As cyber-security incidents become more prevalent, the need for skilled employees and management becomes more imperative. Global best practice indicates training and skills development is required, and often remains the responsibility of the leadership to ensure this is provided. Within South Africa there is a lack of specialist cyber-security training. In addition, there is no professional status for the cyber-security field by the relevant regulatory or IT professional bodies. The paper assesses legislative requirements for cyber-security education and training, and the available tertiary education modules and major vendor-neutral certifications available in South Africa to meet this requirement. The methodology used for the analysis of the legal and educational documents is thematic (qualitative) analysis. The study found that the available offerings for cybersecurity education in South Africa are very limited in in terms of the NQF levels available and they do not align to the training that will be required as outlined in upcoming legislation. Support structures and a high-level multi-disciplinary curriculum are proposed to close the identified gaps.

van Niekerk and Ramluckan