Capacity building: Creating the Philippines Cybersecurity Workforce


Albert Einstein, a famous German-born scientist, was once asked how he would save the world if he only had one hour. After a brief pause for thought, he stated that he would spend 55 minutes defining the problem and the final five minutes solving it.

We're now trying to figure out how to make sure that the most critical aspect of the cyber ecosystem — humans — are ready to design, develop, run, and protect our cyber infrastructure. Despite the clear need, a global shortage of experienced cybersecurity thinkers and employees continues to be a well-documented global concern for both industry and governments. Although certain sectors lag behind, most government and corporate leaders are increasingly aware of and concerned about the need for greater cyber security and resilience.

Acceptable cybersecurity skills are both scarce and unevenly distributed, even in the Philippines national security sphere, the National Security Strategy issued in 2018 states the increase in the supply of national cybersecurity professionals and experts as one of the key features of strategic actions under the 11th national security goal – ‘Provide strong cyber infrastructure and cybersecurity.’

The government is aware that the nation is experiencing a shortage of cybersecurity talent and capability; and that innovative approaches are required to improve access to training that maximizes individuals’ cybersecurity knowledge, skills, and abilities. Further to that point, the Philippine National CyberSecurity Plan 2022, published in 2017, sets out the following key program areas to address the need for increased awareness and capacity-building for both the public and private sectors: (a) the protection of CII through cybersecurity assessment and compliance; (b) the protection of government networks through a national computer emergency response program,; (c) the protection for supply chain through a national common criteria evaluation and cybersecurity equipment testing program; and (d) the protection of individuals through the acceleration of learning skills and development. Five years has passed, but where are we now in terms of grounding these programs?

The government should understand that cybersecurity is a critical component to achieve national goals; and that attentive and careful development of the national cyber workforce is key to its success. First principle is to define the focus of effort: the cyberspace workforce. This focus requires the collective efforts of government agencies. The government should be committed in supporting interagency cyber workforce initiatives by actively partnering with public and private stakeholders and building resources that are shared across the government and at the national level. This work includes sharing best practices and lessons learned with local and international partners seeking to leverage on the national cybersecurity policies. Every time, the goal is to produce a diverse collection of people who will govern, design, defend, analyze, manage, run, and maintain the ecosystem of policies, systems, and networks that underpin our way of life.

Education and training of personnel working on long-term and multifaceted challenges are critical components of any solution — and this is especially true in cyberspace. Coordinated efforts throughout the entire business or bureaucracy are required; highlighting the complexity of this task, solutions to fill this gap rely on the participation and support from a number of stakeholders.

Finally, each talk about cybersecurity workforce development is a network of discussions. These discussions must take place on a national and local level as well as with like-minded international partners like the cooperation with ITU on GSMA and 3GPP for equipment security standards capability building, and they must take into account cross-border interdependencies in cyberspace. From hardware purchase and upgrading to human resource imperatives like training, education, hiring, and retention, cyber workforce enhancement efforts touch on a variety of technical and vocational domains, each with its own demands and policy prescriptions. In the end, such considerations should be at the forefront of every cybersecurity leaders' minds because a country's cyber workforce is one of its most valuable strategic assets. (Allan Cabanlong and Genalyn Macalinao)