A strategic step to enhance cybersecurity in the Kingdom
In a move reflecting the Kingdom of Saudi Arabia’s commitment to developing its digital infrastructure and protecting its cyberspace, the National Cybersecurity Authority a new set of updates to the Saudi Cybersecurity Workforce Framework project, “Siyouf .” These updates were presented via the “Istilaa” platform to engage experts and stakeholders in the development process, ensuring the framework aligns with global best practices and the needs of the local labor market.
General context: Cybersecurity as a key pillar of Vision 2030
These updates come within the context of the comprehensive digital transformation the Kingdom is undergoing as part of its Vision 2030 . With the increasing reliance on digital technologies across all government and private sectors, the urgent need has arisen to build a robust cybersecurity system capable of countering evolving threats. The National Cybersecurity Authority was established in 2017 as a regulatory and legislative body aimed at protecting the Kingdom's vital interests, national security, and critical infrastructure. The "Siyouf" framework is one of its most prominent strategic initiatives for standardizing concepts and developing national talent, recognizing that human capital is the first and most important line of defense against cyberattacks.
The importance of the framework and its expected impact
The “Siyouf” framework represents a comprehensive national reference for classifying and defining job roles in the field of cybersecurity. Its importance lies in its ability to bridge the gap between academic education outcomes and the actual demands of the labor market. Locally , the framework will contribute to creating clear career paths for Saudi youth and encourage universities and training centers to develop specialized programs that meet the needs of both the public and private sectors. It also standardizes communication among different institutions regarding the required skills and competencies.
Regionally , this step reinforces the Kingdom's position as a leader in cybersecurity and provides a model that neighboring countries can utilize to build their national capabilities. Internationally , aligning the framework with global standards enhances the skills of Saudi professionals, making them competitive in the global market, and sends a message of confidence to investors and international partners regarding the Kingdom's commitment to securing its digital environment.
Details of the new updates: 5 categories and 40 job roles
The updated framework is based on a precise structure comprising 5 main categories , 12 areas of specialization, and 40 functional roles , providing comprehensive coverage of all aspects of cybersecurity work. The five categories include:
- Cybersecurity Architecture and Research and Development (CARD): Concerned with the design and development of secure systems and innovation.
- Leadership and Staff Development (LWD): Focuses on team management and human capacity development.
- Governance, Risk, Compliance and Regulations (GRCL): Responsible for policy development, risk management and compliance assurance.
- Protection and Defense (PD): Includes threat monitoring, incident response, and network protection.
- Industrial Control Systems and Operational Technologies (ICS/OT): Focuses on protecting critical infrastructure and industrial systems.
The framework also provides an explanation of the Optical Signaling Protocol (TLP) , a global standard for classifying the sensitivity of information when shared, thus promoting its secure exchange between entities. In addition, "areas of competence" have been included as a valuable addition to guide professionals toward developing the skills most relevant to their roles and supporting their career development.
An invitation to participate and a vision for the future
The authority affirmed that the framework will undergo periodic reviews to ensure it remains relevant to emerging challenges, and called upon all entities to adopt it while allowing the flexibility to make internal adjustments to suit their specific operations. This participatory approach guarantees the development of a resilient and effective national cybersecurity system, capable of safeguarding the nation's digital assets and ensuring a secure and prosperous future.
