IGF 2022 WS #420 Skills of tomorrow: youth on the cybersecurity job market

Thursday, 1st December, 2022 (12:35 UTC) - Thursday, 1st December, 2022 (14:05 UTC)
Press Briefing Room

Organizer 1: Civil Society, Eastern European Group
Organizer 2: Civil Society, Eastern European Group
Organizer 3: Civil Society, Latin American and Caribbean Group (GRULAC)
Organizer 4: Technical Community, Asia-Pacific Group

Speaker 1: Nancy Njoki Wachira, Technical Community, African Group
Speaker 2: Mohammad Ali Jauhar, Technical Community, Asia-Pacific Group
Speaker 3: Samaila Atsen Bako, Technical Community, African Group
Speaker 4: Antonia Baskakov, Intergovernmental Organization, Western European and Others Group (WEOG)

Additional Speakers

Teuntje Manders, Insight

Anna Rywczyńska, NASK PIB


Debate - Auditorium - 90 Min

Policy Question(s)

What are the cybersecurity “skills of tomorrow” - the ones that respond to the current challenges existing in the cybersecurity sector? What are the main gaps between the competencies companies seek and those that graduates possess upon completion of cybersecurity-oriented vocational or tertiary studies? How young people could contribute to improvement in the education sector of cybersecurity skills (for ex. peer-to-peer learning etc.)?

Connection with previous Messages: In the Katowice Messages, in part 4 “Universal Access and Meaningful Connectivity” there has been expressed a need to consider social environment (skills, education, content, multilingualism) as one of three crucial aspects of the concept of meaningful access. Moreover, it was stated that many countries are faced with low levels of digital literacy and digital skills. This workshop proposal intends to broaden this topic in the field of cybersecurity skills education. We believe that this is a particularly important issue today, as the cyber security sector is a rapidly growing branch of the job market. For this reason, it is worth considering which competencies the education and training system should equip young people with in order to help them meet the expectations of employers.



Targets: The workshop is related to SDG Target 4. Quality Education, especially to point 4.4 By 2030, substantially increase the number of youth and adults who have relevant skills, including technical and vocational skills, for employment, decent jobs and entrepreneurship. The aim of the session is to discuss and create a set of recommendations for the education sector, policy-makers, companies and institutions on how to implement and develop learning programs and training that would equip youth with skills desired in the cybersecurity sector. Such recommendations can not only help to develop solutions that will help increase the chances of young people in the job market but also better prepare schools, universities, companies and other institutions to develop adequate capacity-building programmes.


At the last year’s Global Youth Summit, the Working Group on Cybersecurity presented a set of Points of Action, among which they pointed out the need for improvement in the field of cybersecurity education. The number of threats posed by cyber-attacks and cybercrime is constantly growing. As a result, employers are looking for young professionals equipped with the skills to effectively improve digital security in their company or institution. Despite this, traditional education still does not provide young people with the tools to help them find their way in the ever-changing cybersecurity job market. Over the year 2022, Dynamic Coalition IS3C (Internet Standards, Security and Safety) in close cooperation with the Youth Coalition on Internet Governance, Youth IGF Poland, the Asian-Pacific IGF and the global IG youth community has been conducting research on what is the gap between skills young graduates entering the job market have and skills employers require. The research included interviews, surveys and desktop research as well as multi-stakeholder workshops across the world, prepared in collaboration with leaders from the cybersecurity sector. The aim of the project is to gather the data that will help to prepare a set of policy recommendations and a list of good practices in the education and industry training for the cybersecurity sector. In this workshop, in the first part, participants (both onsite and online) will be asked to fill a few online polls to check what are their predictions on the results of the research. Then, the speakers will share the actual results and talk about personal experiences as young professionals in the cybersecurity job market. On the basis of these, the organisers plan a debate to take place between the speakers and the participants, in which they will jointly consider what are the cybersecurity “skills of tomorrow” - the ones that respond to the current challenges existing in the cybersecurity sector. The participants will be invited to share experiences, opinions and resources on the topic, both by speaking out and by putting a note on an online board on the Miro platform. Together with speakers, they will create an interactive map of recommendations and good practices on how to equip young people with skills desired by employers in the cybersecurity sector.

Expected Outcomes

The expected outcome of the workshop is a set of opinions, recommendations and good practices gathered in the form of an online interactive map. That resource will be later used to create further recommendations for the education sector, policy-makers, companies and institutions on how to implement and develop learning programs and training that would equip youth with skills desired in the cybersecurity sector.

Hybrid Format: All online and onsite participants will be an important part of the audience. Therefore, online and onsite moderators will cooperate to ensure that they will have an equal opportunity to join the discussion with speakers and to ask them questions. Moderators will especially ensure that there is a common queue of questions for online and onsite participants so that each group has the same priority to ask questions to the speakers, whether they are online or onsite. The session will include interactive elements for both online and onsite participants. The use of an online board on the platform Miro will facilitate the smooth exchange of comments between both types of participants. It is also planned to use Mentimeter for conducting polls at the beginning of the session.

Online Participation


Usage of IGF Official Tool.


Key Takeaways (* deadline 2 hours after session)

There are gaps existing between what cybersecurity industry expect from gratuates and what they can offer. This disparities especially concern women and youth.

The cybersecurity job market needs to be more open to newcomers - for ex. not to require much experience for the starting positions - and to invest in finding and training new talents.

Call to Action (* deadline 2 hours after session)

There is a need to increase collaboration between government, academia, and the private sector to equip young people in skills neccessery in a job market.

Children should be taught early about career oportunities in cyber industry and have chances to learn some basic skills, for ex. at bootcamps.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

The session began by conducting 2 online polls via an online tool Mentimeter.  The moderator, Emilia Zalewska, asked  audience what their predictions are on following topics:  What are the top two skills that employers in the cybersecurity sector say they look for? Which types of cybersecurity jobs are most difficult to fill? In the first question, audience answered mostly correcly, that the top two skills are "Problem solving and teamwork". However, in the second question, most respondents chose that the job most difficult to fill is "Cloud backend engineer" while the correct anwser was "Cybersecurity manager"

After that part, the floor was taken by Teuntje Manders. She presented the audience with the ISC3 research project and its results on which the 2 questions in polls were based. The studyh involved surveying leaders in the cybersecurity industry to obtain data on what needs exist on the job market in this sector. 

This was followed by the next part of the session, in which there was a discussion among speakers, Firstly, Nancy Njoki Wachira conveyed to the international community that she is very happy that these types of projects take place, and that they will help young people with a career in cybersecurity.

Mohammad Ali Januhar commented in turn on the technical layer, related to how the industry works. He then reflected this on the market and its needs, in terms of employing young people.

Samaila Atsen Bako drew attention to universities and schools and whether they adequately prepare people to enter the cyber security profession.

Anna Rywczyńska spoke about the issue of access to development opportunities in this matter and the ease of access to information and training opportunities.

Samaila Atsen Bako also commented on the problem of the experience that business requires from candidates for cyber security positions.

Following these remarks, the floor was once again taken by Anna Rywczyńska. She referred to the insights as well as the issue of women in the industry.

Before the second round of discussion, the moderator invited questions. There were questions from
the audience:

1. What we can do to address the cultural barrier in accessing to cybersecurity job market?
The questioner argued that, from at least an African perspective, parents of young people do not
share the enthusiasm of young people to work in the cyber industry. The question was addressed by all panellists. It was pointed out that the biggest problem is to reach out to young people to promote knowledge, the industry.

2. Another question was asked by an online participant. After also pointing out the cultural aspect and his own family experience, the questioner posed this hypothesis: If you acquire the right skills, will you earn high enough. Therefore, he asked the provocative question whether it is not the young who should support their younger siblings, to choose the right path in terms of working in the field of new
technologies. The question also alluded to a question from the audience, which referred to cultural issues.

3. Many people, including those in governing circles, do not understand cybersecurity, so how do we require them to support knowledge in this area?

4. Where are the platforms for sharing knowledge, for acquiring knowledge about cybersecurity?

Some members of the audience presented thei statements as an input to the discussion:
1. Schools do not teach practical IT issues. We don't learn at school how to work with online
threats, for example.
2. Creating additional communities in schools and universities helps to understand the complexity of cyber security and also to get non-technical people interested in the subject.
3. It is necessary to help educational establishments outline the needs of young people so that they can develop their interest in cyber security.

After a round of question collection, the panellists  began to respond to questions and statements from the audience. Anna Rywczyńska and Mohammad Ali Januhar tried to address the issues that were flagged up in the room. Samaila Atsen Bako and Nancy Njoki Wachira have
completed the replies with their observations:
Parents want to protect their children, so they don't see their childrens careers as technology experts because they themselves don't know how to guide their children in this world so as not to make them addicted to technology or cause them to use it for bad things. This causes a cultural blockage.
There is a need to create an environment that promotes and facilitates access to knowledge on