NATIONAL CYBERSECURITY SKILLS FRAMEWORK
(ABRIDGED VERSION)
Sierra Leone
Prepared for:
National Cybersecurity Skills Strategy and Action Plan Consultative Meeting
Client:
National Cybersecurity and Coordination office (NC3)
Project:
Sierra Leone Digital Transformation Project (SLDTP)
Consultant:
Knowledge Network Solutions (SL) Ltd
Date: July 2025
National Cybersecurity Skills Strategy and Action Plan Consultative Meeting
1. EXECUTIVE SUMMARY
2. INTRODUCTION
3. METHODOLOGY
4. Cybersecurity Roles and Career Pathways
5. Skills and Competency Framework
6. PROFESSIONAL CERTIFICATION AND TRAINING PATHWAYS
7. GUIDELINES FOR EMPLOYERS AND WORKFORCE DEVELOPMENT
8. IMPLEMENTATION ROADMAP AND RECOMMENDATIONS
9. MONITORING, EVALUATION, AND CONTINUOUS IMPROVEMENT
10. CONCLUSION AND NEXT STEPS
1. EXECUTIVE SUMMARY
This framework establishes a standardized, role-based approach to cybersecurity workforce development in Sierra Leone, addressing critical shortages and skills gaps through alignment with leading international standards such as the NICE and ECSF frameworks. It clearly defines core cybersecurity roles, career pathways, and competency requirements, ensuring national capacity building is both systematic and globally benchmarked.
A foundational assessment highlights significant shortages of qualified professionals and underrepresentation of women, youth, and marginalized groups. The sector suffers from a lack of standardized training and recognized certification pathways, hindering formal role definition and career advancement.
The framework's objectives include developing standardized curricula and professional certifications, implementing targeted upskilling and reskilling programs, promoting inclusion, and providing employer guidelines to encourage talent retention and advancement. Sustainability and adaptability remain central to ensure ongoing relevance amid evolving digital infrastructure and threats. In alignment with international best practices, this framework offers government, industry, and academia a practical roadmap to strengthen Sierra Leone's digital resilience and advance inclusive economic growth.
2. INTRODUCTION
Sierra Leone's digital transformation offers significant opportunities but also increases cybersecurity risks, largely due to a shortage of skilled professionals and low ICT literacy. This framework establishes a nationally coordinated approach to address these challenges, aligning with international standards yet tailored to Sierra Leone's unique context. It outlines strategies for upskilling, reskilling, and attracting new talent, while fostering institutional capacity and inclusivity through partnerships with government, industry, academia, and civil society.
Emphasizing robust governance, continuous monitoring, and adaptive policy, the framework ensures agility in the face of evolving digital threats. By systematically addressing skills gaps and promoting collaborative innovation, Sierra Leone aims to protect its critical information assets and leverage digitalization for sustainable, inclusive economic growth in line with national and international priorities.
3. METHODOLOGY
The framework's development followed a rigorous, evidence-based methodology that combined quantitative and qualitative research. A systematic literature review and benchmarking against international standards—including NICE and ECSF—ensured alignment with global best practices while addressing Sierra Leone's specific needs. Extensive stakeholder engagement through interviews, focus groups, and surveys included
representatives from government, academia, the private sector, and civil society. Data triangulation and iterative validation strengthened the framework's reliability and contextual relevance. This approach resulted in a practical, inclusive roadmap for addressing cybersecurity workforce gaps and building sustainable institutional capacity across Sierra Leone's digital landscape.
4. CYBERSECURITY ROLES AND CAREER PATHWAYS
The framework outlines essential cybersecurity roles adapted from international standards such as the NICE Framework, including positions like Cybersecurity Analyst, Engineer, Architect, Penetration Tester, Incident Responder, GRC Specialist, CISO, Trainer, and Digital Forensics Specialist. Each is mapped to global benchmarks with defined responsibilities and competencies, ensuring alignment with best practices.
Structured career pathways detail advancement from entry to expert levels, supported by recommendations for professional certifications and continual learning. The framework promotes standardized role definitions and internationally benchmarked job descriptions, enhancing recruitment and talent management across sectors.
Emphasizing both technical and cross-functional skills, the framework supports the development of Sierra Leone's professional and inclusive cybersecurity workforce, strengthening national infrastructure, digital trust, and socio-economic growth.
Example Core Roles:
5. Skills and Competency Framework
The Skills and Competency Framework establishes a structured approach to defining and evaluating the essential capabilities required for cybersecurity, digital trust, and risk management in the public sector. It sets foundational core competencies for all roles, ensuring alignment with international standards and World Bank priorities.
Key competencies include a solid understanding of cybersecurity fundamentals, enabling staff to recognize core security concepts and the ongoing threat landscape. Risk awareness is emphasized, equipping employees to identify, assess, and communicate cyber risks effectively. Security hygiene is fostered through best practices in password management, device security, and software updates, while incident reporting procedures ensure timely identification and escalation of security events.
The Framework also integrates legal and ethical considerations, strong communication skills, and ongoing professional development. Advanced skills for specialized roles—such as cloud, AI, and IoT security—are detailed to address technological advancements. Regular assessment and updates guarantee the ongoing effectiveness of the competencies, supporting Sierra Leone's digital transformation in accordance with World Bank objectives.
Core Competencies for All Roles:
Cybersecurity Fundamentals
Basic concepts, threat landscape, importance of security
Risk Awareness
Identify, assess, communicate cyber risks
Security Hygiene
Best practices for passwords, device security, updates
Incident Reporting
Recognize and report incidents
Legal/Ethical Awareness
Relevant laws, regulations, ethics
Communication
Clear technical/non-technical communication
Continuous Learning
Ongoing professional development
6. PROFESSIONAL CERTIFICATION AND TRAINING PATHWAYS
Professional certification and training pathways are critical for building and maintaining a capable cybersecurity workforce. Certifications are tailored to specific roles and career stages, including industry-recognized credentials such as those from CompTIA, EC-Council, ISC2, and the SANS Institute. Structured training programs promote local capacity, support diversity, and facilitate ongoing development through mandatory recertification and advanced technical training. These practices ensure organizations are prepared for evolving cyber threats and aligned with international standards.
Example Certifications by Role:
7. GUIDELINES FOR EMPLOYERS AND WORKFORCE DEVELOPMENT
Employers are instrumental in cybersecurity workforce development. Organizations should define clear role profiles aligned with organizational and national frameworks and implement effective recruitment, onboarding, and retention strategies. Supporting continuous professional development through recognized certifications, ongoing training, and knowledge exchange ensures staff remain adept in the evolving threat landscape.
Diversity and inclusion should be prioritised through outreach, equitable hiring, and accessible career progression. Performance management systems must encourage excellence and provide transparent feedback. Career advancement can be strengthened by mentorship and leadership initiatives.
Collaboration with industry and academia promotes best practices and sector-wide growth. Employers must adhere to national and international standards through regular policy reviews and compliance audits. By following these guidelines, organizations will enhance their resilience and contribute to a robust, future-ready cybersecurity workforce.
8. IMPLEMENTATION ROADMAP AND RECOMMENDATIONS
In order to effectively address the evolving needs of the cybersecurity workforce and to ensure alignment with global best practices, a comprehensive phased implementation approach is proposed. This strategy is designed to provide a structured pathway for national, regional, and sectoral stakeholders while supporting sustainable development and resilience in the cybersecurity ecosystem.
The implementation roadmap is organized into three distinct phases:
The implementation roadmap is structured in three phases to ensure systematic workforce development in cybersecurity.
Phase 1 focuses on establishing a multi-sectoral taskforce, adopting a cybersecurity competency framework, conducting baseline assessments, and initiating awareness campaigns to engage stakeholders.
Phase 2 emphasizes expanding training programs, integrating cybersecurity into educational curricula, launching mentorship initiatives, and fostering employer involvement through partnerships, with a focus on inclusion and accessibility.
Phase 3 centers on institutionalizing Continuous Professional Development systems, implementing monitoring and evaluation processes, and encouraging international collaboration and research. Periodic policy reviews are recommended to maintain effectiveness and compliance.
Strong government leadership, industry engagement, academic partnerships, and sustainable funding underpin long-term success and resilience in the national cybersecurity workforce.
Phased Implementation Plan:
9. MONITORING, EVALUATION, AND CONTINUOUS IMPROVEMENT
A comprehensive monitoring, evaluation, and continuous improvement framework is essential for effective implementation and sustained success of the cybersecurity workforce strategy. Systematic tracking of key performance indicators—such as workforce capacity, certification rates, and skills gap reduction—will ensure accountability and guide adaptive management. Regular evaluations, including stakeholder consultations and benchmarking, will inform targeted adjustments. A dedicated oversight committee will oversee transparent reporting and integrate lessons learned, ensuring the talent pipeline aligns with national priorities and international standards.
10. CONCLUSION AND NEXT STEPS
This framework establishes a structured, internationally benchmarked approach to cybersecurity workforce advancement in Sierra Leone. The next steps involve formal government adoption, integration with national human resource and educational policies, and alignment of academic and employer initiatives with global standards. Active international collaboration is recommended to accelerate capacity building, drawing on best practices and technical assistance. Robust monitoring and evaluation will ensure measurable progress and adaptive management. Sustained success will depend on ongoing investment, skills assessment, and transparent reporting, under the oversight of a dedicated committee. By following these recommendations, Sierra Leone will strengthen its cybersecurity talent pipeline to meet national priorities and international standards.