more specialised learning. For example, the continuing education department at the University of the Andes has partnered with several companies to develop a range of ICT courses (See Box 3.9). These courses are sometimes included in the regular course offerings, such as micro-credentials that can be recognised and credited towards formal programmes within the same university. Similarly, the engineering department of EAFIT University has recently launched NODO, a flexible learning centre that offers short training courses in ICT (See Box 3.9).
Box 3.9. Designing short training programmes in cyber security with employers
Microcredentials and customised training from Los Andes University
The Continuing Education Department at the University of the Andes provides short programmes or micro-credentials, which are certifiable and verifiable online and cater to the needs of several industries including the ICT sector. These courses cover topics such as software development, coding, and software engineering. Microcredential courses are delivered virtually and are structured by modules, including theoretical learning, as well as workshops and practical problems. The University of the Andes plans to expand its micro-credential offer to include cyber security from 2023 onwards.
Short training courses built with employers by EAFIT University
EAFIT University’s Faculty of Engineering has set up NODO, a centre that offers short, flexible training programmes to help young adults learn specific skills required by employers. NODO’s distinct learning paths enable students to take on real challenges designed by employers, and acquire an agile skillset that is flexible and adaptable to employer needs. NODO offers a collaborative learning environment where learners can connect technical skills with job related tasks. The first phase of NODO training includes short courses designed and delivered together with employers like Bancolombia, Protección, and SoftwareONE Intergrupo. Currently, NODO offers two learning paths in Web Development and Database Management and plans to develop a new offer in cyber security.
Source: EAFIT university (2023[63]), Nodo: Un ecosistema tecnológico para aprender a desaprender (Nodo: A technological ecosystem to learn to unlearn), https://nodoeafit.com/; Universidad de los Andes (2023[64]), Oferta académica de educación continua (Academic offer of continuing education), https://educacioncontinua.uniandes.edu.co/es/programmeas/macro-y-microcredenciales
Industry-led certifications, such as Certified Information Systems Security Professional (CISSP) and Certified Ethical Hacker (CEH), play a key role in signalling skills and underpinning career progression within the field of cyber security (See Chapter 2). Universities therefore sometimes link their non-formal training programmes to industry certifications, so that coursework includes preparation for the relevant exams. For example, the Universidad Distrital de Colombia offers short training courses and preparation for cyber security certifications. Similarly, the Universidad Nacional de Colombia has partnered with Cisco Networking Academy to offer training courses in networking and cyber security (see Box 3.10.)
Box 3.10. Providing short training programmes and granting cyber security certifications
Universidad Distrital de Colombia in partnership with (ISC)2 and EC-council
EUD Academy is a platform developed by Colombia District University that hosts short training courses (about 40 hours of training) preparing for certifications in cyber security. The university has several partnerships with international independent providers such as EC-Council and (ISC)2 to offer company certification training and the assessments to certify individuals’ knowledge and competences. EUD offers around 150 certifications with 25 partners including the Certified Information System Security Professional training (CISSP) from (ISC)2, Cyber security ISO/IEC 27032 from ERCA, and CEH from EC-Council. Most companies’ certificates require at least five years of experience/ (see Chapter 2). For instance, CISSP prepares students with advanced skills in security and risk management, asset security, security architecture and security operation.
Universidad Nacional and CISCO Networking Academy
The Universidad Nacional has a partnership with CISCO Networking Academy (Netacad) to provide comprehensive learning experience in ICT areas including cyber security. The university is one of the 11 000 institutions around the world where learners can attend in person to participate in the trainings offered by Netacad. Students can pursue training to obtain certifications, such as the Cisco Certified Network Associate (CCNA) and Cisco Certified Network Professional (CCNP). Additional training programmes are available online and in-person, ranging from more basic training such as ‘cyber security essentials’ and ‘introduction to cyber security’ to more complex and demanding courses such as ‘cloud security’ and ‘CyberOps Associate’. The Universidad de Nacional offers courses through the faculty of engineering in Bogotá and Medellin. Both branches offer courses in CCNA routing, Switching and CCNA cyber security operations. Over 250 000 students have been trained by the CISCO Academy Netacad, in Colombia. The Netacad programmes has been implemented in various institutions, including universities, technical schools, and vocational training centres, across the country.
Source: Universidad Distrital de Colombia (2023[65]), Curso Certified Information Systems Security Professional (CISSP), https://www.egresadosudistrital.edu.co/index.php/capacitaciones/seguridad-informatica/curso-certified-information-systems-security-professional-cissp
Tackling teacher shortages
To ensure high-quality cyber security education, the availability of proficient teaching staff is essential. However, Colombia faces a shortage in this field and in the wider ICT sector. This is a major constraint on the provision of education and training programmes. According to DANE, in 2022, over 150 000 teachers and instructors served in higher education institutions, but less than 3% held a degree in an ICT-related field. Only about 200 teachers and instructors have a degree in “information systems and services”, which encompasses cyber security.
Across all fields, Colombia has the highest ratio of overall number of students relative to the teaching staff in higher education compared to OECD countries (see Figure 3.16). This high ratio can potentially hinder the quality of education and training (Buckner and Zhang, 2020[66]), damage student engagement and completion (Snijders et al., 2020[67]). Additionally, the number of faculty staff has decreased in recent years, while enrolment in higher education has expanded considerably. Between 2019 and 2021 the number of teaching staff in higher education institutions went from 163 000 to 154 000 (LEE, 2021[68]). Moreover, there are substantial regional differences in the ratio of students per teaching staff which hinder the quality of higher education in some departments. According to the National System of Higher Education Information (Sistema Nacional de Información de la Educación Superior, SNIES), Arauca and Putumayo, two departments situated in remote areas with limited connectivity and high poverty levels, face the highest student-to-teacher ratios in the country. This exacerbates educational inequalities, disproportionately affecting disadvantaged youth and adults.
Higher education institutions offering cyber security programmes operate in an intensely competitive landscape, vying to retain and attract teachers with up-to-date technical knowledge and skills. They compete not just amongst themselves for the limited full-time academic staff, but also with companies grappling with a shortage of qualified cyber security professionals. Various elements, including remuneration, promotion practices, and leadership style, are pivotal in retaining and attracting professionals to academia, irrespective of the field (Clark, Cluver and Selingo, 2023[70]). However, in most scenarios, higher education institutions lack sufficient leverage to effectively compete with private sector companies.
Attracting and retaining instructors and professors in ICT fields is crucial for expanding the provision of cyber security programmes and reducing the skills gap in the sector. With particular emphasis on technical and technological programmes, as well as short training courses, both the government and educational institutions have sought to strengthen relationships with companies to provide training to ICT teachers. This includes updating their technical skills and improving teaching strategies. Encouraging collaborative strategies between the business sector and higher education institutions (HEIs) is vital to maintaining a pool of qualified educators in cyber security. Some HEIs have fostered partnership that involve instructor training and professional development. For instance, SENA, via the National School of Instructors (Escuela Nacional de Instructores, ENI), has established cyber security training programmes for instructors in collaboration with companies (see Box 3.11). Some partnerships focus on teaching specific software packages used in cyber security, alongside broad knowledge in the field, such as ethical hacking.
HEIs also adopt more flexible hiring approaches for professors and instructors, allowing professionals from the industry to dedicate some time to teaching while continuing their employment in companies. In institutions like Pontificia Universidad Javeriana or Universidad EAFIT, this employment arrangement is known as a “lecturer” position (Profesor de cátedra), which involves specific subjects and weekly teaching hours. Lecturers receive support from teaching assistants to alleviate academic responsibilities such as grading exams and conducting workshops. Universities leverage their relationships with companies, particularly those managed by their alumni, to invite experts in specific areas to teach courses or modules under this hiring model. According to consulted stakeholders, cyber security professionals who choose to teach as a lecturer are motivated by access to university resources for research (e.g. databases, indexed journals, library facilities, etc.) and the institution’s reputation.
Box 3.11. Training trainers in cyber security and other relevant ICT fields: The National School of Instructors
The National School of Instructors (ENI), which operates under the auspices of SENA, is tasked with the training, development, and certification of instructors across an array of vocational and technical fields. Its primary aim is to assure the quality and efficacy of vocational education by equipping instructors with the necessary pedagogical and technical skills. The ENI holds a pivotal role in promoting continuous professional development amongst instructors, fostering innovative teaching techniques, and upholding high education standards within the Colombian vocational training system.
The ENI delivers targeted training for the teaching of ICT, including cyber security programmes. This process includes selecting qualified individuals and developing their pedagogical abilities. Technical training in cyber security is provided to ensure up-to-date knowledge. For instance, certification programmes such as the “Instructor Qualification Route” have already certified around 1 500 instructors in ISO 29001. Collaborations with CISCO and IBM have facilitated a “Cyber security Academy” for instructor certification in networking and computer security. Furthermore, as part of the National Training Plan, instructors have participated in a programme to develop their capacity to deliver courses on digital citizenship. Through these comprehensive approaches, the ENI ensures that its instructors are well-prepared to effectively teach ICT courses, including high quality cyber security education.
Source: SENA (2023[71]), Escuela Nacional de Instructores “Rodolfo Martínez Tono” (National School of Instructors), https://www.sena.edu.co/es-co/comunidades/instructores/Paginas/default.aspx
Improving teachers’ English proficiency is also key to ensuring that they can access up-to-date training opportunities. As most significant advancements in this field occur abroad, the latest training is typically available in English. This is a challenge as both learners and teachers often have weak English skills. To address this, the MEN provides English language training as part of the National Bilingualism Programme (MEN, 2022[72]), benefiting schools, higher education institutions, and training providers. Additionally, to enhance English language skills amongst teachers and trainers, training institutions form strategic partnerships. For instance, SENA collaborates with the Heart for Change Foundation, providing English courses facilitated by native‑speaking volunteers skilled in teaching English as a foreign language (SENA, 2018[73]). This approach equips instructors with the language skills needed for their professional development.
Access and inclusion in cyber security education and training
This section focuses on the priority of enabling more learners to access learning opportunities related to cyber security, including the need to increase access among currently underrepresented groups. First, it looks at the importance of developing basic digital skills in the wider population, as a means of raising awareness of cyber security and promoting interest among potential learners to pursue training in this field. Second, it focuses on measures designed to diversify the cyber security workforce by removing barriers that might prevent interested individuals from pursuing learning opportunities.
Tackling digital literacy and raising the interest of potential learners
Participation in cyber security education and training requires individuals to possess solid basic digital skills. Cyber security is a complex field that demands a thorough understanding of various technological tools and systems to facilitate an individual’s progress through more advanced training. Furthermore, robust digital proficiency coupled with solid cognitive and problem-solving skills, as well as other competencies necessary for online tasks, are crucial for effectively utilising digital technologies and thriving as a cyber security professional (OECD, 2020[74])
Digital illiteracy is common in Colombia, especially among those from disadvantaged backgrounds. A quarter of computer users are unable to send emails with attachments, and a third are unable to connect other devices (OECD, 2019[75]). Colombia has the lowest percentage of households using the internet (70%) among OECD countries and low network coverage disproportionately affects low-educated individuals and poor households (Figure 3.17, Panel A). The share of low-income households with internet access is below that of countries with similar income levels, like Costa Rica, Chile, or the Slovak Republic (Figure 3.17, Panel B). Such unequal access to technology and their ineffective use undermines efforts to develop digital skills among the population, reinforcing and amplifying existing inequalities and impeding the diversification of the cyber security workforce (OECD, 2020[74]; Van Deursen et al., 2017[76]). According to the World Economic Forum Global Competitiveness Index, the Colombian workforce has one of the lowest levels of digital skills among OECD countries (see Figure 3.17, Panel C).
In response to these challenges, the Colombian Government has expanded the provision of training programmes covering key fundamental ICT subjects. The MinTIC’s website offers free courses and provides certified training on basic digital skills in partnerships with Platzi, CISCO, Microsoft and Google Activate (MinTIC, 2023[79]). These programmes aim to equip learners with basic concepts for digital navigation and facilitate progression to advanced training. Topics covered include, for example, introduction to the “digital learning”, “basic informatics in the cloud” and “digital rights and responsibilities”. MinTIC also offers a training course on tools and strategies to study online, to support successful completion in online courses.
MinTIC’s offer also includes more specialised ICT topics. The ‘Talento Digital’ website includes basic training for individuals interested in exploring more specialised ICT areas, such as “Introduction to artificial Intelligence”, “Introduction to cyber security” and “Fundamentals of cyber security” (see Table 3.8). These courses focus on broader concepts, without complex technical content, and provide a foundation for more advanced programmes. All training programmes offered on MinTic’s website are available in Spanish.
Table 3.8. A sample of training programmes in essential topics provided by MinTIC with partners
Name of the training programme |
Description |
Partner |
---|---|---|
Basic aspects of Cloud Computing for Developers. |
This course covers the basics of cloud computing, including its history, fundamental pillars, and types, as a foundation for real-world practice in Azure. It explores main cloud providers and types of clouds, as well as resources available and economic advantages. It is an essential starting point for developing cloud computing skills, particularly in cyber security. |
Microsoft |
Introduction to cyber security |
This course covers the latest cyber security trends and threats, as well as strategies for staying safe online and protecting personal and business data. It emphasises the importance of cyber security for IT professionals in today’s job market. Ideal for those looking to develop their cyber security skills and stay ahead of digital threats. |
CISCO Networking Academy |
Introduction to the Internet of Things (IoT) |
This comprehensive course introduces the transformative impact of the Internet of Things (IoT), including its implications for emerging technologies such as data analytics, artificial intelligence, and cyber security. Participants will learn about the critical role of intent-based networking and software‑driven approaches to connecting and securing the billions of new devices emerging every day. Ideal for IT professionals, this course is an essential starting point for exploring the world of IoT and its vast potential. |
CISCO Networking Academy |
Fundamentals of cyber security |
This comprehensive course covers all essential domains of cyber security, including information, system, and network security, ethics and laws, and defense and mitigation techniques. Participants will gain a deeper understanding of cybercrime, security principles, and the latest technologies used to safeguard critical assets. Ideal for IT professionals, this course is an excellent starting point for developing essential skills and knowledge in this rapidly evolving field. |
CISCO Networking Academy |
Source: MinTIC (2023[79]), Talento Digita – Cursos en línea, https://talentodigital.mintic.gov.co/734/w3-propertyvalue-217941.html (accessed in April 2023).
Several initiatives aim to simulate learners’ interest in ICT professions, such as cyber security. The MinTIC has implemented, for instance, initiatives in partnership with the British Council, to develop digital skills among children through fun activities (British Council, 2022[80]) – such as for example the “Code for Kids” project that aims to enhance the programming skills of disadvantaged children from an early age by strengthening the ICT competencies of primary school teachers in public schools and using easy-to-manage devices (MinTIC, 2020[81]). Some initiatives include digital literacy alongside other generic skills, such as soft skills. For example, the Sacúdete initiative (ICBF, 2023[82]) includes training in digital skills and ICT knowledge, as well as mentorship for soft skills development (see Box 3.12). Participants also have access to innovation labs, disruptive technology training, and digital bootcamps. The programme encourages interaction with inspiring young leaders in technology and other sectors.
Box 3.12. Inspiring the most disadvantaged young people in Colombia to engage with 21st-century skills: SACÚDETE programme
Sacúdete is an initiative of the Colombian Institute of Family Welfare (ICBF) to foster 21st-century skills among adolescents and young adults, focusing on both digital skills and transversal abilities (ICBF, 2023[82]). The programme includes three phases: Inspiring, Strengthening, and Transforming. “Inspiring” engages participants in workshops designed to develop digital competencies. “Strengthening” focuses on technical skills with regular ICT classes. “Transforming” involves guidance on further education, employment, or entrepreneurship, helping participants develop and implement their new career plans. Apart from digital and ICT-focused training, Sacúdete includes sessions to enhance critical thinking, assertive communication, leadership, creativity, and empathy.
The programme primarily serves socially, and territorially vulnerable adolescents and young adults aged 14 to 28, providing a differential approach for individuals in rural areas, varying gender and sexual orientations, ethnic backgrounds, and disabilities. Between 2018 and 2022, Sacúdete served about 460 000 young people across nearly 870 municipalities (Consejeria presidencial para la juventud, 2022[83]).
Source: ICBF (2023[82]) Conócenos Sacúdete, https://sacudete.icbf.gov.co/conocenos, (accessed in April, 2023).
Diversifying cyber security workforce by overcoming barriers to access training
Promoting participation in cyber security training also requires removing barriers to access faced by some potential learners – aside from those related to a lack of basic digital skills. High training costs and a lack of financial aid, as well as the predominance of English in online courses (spoken by only 2.5% of Colombians) are major barriers. In response to these challenges, the Colombian Government, trade associations, and the private sector have launched several initiatives to broaden access to cyber security education and training programmes. Efforts concentrate on boosting digital literacy (see above), stirring interest in cyber security education, and offering financial incentives and subsidies, especially to disadvantaged individuals.
The Colombian Government has implemented various initiatives to increase participation in ICT training, including cyber security. The ‘Talento Digital’ programme provides free certified short courses in fundamental cyber security skills (see above) (MinTIC, 2023[79]). The government also provides scholarships and grants for specialised ICT programmes. For example, the ‘One Ticket for the Future’ programme (Un tiquete para el futuro) provides 90% financing for ICT diplomas, with the remaining 10% covered upon completion (MinTIC and ICETEX, 2022[84]). With this support, individuals can select from 450 ICT programmes across 35 Colombian universities, including 70 programmes focused on cyber security topics such as cryptocurrencies, blockchain, ethical hacking, and cyber security architecture (MinTIC, 2022[27]). All individuals who have already been admitted to any of the programmes included in the ministry’s list can potentially benefit from this financing programme. However, up to 50% of the resources will be allocated as a priority to women, students who have been involved in training initiatives provided by the MinTIC, as well as veterans.
Universities and private training providers have also taken steps to improve access to ICT education and training. These initiatives include free courses, mentoring, tutoring and other types of individual support to address students’ learning needs. For example, students in the Universidad EAFIT’s flexible learning centre (NODO, see Box 3.9) not only receive free training and participate in practical challenges, but also benefit from support by professors and high-achieving students (Box 3.13). Other initiatives adopt a holistic approach, seeking to develop soft skills alongside technical expertise, especially for disadvantaged youth (Venator and Reeves, 2015[85]). For example, Generation Colombia delivers training in software development, among other topics, and provides courses to develop students’ soft skills. The aim is to equip students with the skillset needed to effectively navigate and succeed in the job market (Generation, 2023[86]). Similarly, the District Agency for Higher Education, Science, and Technology (Agencia distrital para la educación superior, la ciencia y la tecnologia, ATENEA) has implemented “Todos a la U”, a programme that provide financial support to most disadvantaged young people to engage with short training programmes in ICT offered by public and private universities, complemented with socioemotional skills workshops and courses for learning English (see Box 3.13)
Box 3.13. Providing free learning opportunities to diverse newcomers in the ICT field
NODO, a learning centre designed to broaden access
The Faculty of Engineering at Universidad EAFIT developed NODO, a flexible learning centre that prepares for a career in ICT (see also Box 3.9). The core courses are offered free of charge to the students. Students have the opportunity to explore various learning pathways, composed of modules. These modules encompass a range of topics, from the fundamental aspects of a particular pathway to more specialised and advanced subjects. Depending on their existing knowledge and skills, students have the option to attend levelling classes to ensure a smooth learning progression. Real-life application is at the heart of the learning pathways.
In the first quarter of 2023, Nodo’s courses enrolled 93 students, all of whom received funding from seven different organisations. A third of participants were females and 83% came from low-socio‑economic households. Most participants were young adults, with 62% aged under 25. It is an objective that by 2026, Nodo will have trained 15 000 students, increased female participant numbers to 45%, and expanded its reach to include learners from rural areas (30%).
“Todos a la U”, a programme to overcome multiple barriers
“Todos a la U” is an initiative led by ATENEA, the District Agency for Higher Education, Science, and Technology of Bogota’s Mayor’s Office, which aims to promote learning pathways in priority sectors in Bogota, including ICT. The programme has three components: learning English, strengthening socioemotional skills, and developing technical skills. Financial support is provided for each component. For the technical skills component, beneficiaries can participate in short training programmes or obtain diploma certificates in areas like video game development, mobile application development, digital design and animation, and user interface and experience design. Training courses in cyber security are planned to be included in the future portfolio.
In its third version launched in 2023, the programme offered 2 400 places for young people in Bogota interested in joining the ICT sector. The programme aims to primarily benefit individuals that belong to disadvantaged groups, including women, individuals from lower socio-economic levels, persons with disabilities, transgender individuals, victims of armed conflict, or individuals in the process of reintegration or reincorporation.
Source: EAFIT (2023[87]), Mientras que algunos resuelven el qué, nosotros creamos el cómo, https://www.eafit.edu.co/nodo, (Accessed, April 2023). ATENEA (2023[88]), Tercera convocatoria Todos a la U, https://agenciaatenea.gov.co/convocatorias/tercera-convocatoria-todos-la-u (Accessed, June, 2023)
Providing training in local languages or offering translation services to ensure that individuals with limited English proficiency can access training can also help broaden access to cyber security training. Weak English skills are a common barrier to participation: only 20% of online short courses in cyber security are available in Spanish (Guo, 2018[89]), while Colombia has one of the lowest levels of English proficiency among LATAM countries (EF, 2022[90]). Addressing this challenge, MinTIC has made sure that all training delivered by public providers is available in Spanish. In addition, the Ministry of Education offers resources for autonomous or guided English language learning through the National Bilingualism Programme, available for different proficiency levels (MEN, 2022[91]).
Barriers are also often linked to a limited understanding and misconceptions of cyber security roles. In that sense, gender stereotypes can hinder participation in cyber security education and training. Girls tend to be less confident in their maths, science and IT competences. This is often fuelled by societal and parental biases, and parents’ expectations about the future of their children – independently of performance in mathematics at the age of 15, as measured by the OECD’s PISA test (OECD, 2020[38]). This often leads to girls’ self-censorship and lower engagement in science and ICTs fields (OECD, 2018[92]). Despite the significant reduction in the performance gap between boys and girls in mathematics and sciences in Colombia (Arias Ortiz and Bornacelly, 2017[93]) and the increasing number of women having complex digital skills (ECLAC, 2022[94]), the proportion of female professionals in ICT is only 23% (ECLAC, 2023[95]). Several initiatives have been implemented to encourage women to engage in education and training in ICT. Examples include the “Hacker girls” programme implemented by MinTIC in Colombia, and regional initiatives, such as LATAM Women in Cyber security (WOMCY) (see Box 3.14 for further details).
Box 3.14. Bringing women into the ICT field and cyber security sector
Hacker girls
The Colombian Government launched in 2015 the programme ‘hacker girls’, aimed at promoting women’s participation in technology and cyber security. The programme provides opportunities for women of all ages to develop knowledge and skills in these fields and to encourage more women to pursue careers in technology and cyber security. Participants receive training through bootcamps, short courses, and engage in challenges using games and simulators. The programme also includes workshops, events and mentorship, connecting women with professionals in the field. The government collaborates with private companies and educational institutions to provide resources and support for the programme.
WOMCY, LATAM Women in Cyber security
WOMCY is a community-driven initiative to promote the participation of women in the cyber security industry throughout Latin America. The organisation provides a platform for support, professional development, and mentorship opportunities. WOMCY offers events, conferences, mentorship programmes, training, and educational resources, and advocates for gender equality in cyber security. This initiative also raises awareness about cyber security issues, including gender-related threats, and exposes participants to activities such as gamification and hackathons to enhance their interest in cyber security careers.
Por TIC Mujer
The “Por TIC Mujer” programme is an initiative in Colombia launched by the MinTIC to enhance women’s access to and usage of ICTs. The programme includes various components. Firstly, it offers digital literacy training, enabling women to effectively utilise ICTs. Secondly, the programme improves women’s access to technology by providing computers, tablets, and internet connectivity. Finally, it actively supports women in using ICTs for entrepreneurship, offering support through business training and facilitating access to financing opportunities. The ‘Por TIC Mujer’ programme also advocates for gender equality within the ICT sector. By empowering women with the skills, resources, and support they need, the programme aims to create a more inclusive and equitable society, enabling women to thrive in the digital age.
Geek Girls LATAM
Geek girls LATAM focuses on promoting and supporting women in the fields of technology, science, engineering, and mathematics (STEM) across Latin America. The initiative aims to bridge the gender gap in the tech industry by providing a platform for women to connect, learn, and share their experiences in these fields. Geek Girls LATAM leads multiple initiatives, one example is APROPIA, a route of social knowledge appropriation and digital competency strengthening for girls and women in LATAM. This initiative is aimed at women in vulnerable conditions, primarily girls disengaged from armed conflict or unemployed youth interested in enhancing their digital skills.
Source: (MinTIC, 2022[96]), En Colombia más de 20 mil mujeres se formaron con Por TIC Mujer en 2022, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/273364: En-Colombia-mas-de-20-mil-mujeres-se-formaron-con-Por-TIC-Mujer-en-2022; (GGL, n.d.[97]), Geek Girls LATAM https://geekgirlslatam.org/; (Gobierno Digital, 2022[98]), Hacker Girls, https://gobiernodigital.mintic.gov.co/seguridadyprivacidad/portal/Iniciativas/Hacker-Girls/.
References
[44] Albert, K. (2017), “The certification earnings premium: An examination of young workers”, Social Science Research, Vol. 63, pp. 138-149, https://doi.org/10.1016/j.ssresearch.2016.09.022.
[9] Alcaldía Mayor de Bogotá (2021), Fortalecimiento de las competencias de los jóvenes de media del distrito para afrontar los retos del siglo XXI, https://www.educacionbogota.edu.co/portal_institucional/sites/default/files/2022-02/FICHA%20EBI-D%20PROYECTO%207689.pdf.
[28] Ambito Jurídico (2022), Los diplomados son cursos de educación informal inferiores a 160 horas que dan lugar a una constancia de asistencia, https://www.ambitojuridico.com/noticias/general/los-diplomados-son-cursos-de-educacion-informal-inferiores-160-horas-que-dan-lugar.
[93] Arias Ortiz, E. and I. Bornacelly (2017), Nota CIMA #5: ¿Les va mejor a las niñas en educación?, Inter-American Development Bank, https://doi.org/10.18235/0001051.
[39] Arias Ortiz, E., I. Bornacelly and G. Elacqua (2021), Hablemos de política educativa en América Latina y el Caribe #6: Educación superior en América Latina: ¿Cómo las crisis económicas de las últimas décadas han afectado la matrícula?, Inter-American Development Bank, https://doi.org/10.18235/0003050.
[88] ATENEA (2023), Tercera convocatoria Todos a la U, https://agenciaatenea.gov.co/convocatorias/tercera-convocatoria-todos-la-u.
[36] Bonilla-Mejía, L., N. Bottan and A. Ham (2019), “Information policies and higher education choices experimental evidence from Colombia”, Journal of Behavioral and Experimental Economics, Vol. 83, p. 101468, https://doi.org/10.1016/j.socec.2019.101468.
[80] British Council (2022), Programación para niños y niñas, https://www.britishcouncil.co/instituciones/colegios/programacion-para-ninos-y-ninas.
[66] Buckner, E. and Y. Zhang (2020), “The quantity-quality tradeoff: a cross-national, longitudinal analysis of national student-faculty ratios in higher education”, Higher Education, Vol. 82/1, pp. 39-60, https://doi.org/10.1007/s10734-020-00621-3.
[45] Castaño-Muñoz, J. and M. Rodrigues (2021), “Open to MOOCs? Evidence of their impact on labour market outcomes”, Computers & Education, Vol. 173, p. 104289, https://doi.org/10.1016/j.compedu.2021.104289.
[70] Clark, C., M. Cluver and J. Selingo (2023), Talent management becomes a strategy, https://www2.deloitte.com/us/en/insights/industry/public-sector/articles-on-higher-education/talent-management-in-higher-education.html.
[23] Congreso de Colombia (2002), Ley 749 de Julio 19 de 2022De la formación y las instituciones de educación superior técnicas profesionales y tecnológicas, https://www.mineducacion.gov.co/1621/articles-86432_Archivo_pdf.pdf.
[99] Congreso de la República (1994), Ley General de Educación, Ley 115 de Febrero 8 de 1994., https://www.mineducacion.gov.co/1621/articles-85906_archivo_pdf.pdf.
[83] Consejeria presidencial para la juventud (2022), Con entregatón de 55 infraestructuras Sacúdete, Presidente Duque les cumple a los niños, niñas, adolescentes y jóvenes del país, https://colombiajoven.gov.co/prensa/con-entregaton-de-55-infraestructuras-sacudete-presidente-duque-les-cumple-a-los-ni%C3%B1os-ni%C3%B1as-adolescentes-y-jovenes#:~:text=Se%20han%20beneficiado%20372.308%20j%C3%B3venes,en%20el%20periodo%202018%2D2022.
[31] CYBERPRO Center (2023), Javeriana CyberPro Center, https://javerianacyberpro.com/.
[24] DANE (2022), Boletín especial: Características de la formación para el trabjo y la educación informal en Colombia, https://www.dane.gov.co/index.php/estadisticas-por-tema/mercado-laboral/formacion-para-el-trabajo.
[25] DANE (2022), Formación para el Trabajo - Boletin Técnico, https://www.dane.gov.co/files/investigaciones/boletines/ech/formacion/GEIH_FormacionTrabajo_abr_jun22.pdf.
[5] DANE (2021), Clasificación Industrial Internacional Uniforme de todas las actividades económicas, https://www.dane.gov.co/files/sen/nomenclatura/ciiu/CIIU_Rev_4_AC2021.pdf.
[4] DANE (2018), Clasificación Internacional Normalizada de la Educación - Campos de educación y formación adaptada para Colombia CINE-F 2013, https://www.dane.gov.co/files/sen/normatividad/CINE-F-2013-AC.pdf.
[47] DANE (2009), Metodología informalidad de la Gran Encuesta Integrada de Hogares - GEIH, https://www.dane.gov.co/files/investigaciones/boletines/ech/ech_informalidad/metodologia_informalidad.pdf.
[59] Departamento Nacional de Planeación (2020), Documento CONPES - Política Nacional de Confianza y Seguridad Digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf.
[42] Dialogo Inter-Americano, BID, Worldbank (2021), El estado de la conectividad educativa en América Latina: Desafios y oportunidades, https://thedialogue.wpenginepowered.com/wp-content/uploads/2021/11/El-estado-de-la-conectividad-educativa-en-America-Latina-Desafios-y-oportunidades-estrategicas-1.pdf.
[60] Diaz Acevedo, M. and Á. Cremades Guisado (2023), “La evolución de la estrategia de ciberseguridad de Colombia 2011-2021”, Universidad Nebrija, https://www.researchgate.net/publication/367043987_La_evolucion_de_la_estrategia_de_ciberseguridad_de_Colombia_2011-2021.
[50] DNP (2020), Documento CONPES 3995 - Política Nacional de Confianza y Seguridad Digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3995.pdf.
[57] DNP (2019), Documento CONPES 3975 - Política nacional para la transformación digital e inteligencia artificial, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3975.pdf.
[58] DNP (2016), Documento CONPES 3854 - Política Nacional de Seguridad Digital, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3854_Adenda1.pdf.
[56] DNP (2011), Documento CONPES 3701 - Lineamientos de política para ciberseguridad y ciberdefensa, https://colaboracion.dnp.gov.co/CDT/Conpes/Econ%C3%B3micos/3701.pdf.
[87] EAFIT (2023), Nodo, mientras que algunos resuelven el qué, nosotros creamos el cómo, https://www.eafit.edu.co/nodo (accessed on april 2023).
[63] EAFIT university (2023), Nodo: Un ecosistema tecnológico para aprender a desaprender (Nodo: A technological ecosystem to learn to unlearn), https://nodoeafit.com/.
[95] ECLAC (2023), Gender equality and women’s and girls’ autonomy in the digital era: contributions of education and digital transformation in Latin America and the Caribbean, https://repositorio.cepal.org/bitstream/handle/11362/48702/S2300099_en.pdf?sequence=4&isAllowed=y.
[94] ECLAC (2022), Social Panorama of Latin America and the Caribbean 2022: Transforming education as a basis for sustainable development, https://www.cepal.org/en/publications/48519-social-panorama-latin-america-and-caribbean-2022-transforming-education-basis.
[33] Edapp (2022), 20 plataformas para crear y aprender online, https://www.edapp.com/blog/es/20-plataformas-de-cursos-online-gratuitos/.
[90] EF (2022), EF English Profiency Index, https://www.ef.com/assetscdn/WIBIwq6RdJvcD9bc8RMd/cefcom-epi-site/reports/2022/ef-epi-2022-english.pdf.
[48] EGA (2023), National Cyber Security Index, https://ncsi.ega.ee/ncsi-index/.
[29] El Colombiano (2021), Las ventajas de los diplomados, https://www.elcolombiano.com/tendencias/las-ventajas-de-los-diplomados-DN15812067 (accessed on June 2023).
[6] Ferreyra, M. et al. (2017), At a Crossroads: Higher Education in Latin America and the Caribbean, World Bank, Washington, DC, https://doi.org/10.1596/978-1-4648-1014-5.
[1] Fortinet (2023), 2023 cyber security skills gap, https://edu.arrow.com/media/0pld3mup/2023-cybersecurity-skills-gap-report.pdf.
[11] Fundación politécnico Minuto de Dios (2023), Técnico Profesional en Servicios de Seguridad Informática, https://tecmd.edu.co/programas_titulados/tecnico-profesional-en-servicios-de-seguridad-informatica/.
[14] Fundación polítécnico Minuto de Dios (2023), Técnico profesional en servicios de seguridad informática (Professional technician in information security services), https://tecmd.edu.co/programas_titulados/tecnico-profesional-en-servicios-de-seguridad-informatica/.
[86] Generation (2023), Fórmate e impulsa tu carrera profesiona, https://colombia.generation.org/.
[97] GGL (n.d.), Geek Girls LatAm, https://geekgirlslatam.org/ (accessed on 11 September 2023).
[98] Gobierno Digital (2022), Hacker Girls, https://gobiernodigital.mintic.gov.co/seguridadyprivacidad/portal/Iniciativas/Hacker-Girls/.
[34] Godec, S., L. Archer and E. Dawson (2021), “Interested but not being served: mapping young people’s participation in informal STEM education through an equity lens”, Research Papers in Education, Vol. 37/2, pp. 221-248, https://doi.org/10.1080/02671522.2020.1849365.
[40] Gómez Soler, S., G. Bernal Nisperuza and P. Herrera Idárraga (2020), “Test Preparation and Students’ Performance: The Case of the Colombian High School Exit Exam”, Cuadernos de Economía, Vol. 39/79, pp. 31-72, https://doi.org/10.15446/cuad.econ.v39n79.77106.
[89] Guo, P. (2018), “Non-Native English Speakers Learning Computer Programming”, Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems, https://doi.org/10.1145/3173574.3173970.
[82] ICBF (2023), Conócenos Sacúdete, https://sacudete.icbf.gov.co/.
[52] IDB and OAS (2016), Cybersecurity: Are We Ready in Latin America and the Caribbean?, https://publications.iadb.org/en/cybersecurity-are-we-ready-latin-america-and-caribbean.
[18] Institución Universitaria Escolme (2023), Tecnologo en redes y seguridad informática (Technologist in Network and information security), http://www.escolme.edu.co/.
[16] Institución Universitaria Pascual Restrepo (2023), Tecnología en desarrollo de software (Technologist in Software development), https://pascualbravo.edu.co/facultades/facultad-de-ingenieria/programmeas/tecnologia-en-desarrollo-de-software/.
[15] Institución Universitaria Salazar y Herrera (2023), Tecnologías en sistemas (Technologist in systems), https://www.iush.edu.co/es/Universidad/pregrados/escuela-de-ingenierias/tecnologia-sistemas.
[12] Instituto superior de educación social (ISES) (2023), Técnico profesional en soporte de hardware y software, https://www.ises.edu.co/soporte-de-hardware-software.
[43] ISC2 (2022), Cyber security workforce study, https://www.isc2.org//-/media/ISC2/Research/2022-WorkForce-Study/ISC2-Cybersecurity-Workforce-Study.ashx.
[68] LEE (2021), Datos y Estadísticas, https://lee.javeriana.edu.co/datos-y-estadisticas.
[41] Londoño-Vélez, J., C. Rodríguez and F. Sánchez (2020), “Upstream and Downstream Impacts of College Merit-Based Financial Aid for Low-Income Students: Ser Pilo Paga in Colombia”, American Economic Journal: Economic Policy, Vol. 12/2, pp. 193-227, https://doi.org/10.1257/pol.20180131.
[3] Manpower Group (2022), Colombia’s 2022 Talent Shortage, https://go.manpowergroup.com/hubfs/Talent%20Shortage%202022/MPG_2022_TS_Infographic-Colombia.pdf.
[8] Medellin’s Secretary of Education (2022), Technical upper secondary programmes (Programas de media técnica), https://www.medellin.edu.co/secretaria/vivero-del-software/media-tecnica/.
[13] MEN (2023), Educación Técnica y Tecnológica en Colombia, https://www.mineducacion.gov.co/portal/micrositios-superior/Educacion-Tecnica-y-Tecnologica/.
[7] MEN (2023), Sistema Nacional de Información de la Educación Superior – SNIES (National Higher Education Information System), https://snies.mineducacion.gov.co/portal/.
[72] MEN (2022), Programa Nacional de Bilinguismo, https://educacionrindecuentas.mineducacion.gov.co/pilar-1-educacion-de-calidad/programa-nacional-de-bilinguismo/.
[91] MEN (2022), Programa Nacional de Bilinguismo (About the National Bilingual Program), https://eco.colombiaaprende.edu.co/about-bilingualism/?playlist=55b8e92&video=d3092d9.
[30] MEN (2020), Educación para el trabajo y desarrollo humano, https://www.mineducacion.gov.co/1759/articles-355413_recurso_pdf_FAQ.pdf.
[22] MEN (2017), Formación por ciclos propedéuticos, https://www.mineducacion.gov.co/portal/Educacion-superior/Informacion-Destacada/196476:Formacion-por-ciclos-propedeuticos.
[21] MEN (2015), Prácticas: Pasantias y contratos de aprendizaje, https://www.mineducacion.gov.co/1780/articles-354776_archivo_pdf_Consulta.pdf.
[35] MEN (2015), Programa Proyecta-T, https://proyectateherramienta.mineducacion.gov.co/MenVocOcup/.
[79] MinTIC (2023), Talento Digital - Cursos en linea, https://talentodigital.mintic.gov.co/734/w3-propertyvalue-217941.html (accessed on April 2023).
[96] MinTIC (2022), En Colombia más de 20 mil mujeres se formaron con Por TIC Mujer en 2022, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/273364:En-Colombia-mas-de-20-mil-mujeres-se-formaron-con-Por-TIC-Mujer-en-2022.
[26] MinTIC (2022), MinTIC financiará diplomados en ciberseguridad para empresarios y equipos técnicos, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/Noticias/208806:MinTIC-financiara-diplomados-en-ciberseguridad-para-empresarios-y-equipos-tecnicos.
[62] MinTIC (2022), Proyecto Fortalecimiento de las Competencias Digitales, https://mintic.gov.co/micrositios/convocatoria-habilidades-digitales/775/articles-172269_terminos_Ciberseguridad_2022.pdf.
[27] MinTIC (2022), Un ticket para el Futuro, https://www.mintic.gov.co/micrositios/unticketparaelfuturo/799/w3-channel.html.
[61] MinTIC (2021), Equipos de trabajo de 110 empresas recibirán capacitación gratuita en ciberseguridad con el Ministerio TIC, https://www.mintic.gov.co/portal/inicio/Sala-de-prensa/176180:Equipos-de-trabajo-de-110-empresas-recibiran-capacitacion-gratuita-en-ciberseguridad-con-el-Ministerio-TIC-Karen-Abudinen.
[81] MinTIC (2020), Ministerio TIC y el British Council forman profesores y estudiantes en programación, https://mintic.gov.co/portal/inicio/Sala-de-Prensa/Noticias/80650:Ministerio-TIC-y-el-British-Council-forman-profesores-y-estudiantes-en-programacion.
[84] MinTIC and ICETEX (2022), Créditos condonables para educación en Colombia - Fondo Un ticket para el Futuro Convenio Interadministrativo, https://web.icetex.gov.co/documents/20122/687162/Texto-de-la-Convocatoria-Diplomados-Fondo-Un-Ticket-para-el-Futuro.pdf.
[32] MNEMO (2022), SENA y MNEMO inauguran en Colombia el primer centro tecnológico de excelencia y simulación en ciberseguridad de América Latina (SENA and MNEMO launch Colombia’s first cybersecurity technology centre of excellence and simulation in Latin America), https://www.mnemo.com/sena-mnemo-ciberseguridad/.
[54] OAS (2023), Practica Guide for CSIRTs, https://www.oas.org/es/sms/cicte/ciberseguridad/publicaciones/Guia-CSIRT%202023%20Digital%20ENG.pdf.
[51] OAS (2023), Reporte sobre el desarrollo de la Fuerza Laboral de ciberseguridad en una era de escasez de talento y habilidades, https://www.oas.org/es/sms/cicte/docs/Reporte_sobre_el_desarrollo_de_la_fuerza_laboral_de_ciberseguridad_en_una_era_de_escasez_de_talento_y_habilidades.pdf.
[55] OAS (2022), National Cybersecurity Strategies, https://www.oas.org/en/sms/cicte/docs/National-Cybersecurity-Strategies-Lessons-learned-and-reflections-ENG.pdf.
[49] OAS (2020), Cyber security education: Planning for the future through workforce development, https://www.oas.org/es/sms/cicte/docs/White-Paper-Cybersecurity-Education.pdf.
[69] OECD (2023), Students per teaching staff (indicator), https://doi.org/10.1787/3df7c0a6-en (accessed on 23 June 2023).
[77] OECD (2022), ICT Access and Usage by Households and Individuals (database), https://stats.oecd.org/Index.aspx?DataSetCode=ICT_HH2.
[53] OECD (2022), OECD Policy Framework on Digital Security: Cybersecurity for Prosperity, OECD Publishing, Paris, https://doi.org/10.1787/a69df866-en.
[2] OECD (2021), OECD SME and Entrepreneurship Outlook 2021, OECD Publishing, Paris, https://doi.org/10.1787/97a5bbfe-en.
[38] OECD (2020), Dream Jobs? Teenagers’ career aspirations and the future of work, https://www.oecd.org/education/dream-jobs-teenagers-career-aspirations-and-the-future-of-work.htm.
[74] OECD (2020), OECD Digital Economy Outlook 2020, OECD Publishing, Paris, https://doi.org/10.1787/bb167041-en.
[75] OECD (2019), OECD Reviews of Digital Transformation: Going Digital in Colombia, OECD Reviews of Digital Transformation, OECD Publishing, Paris, https://doi.org/10.1787/781185b1-en.
[37] OECD (2019), PISA 2018 Results (Volume II): Where All Students Can Succeed, PISA, OECD Publishing, Paris, https://doi.org/10.1787/b5fd1b8f-en.
[92] OECD (2018), Bridging the digital gender divide, http://www.oecd.org/digital/bridging-the-digital-gender-divide.pdf.
[101] OECD (2014), “Learning Begets Learning: Adult Participation in Lifelong Education”, Education Indicators in Focus, No. 26, OECD Publishing, Paris, https://doi.org/10.1787/5jxsvvmr9z8n-en.
[46] OIT (2022), OIT destaca el potencial de las tecnologías para impulsar la e-formalización en América Latina, https://www.ilo.org/americas/sala-de-prensa/WCMS_855184/lang--es/index.htm.
[71] SENA (2023), Escuela Nacional de Instructores “Rodolfo Martínez Tono” (National School of Instructors), https://www.sena.edu.co/es-co/comunidades/instructores/Paginas/default.aspx.
[10] SENA (2023), Mesas sectoriales. Conectando sectores, https://www.sena.edu.co/es-co/Empresarios/Paginas/mesasSectoriales.aspx.
[73] SENA (2018), Escuela Nacional de Instructores - Comunicaciones - Biliinguismos Espanol-Ingles, https://www.sena.edu.co/es-co/comunidades/instructores/Convocatorias/CONVOCATORIA-BE-LINGUAL-SEGUNDO-SEMESTRE.pdf.
[67] Snijders, I. et al. (2020), “Building bridges in higher education: Student-faculty relationship quality, student engagement, and student loyalty”, International Journal of Educational Research, Vol. 100, p. 101538, https://doi.org/10.1016/j.ijer.2020.101538.
[17] Unidades tecnológicas de Santander (2023), Tecnologia en Desarrollo de Sistemas informáticos (Tecnologist in development of informatic systems), https://www.uts.edu.co/sitio/tecnologia-en-desarrollo-de-sistemas-informaticos/#1562800770722-cfdcde65-4afc.
[64] Universidad de los Andes (2023), Oferta académica de educación continua (Academic offer of continuing education), https://educacioncontinua.uniandes.edu.co/es.
[20] Universidad de Manizales (2023), Ingenieria en Seguridad de la información (Information Security Engineering), https://umanizales.edu.co/Programa/ingenieria-en-seguridad-de-la-informacion/.
[65] Universidad Distrital de Colombia (2023), Curso Certified Information Systems Security Professional – CISSP, https://www.egresadosudistrital.edu.co/index.php/capacitaciones/seguridad-informatica/curso-certified-information-systems-security-professional-cissp.
[19] Universidad Javeriana (2023), Ingenieria de Sistemas (System engineering), https://www.javeriana.edu.co/carrera-ingenieria-de-sistema.
[76] Van Deursen, A. et al. (2017), “The compundness and sequentiality of digital inequality”, International Journal of Communication, https://ijoc.org/index.php/ijoc/article/view/5739.
[85] Venator, J. and R. Reeves (2015), Building the soft skills for success, https://www.brookings.edu/blog/social-mobility-memos/2015/03/18/building-the-soft-skills-for-success/.
[100] Werquin, P. (2010), Recognising Non-Formal and Informal Learning: Outcomes, Policies and Practices, OECD Publishing, Paris, https://doi.org/10.1787/9789264063853-en.
[78] World Economic Forum (2019), Digital skills among population, https://www.weforum.org/reports/the-global-competitiveness-report-2020/.
Notes
← 1. Under Colombian definition, courses such as ‘diploma’, ‘seminar’, or ‘workshop’ that are offered sporadically, and have a duration of less than 160 hours, are considered informal education (Congreso de la República, 1994[99]). According to the OECD definition, these courses are considered part of non-formal education, which is defined as a sustained educational activity that takes place both within and outside educational institutions and caters to individuals of all ages. This includes open or distance learning courses, private lessons, organised sessions for on-the‑job training, workshops, or seminars (OECD, 2014[101]; Werquin, 2010[100]). For this report, we use the OECD’s definition of non-formal education.
← 2. ETDH refers to education for employability and human development (Educación para el Trabajo y el Desarrollo Humano).
← 3. Course cost based on website search of Diploma certificates offered in April 2023. Conversion in euros based on the average Colombian pesos-Euro exchange rate in April 2023.
← 4. Micro-credentials are short qualifications that validate competency in a specific skill or knowledge area. They are quick to obtain, focused on targeted learning outcomes, and aligned with industry needs. They offer individuals the opportunity to acquire specialised knowledge without the time commitment required for longer-term educational programmes. Meanwhile, Macro-credentials are comprehensive certifications that encompass a wide range of skills and knowledge. They require longer study periods and indicate higher expertise or qualifications in a specific field. Generally awarded by educational institutions or professional organisations, they may involve degree programmes or professional certifications.
← 5. Conversion in euros based on the average Colombian pesos-Euro exchange rate in April 2023.
← 6. The National Cyber Security Index is a global live index, which measures the preparedness of countries to prevent cyber threats and manage cyber incidents. The NCSI focuses on measurable aspects of cyber security implemented by the central government: 1) Legislation in force – legal acts, regulations, orders, etc; 2) Established units – existing organisations, departments, etc; 3) Co‑operation formats – committees, working groups, etc; and 4) Outcomes – policies, exercises, technologies, websites, programmes, etc.