المملكة: Update for "Swords".. Classification of 40 cyber jobs into 5 main categories
The Syouf framework is one of the most important projects of the authority aiming to classify the work of Cybersecurity cadres and defining the job roles for each category, in addition to describing the basic requirements for these roles in terms of tasks, knowledge, skills, and areas of competence.
Attracting cybersecurity cadres
The framework constitutes a comprehensive national reference that helps in preparing, developing and attracting Cybersecurity cadres, and also works to improve institutional communication and develop content in training and qualification programs, and link education outcomes to the actual labor market needs in the cyber field.The authority recommended that all government and private agencies adopt and approve the framework to ensure that work structures and activities related to cybersecurity are aligned with national guidelines.
It stressed that the framework allows agencies the ability to make internal modifications commensurate with their functional requirements, provided that the infrastructure of the project is not disturbed, in order to achieve the highest levels of Consistency between public and private sector practices in this vital field.
Given the ever-changing nature of cybersecurity, the Authority stressed that the framework will be subject to periodic reviews and continuous updates to ensure its effectiveness and compatibility with the latest global challenges.
Traffic signal protocol
A comprehensive classification of 5 categories, 12 areas of specialization, and 40 job roles
The Saudi framework for cybersecurity cadres relies on a precise classification that includes five main categories, in addition to 12 specialized fields and 40 functional roles, which ensures a systematic organization that keeps pace with the needs of national organizations.The updates project goes on to clarify the basic structure of the framework by classifying cybersecurity cadres into 5 main categories, which form the organizational basis for job roles and approved professional standards. These categories include Cybersecurity Architecture, Research and Development (“CARD”), which is concerned with designing systems, developing architectures, and implementing innovation and research work.
The Leadership and Personnel Development category includes “LWD,” which is responsible for managing cybersecurity teams and human capacity development programs.
The Governance, Risk, Compliance, and Laws category (“GRCL”) includes policy development, risk management, and ensuring institutions’ compliance with national systems, while the Protection and Defense (“PD”) category specializes in monitoring threats, addressing vulnerabilities, monitoring networks, and responding. For cyber incidents.
As for the Industrial Control Systems and Operational Technologies “ICS/OT” category, it focuses on protecting highly sensitive industrial and operational systems, thus enhancing the security of vital infrastructure in the Kingdom.
Each specialization field has a unique identifier based on the English letters of the specialization name, which facilitates the classification of job roles and linking them to their categories, and enhances internal organization within institutions.
The Saudi framework for cybersecurity cadres highlights its advanced methodology in defining the requirements of each. A job role across three interconnected axes that include tasks, knowledge, and skills, in a model that reflects international best practices.
Tasks represent the set of activities that the occupant of the job role must implement within the scope of his specialization, while knowledge includes various concepts, information, and scientific theories related to the fields of cybersecurity.
As for skills, they represent the practical capabilities that enable the specialist to apply his knowledge efficiently, and use the necessary tools and methodologies to accomplish the required tasks, in a way that enhances the readiness of cadres and supports the construction of an advanced cybersecurity system. And compatible with national needs.
This data was prepared in accordance with international best practices while adapting it to the needs of cybersecurity cadres in the Kingdom, in a way that enhances the readiness of workers and contributes to the development of a cyber infrastructure capable of facing the escalating challenges.
Areas of competency
The new version of the framework provides a qualitative addition in the form of “competency areas,” which were designed to enhance the alignment of professional capabilities with the growing cybersecurity requirements.These areas help organizations focus effectively on the specializations most closely related to the unique challenges they face, and also contribute to aligning training programs and professional certificates with the actual needs of the sector.
They also provide clear and organized career paths that support the career development of specialists, ensuring enhanced cadre readiness. And building national capabilities capable of confronting renewed cyber threats.
Despite their importance, the framework emphasizes that specialists are not required to know all the details of the competency areas, but rather these areas are a guide that directs them towards developing the skills most relevant to their roles.
