Cultivating self-efficacy to empower professionals’ re-up skilling in cybersecurity

2.1 Cybersecurity skills gaps and the need for a skills-first approach

Although the pace of change differs depending on the market segment, industry or geopolitical area, the changes in the jobs landscape are happening everywhere (IEEE Digital Reality, 2020; World Economic Forum (WEF), 2023b; Organisation for Economic Co-operation and Development (OECD), 2019; World Economic Forum (WEF), 2023c). The IEEE e-book on “Post-Pandemic Megatrends” emphasises that the continuing digital transformation is a major force in reshaping the labour market (Saracco, 2021). Recent developments are affecting the workforce both in terms of skills gaps and new skill demands, and in the way the jobs are performed (IEEE Digital Reality, 2020).

The shortage of skills is one of the main hurdles faced by companies as well as individuals. From the point of view of companies, as the economy recovers from the pandemic, employers will aim to hire different sets of skills to enable them to establish a more relevant knowledge/skill mix (IEEE Digital Reality, 2020). From the workers’ point of view, the increasing focus on process efficiency will decrease the need for human labour leading to consequent job losses in some cases (IEEE Digital Reality, 2020), while also revealing the need for reskilling needed for emerging job roles (World Economic Forum (WEF), 2023b; Saracco, 2021).

Self-reports from workers who transitioned to remote work during the pandemic reveal skills gaps in the areas of work–life balance (54%), time management (51%) and active listening (40%) while working from home (Cornerstone, 2020). Gaps in digital literacy, AI literacy and effective remote work have also been revealed. New trends are shifting from raising awareness and “learning just-in-case” to “just-in-time knowledge” and “knowledge-as-a-service (KaaS)” (IEEE Digital Reality, 2020). The use of AI and robotics for automation and support in work activities, and the shift of many activities to the cyberspace, including Metaverse-like environments, requires advanced skills and knowledge (Saracco, 2021) to safely traverse and efficaciously operate in these spaces. The cooperation between workers and machines will also become more rampant, shifting the required skillset away from simply operating a machine, to merging competences with cross learning (Saracco, 2021), and even further towards a seamless continuum among human workers (blue and white collars), machines, data and processes (IEEE Digital Reality, 2020).

In the cybersecurity jobs market, there is already a prevalent skills shortage translating into a gap of 3.4 million cybersecurity vacancies (International Information System Security Certification Consortium (ISC)2, 2022). While enterprises are engaged in a powerful struggle to retain cybersecurity staff, there is also a shortage in a range of skills (Information Systems Audit and Control Association (ISACA), 2022). The top gaps include soft skills (54%), cloud computing knowledge (52%) and experience in security controls (34%) (Information Systems Audit and Control Association (ISACA), 2022). These numbers further underline the need for upskilling and reskilling in cybersecurity to cultivate talents, matching the right skills to the right job opportunity. The dynamic nature of the cyber threat landscape (Stavrou, 2023), which is expected to be further magnified with the rise of Metaverse-like environments and AI-enabled agents, hinders the efforts of the cybersecurity community to bridge the skills gap as it gives rise to new skillsets that are needed to effectively address cyber threats. At the same time, from the cybersecurity industry point of view, these trends render cybersecurity as a high-in-demand and increasingly attractive career path. However, from the viewpoint of cybersecurity professionals, maintaining a competitive advantage in a domain associated with high skills demands and employability standards requires continuous learning, training and growth to be able to keep up with technological advances, regulations, standards and industry demands (Stavrou, 2023). Therefore, maintaining a competitive value on the job market (Saracco, 2021) requires cultivating a lifelong learning mentality for upskilling and reskilling, to proactively respond to the changing industry needs and the increased demand for cybersecurity expertise (Stavrou, 2023; Oltsik, 2020) and soft skills (Information Systems Audit and Control Association (ISACA), 2022).

The need to progress to a skills-based work market that nurtures and retains talents is recognised across educational, social, professional and governmental circles. This means that students preparing to enter the workforce, academics, trainers and professionals alike, need to realise that reskilling and upskilling constitute the key in remaining competitive “in the market” (Stavrou, 2023; Saracco, 2021; Oltsik, 2020) and successful “on the job” – a job of a constantly changing nature. Adopting a skills-first approach can work for both job seekers and hiring managers to find the right match for a role or resource, respectively (Kimbrough, 2022). This observation becomes even more prevailing, as the skills-first approach is becoming the new norm. Recent data show that adopting a skills-first approach can be a win-win-win situation for policymakers, businesses and the workforce itself. Adopting a skills-first approach to hiring provides opportunities for policymakers and governments to expand educational programs and prioritise initiatives that can create a more resilient workforce that can adapt to labour market transformations and sustain its employability or even redeployed in a different position (LinkedIn Economic Graph, 2023). A skills-first approach also gives businesses access to a wider talent pool to meet their skills needs, while generating more opportunities for the workforce by making the playing field more accessible (LinkedIn Economic Graph, 2023).

Several initiatives have been introduced in recent years with the aim to address prevalent digital skills gaps which were revealed during COVID-19 pandemic. The rise of a “high skill/high knowledge” model is evident across ventures, including the IEEE Digital Reality initiative (IEEE Digital Reality, 2020), and the “Path to the Digital Decade” policy programme of the European Commission investing on professional education and upskilling (European Commission, 2021). These initiatives highlight that the future is most likely to see a rapid growth of skilled people that will leverage the digital transformation and make companies “bid” for their skills (IEEE Digital Reality, 2020). Such initiatives also emphasise both upskilling and reskilling and embrace new digital technologies to fill the digital skills gaps (Digital Skills and Jobs Platform, 2021). The European Commission has titled the year 2023 as the “European year of skills”, to promote lifelong learning and effective and inclusive investment in training, reskilling, and upskilling. The ultimate aim is to harness the full potential of every individual and, at the same time, ensure that the skills developed are relevant to contemporary and forward-looking needs (European Commission, 2022). Furthermore, as outlined in the Digital Decade strategy, “digital skills, basic and advanced, will be essential to reinforce our collective resilience as a society” (Digital Skills and Jobs Platform, 2021). Therefore, it is essential to promote a growth mindset and a genuine desire for lifelong learning for a sustainable future. This applies in every workplace and even more so for professionals in computing-related fields such as cybersecurity.

Although cybersecurity is traditionally considered as a subfield of computer science which focuses on the security of devices, in reality it is a highly multidisciplinary and integrated field (Burrows et al., 2022), requiring domain expertise from the social sciences as well as the science, technology, engineering, mathematics, and, more recently, arts (STEAM) fields to model, predict, investigate, understand and prevent attacks. The field of cybersecurity focuses on all aspects of securing computing systems – politics (Cavelty, 2019), policies, regulations and standards, psychology, ethics and sociology, all of which raise legal, ethical and social implications regarding how information is stored, processed and transmitted (Burrows et al., 2022). Cybersecurity professionals deal with a broad spectrum of roles ranging from ensuring the security, safety and privacy of individuals and systems as they interact with traditional computing devices, to insuring that advanced and distributed systems support modern-day society (Gonzalez-Manzano and de Fuentes, 2019). The multidisciplinary nature of cybersecurity is not evident to many individuals; initiatives should increase visibility of the multidisciplinary nature of cybersecurity and highlight the range of skillsets that would be useful in this domain. The significance of adopting a skills-first multidisciplinary approach (Hulatt and Stavrou, 2021) is recognised by key stakeholders including policymakers, standards authorities (e.g. IEEE Standards Association Board (IEEE Digital Reality, 2020)), businesses and cybersecurity communities of practice (CoPs) (Fisk et al., 2023). These institutions collectively promote the vision that successful cybersecurity professionals need to demonstrate both technical and transferable skills, in addition to relevant academic qualifications and renewed professional certifications (Stavrou, 2023).

Several broad policy implications stem from this vision, such as the need for preparing the workforce for emerging jobs and changes to existing ones; empowering the workforce with a mix of skills to prepare for the changing nature of work and help them succeed in the digital world of work; getting ready for a massive (re)training challenge; addressing concerns about emerging forms of work; and improving social support and social protection through an inclusive approach to ensure no one is left behind (Organisation for Economic Co-operation and Development (OECD), 2019). As emerging technologies and digital transformation are embraced for the betterment of society, key policy areas need to be put forward to address the ethical and societal issues, including cybersecurity, privacy and data protection, public safety, product safety and accountability (IEEE Digital Reality, 2020). The role of policymakers, companies, professional learning providers and educational institutions is core for attending to these multifaceted needs and addressing skills shortage and gaps (European Union Agency for Cybersecurity (ENISA), 2021).

2.2 Pedagogical and professional frameworks

As the educational theorist John Dewey asserted, “education in order to accomplish its ends both for the individual learner and for society must be based upon experience – which is always the actual life-experience of some individual” (Dewey, 1938). Dewey calls attention to two principles which are fundamental in the constitution of experience, the principles of “interaction” and of “continuity” which portray the value of experience. Based on these tenets, successful pedagogies need to embrace experiential learning, experimentation, authentic and purposeful learning, freedom, collaborative learning opportunities and be inherently open-ended, continuous, progressive and adaptable. The latest “Innovating Pedagogies” reports, explore several approaches that embrace many of these features, including: pedagogies of microlearning and micro-credentials emphasising the development of workplace skills; the pedagogy of autonomy founded on building capacity for freedom and independent learning; well-being education (Kukulska-Hulme et al., 2022); pedagogies using AI tools (Kallonas et al., 2024), Metaverse for education, challenge-based learning for rising to challenges to benefit individuals and societies; entrepreneurial education empowering students to become change agents in society, working relationally in interdisciplinary and professional boundaries; and pedagogies enabling learners to “see themselves in the curriculum” (Kukulska-Hulme et al., 2023).

The importance of multidisciplinary interactions (Hulatt and Stavrou, 2021; Burrows et al., 2022), participatory approaches (Fisk et al., 2023), adopting collaborative models for professional development (Ayala et al., 2023; Furnell et al., 2022), creating effective partnerships (Burrows et al., 2022) and connections between formal education and cybersecurity CoPs (Fisk et al., 2023), capitalising on authentic, real-life or out-of-class learning experiences (Kam and Katerattanakul, 2019) and promoting continuing education that feeds directly into career profiles (Ayala et al., 2023) is accentuated in the context of cybersecurity education. These approaches are associated with positive learning outcomes, such as stimulating learners intellectual growth (Kam and Katerattanakul, 2019), developing research skills (Hulatt and Stavrou, 2021), problem-solving and problem management competencies (Kam et al., 2020) and envisioning their career goals more clearly (Kam and Katerattanakul, 2019).

Alongside the associated learning theories, pedagogies and taxonomies (World Economic Forum (WEF), 2024a), various professional frameworks have surfaced illuminating the shift towards the development of cybersecurity competencies and professional cybersecurity qualifications. These frame the necessary skills, competencies and knowledge to meet the requirements of specific cybersecurity professional role profiles. For example, the European Union Agency for Cybersecurity (ENISA) has published the European Cybersecurity Skills Framework (ECSF) which serves as a practical tool to support the identification and articulation of tasks, competences, skills and knowledge associated with key roles of cybersecurity professionals (ENISA, 2023). Creating a common understanding of these roles, competencies, skills and knowledge can facilitate cybersecurity skills recognition and, in turn, support the design of cybersecurity related training and educational programs. Another well-known framework is the National Initiative for Cybersecurity Education (NICE) published by the US National Institute of Standards and Technology (NIST), which standardises the understanding and communication of cybersecurity work and learner abilities, aiming to enhance talent identification, recruitment, development, and retention discussions within the broader cybersecurity ecosystem (US National Institute of Standards and Technology (NIST), 2022b). NIST also proposed the cybersecurity framework (US National Institute of Standards and Technology (NIST), 2022b) along other training resources (US National Institute of Standards and Technology (NIST), 2023) such as educational courses, webinars and instructional videos for helping businesses to learn about the latest threats and educate their staff about best practices focused on five functional areas (identify, protect, detect, respond and recover) to manage threats. Another notable framework is published by the UK Cybersecurity Council. Specifically, the Council created the Cyber Career Framework (ukcybersecuritycouncil.org.uk, 2024) that contains detailed information on 16 different cybersecurity specialisms, covering an introduction to each specialism, information related to typical responsibilities and tasks of each job role and the skills and knowledge required. The framework is expected to be used by practitioners to plan out a possible career in cybersecurity. These initiatives and frameworks demonstrate an increasing emphasis on developing competencies in cybersecurity. They serve as effective tools that can be utilised by key stakeholders, including individual learners, early-career cybersecurity workers, professionals, learning providers and employers, to familiarise with different role profiles and professional pathways, and engage in learning activities to advance their knowledge and skills.

2.3 Challenges in cybersecurity education and re-upskilling

Despite the pedagogical foundations and professional frameworks at hand, several challenges exist when pursuing competency development in cybersecurity. Identifying which cybersecurity qualifications or professional certifications match a learners’ needs that can lead to the development of specific competencies related to the profile of a new targeted role, is not always straightforward (Furnell, 2021). Not having a clear view, can lead to pursuing the wrong certification. Even though there is an increasing array of available tools, educational theories and skills frameworks, the upskilling turnover still appears to be slow. For instance, the time it takes cybersecurity professionals to become proficient is estimated to be three to five years (Oltsik, 2020) which is a long time given the rapid changes in the field and the accelerated digital transformation. This essentially means that by the time they acquire the proficiency it becomes obsolete. The lack of hands-on, practice-oriented instructional materials (Furnell et al., 2022) is another factor that adds to the challenge of upskilling, especially given that cybersecurity is a hands-on domain. Moreover, although both technical and transferable skills are pursued, the latter are less emphasised in formal education (Furnell et al., 2022) even though they are in high demand in the industry (World Economic Forum (WEF), 2023b). The challenge becomes even greater when developing interventions for cultivating professional cybersecurity competencies across disciplines to attend to the multidisciplinary nature of the cybersecurity domain (Furnell and Stavrou, 2023); this is not a trivial endeavour (Hulatt and Stavrou, 2021) given the diverse needs and expectations that need to be accommodated.

3.1 The premises of self-efficacy

Self-efficacy refers to people’ beliefs in their capabilities to produce afforded attainments, or otherwise the notion that one can achieve what one sets out to do (Bandura, 1997). The theory proposed by psychologist Albert Bandura is based on the tenet that those with high self-efficacy expectancies/beliefs are more effective, healthier and generally more successful than those with low self-efficacy expectancies/beliefs (Bandura, 1997). Nevertheless:

One cannot be all things, which would require mastery of every realm of human life. […] Thus, the efficacy belief is not a global trait. […] Scales of perceived self-efficacy must be tailored to the particular domain of functioning that is the object of interest (Bandura, 2006).

Self-efficacy prevails as an “attitude” in the broader skills realm (World Economic Forum (WEF), 2024b). Therefore, any endeavour to fostering self-efficacy needs to be adapted and personalised, yet seamlessly and explicitly embedded in learning experiences.

In the field of cybersecurity, self-efficacy entails an array of qualities:

• exhibiting motivation and self-awareness;

• having a clear picture of strengths (cybersecurity skill sets and competencies) and weaknesses (cybersecurity skill gaps);

• displaying eagerness to explore opportunities for cybersecurity-related knowledge and skills expansion;

• establishing forward-looking learning paths and career objectives in the cybersecurity realm;

• demonstrating adaptability within diverse cybersecurity roles and career paths; and

• having a mindset for growth and lifelong learning.

These elements collectively comprise a positive and motivated attitude towards academic attainment, personal development and professional growth. In line with current trends and the call for adopting a skills-oriented approach in education, we argue that developing self-efficacy attitudes should be set as one of the priorities of educational policies and curricula design, endorsing “self-efficacy” as an attitude that can be fostered, learned or enhanced. We envision “self-efficacy edification” as the basis for attaining further competencies and for capitalising the digital transformation and the everchanging needs and challenges characterising the modern world of work.

3.2 Fostering self-efficacy edification for upskilling and reskilling

The “Global Skills Taxonomy” (World Economic Forum (WEF), 2024b) emphasises the skills, knowledge, abilities and attitudes that empower people to pursue lifelong learning and become job resilient and successful in the global economy. The taxonomy includes five broad categories of skills, knowledge and abilities (physical abilities, cognitive skills, management skills, engagement skills, technology skills) and three core attitudes (self-efficacy, working with others and ethics) which collectively define a comprehensive and generic corpus of constructs. Developing self-efficacy is further extended into four key areas: motivation and self-awareness; curiosity and lifelong leaning; dependability and attention to detail; and resilience, flexibility and agility (Figure 1). These are discussed next in a motivated effort to explore how they can serve as the foundation for effectively addressing the skill gaps in current jobs and the skill needs of future jobs. While the emphasis is on the utilisation of these constructs in a cybersecurity context, their generic nature constitutes them transferrable to other domains:

• Motivation and self-awareness: Cybersecurity learners and professionals should reflect upon their existing competences and self-assess their strengths and weaknesses considering the array of technological and social changes. This motivated self-assessment will subsequently guide them to explore new learning paths and pursue career roles that fulfil their aspirations. During one’s self-awareness journey, cultivating a strong motivational component is an essential drive for exploring new opportunities for learning and employability, take initiative to set their own learning path and career goals and work independently to achieve them.

• Curiosity and lifelong learning: To become a successful cybersecurity professional presupposes a positive attitude towards continuous learning and development. During this personal transformation that can lead to skills progression, learners should demonstrate a curiosity towards exploring new needs rising from technological advances and societal challenges. Curiosity can be cultivated by exposing learners to resources that can ignite their interest to investigate them further, discover new ideas and opportunities for learning, realise what competencies are needed to take benefit of the identified opportunities and pursue personal development.

• Dependability and attention to detail: Reinforcing lifelong learning and self-awareness is a challenging endeavour, as setting personal goals and pursuing them requires a variety of skills. Mentoring, training and higher education can empower learners to develop skills such as attention to detail, critical and analytical skills, identifying current and future needs, setting personal goals mapped to strengths, weaknesses, opportunities and threats, taking ownership and controlling their own learning path, time management and prioritisation to create realistic professional development plans, amongst other skills.

• Resilience, flexibility and agility: In the context of self-efficacy, resilience, flexibility and agility attributes are essential elements that can contribute towards a successful career path. These can be fostered by gaining a solid industry awareness and recognising that workplace needs shift and change. Embracing change can prompt learners to adjust their career goals and tailor their learning plans. Moreover, in the new economy, it is essential for individuals to learn to accept criticism, reflect upon it and take action to improve accordingly. This can be achieved by inviting constructive feedback from mentors and guidance for improvement. It is essential to appreciate that re-upskilling and personal development plans will need to change or be adjusted to reflect new priorities, adversities or labour market needs. By being able to adjust and re-up skill, individuals can achieve job sustainability.

Self-efficacy skills also rank high among the highest in-demand skills across all jobs (Figure 2) (World Economic Forum (WEF), 2023b). This reinforces the need to embed “self-efficacy edification” at the core of any learning experience (higher education or professional training curricula) with the vision to make learners self-aware (through reflection, self-appraisal, formative and summative assessments) of their current state of attainment and, in turn, enhance their capabilities to produce the desirable skills and competencies. Based in these values, we constructed and delivered a novel cybersecurity curriculum, formulating the learning objectives in such a way so they address all dimensions of self-efficacy. The curriculum is briefly presented in Section 4.

4.1 Cybersecurity curriculum learning objectives

Professional development in cybersecurity encompasses a range of subtle and complex aspects that may not be immediately apparent to individuals seeking to either initiate or enhance their careers in this domain. To address this challenge, new curricula should be structured to develop appropriate skills and knowledge, emphasising professional growth. This involves encouraging learners to purposefully direct their learning activities and foster continuous personal advancement. The recommended curriculum outlined in Table 1 adheres to guidelines extracted from previous relevant studies (Parrish et al., 2018; Stavrou, 2020), and it specifies learning objectives to answer the “why–what–how” sequence towards formulating a professional development strategy.

Initially, the curriculum put emphasis to explain the rationale behind the necessity for consistent planning in professional development, laying the groundwork for sustained career progression. Subsequently, it delves into two pivotal questions: “What specific skills and knowledge are required for particular job roles of interest in cybersecurity?” and “Which resources can be effectively utilised for professional development in this sector?”. Addressing these questions ensures an authentic, tailored and relevant learning experience is crafted. Finally, the curriculum shifts its focus to guide learners in the creation of a practical and executable professional development plan. This strategic “why–what–how” methodology is designed to equip learners with a strong understanding of their career prospects, aiding them in setting precise career objectives and outlining the steps necessary to achieve these goals. This holistic approach not only imparts necessary knowledge and skills but also empowers learners to navigate their professional journeys in cybersecurity with clarity and confidence – hence promoting an efficacious learning experience.

4.2 Self-efficacy attitudes addressed by the learning objectives

The proposed curriculum specifies four thematic areas to promote the learning objectives specified in Table 1, covering:

1. cybersecurity career pathways and competencies to increase awareness on career options, inspire learners to identify areas of interest and take note of required skills and knowledge (LO1, LO2, LO4 and LO6);

2. opportunities to develop skills and knowledge so that learners obtain a clear view of what opportunities to pursue for their professional development (LO3, LO5 and LO6);

3. professional certifications relevant to roles of interest to realise certification requirements and how to achieve them (LO5, LO6, LO7 and LO8); and

4. cybersecurity competencies evaluation and professional development planning to critically reflect on the current skills and knowledge and plan how to professionally evolve (LO6, LO7 and LO8).

The four thematic areas are discussed below, briefly analysing the learning activities that can cultivate self-efficacy attitudes.

Developing self-efficacy attitudes can be very beneficial in activating motivation for learning and pursuing continuous professional growth. Fostering these attitudes is also perceived as a promising approach to accelerate skills development, contributing to effectively addressing the skills’ gap in cybersecurity. Table 2 shows which self-efficacy attitudes are addressed by each learning objective. For example, learning objective “LO2: Understand industry needs and qualifications needed in the cybersecurity job market’ is promoting both ‘Motivation and self-awareness’, and ‘Resilience, flexibility and agility’”. This mapping was produced considering the learning activities as discussed next. The proposed cybersecurity curriculum can serve as a point of reference to demonstrate how self-efficacy attitudes can be cultivated for upskilling in cybersecurity in the context of the four key areas listed in the “Global Skills Taxonomy” (World Economic Forum (WEF), 2024b): motivation and self-awareness; curiosity and lifelong leaning; dependability and attention to detail; and resilience, flexibility and agility.

The proposed curriculum delivers educational content to familiarise learners with the cybersecurity skills frameworks such as ECSF (ENISA, 2023), NICE (US National Institute of Standards and Technology (NIST), 2022a) and UK Cyber Career framework [(ukcybersecuritycouncil.org.uk, 2024)], and empower them to explore various cybersecurity roles. By providing insights into these frameworks, the curriculum ensures that learners gain a spherical understanding of the various roles, responsibilities and competencies required in the cybersecurity job market. Moreover, by exposing learners to a broad spectrum of roles, the curriculum fosters a deeper comprehension of the industry’s needs and the specific qualifications each role demands. This realisation is the first step towards achieving agility and flexibility, as it can empower learners to adapt to the rapidly changing industry needs by pursuing upskilling based on the job roles that are on demand.

Self-awareness is cultivated by empowering learners to identify the level of their current competences compared to a job role of interest. The curriculum familiarises the learners with SWOT analysis, guiding them to identify their strong aspects, their weaknesses, opportunities for growth and threats that might limit their professional development efforts. This introspective activity aims to enable learners to recognise their strong points which can be leveraged as key assets in their professional journey, and to acknowledge their weaknesses, viewing them not as barriers but as areas for development and growth. Cultivating self-awareness, in combination with industry-awareness knowledge and realisation of the cybersecurity domain needs, can motivate individuals to pursue upskilling, taking benefit of career opportunities that arise.

Once self-awareness is achieved, learners are guided to create their professional development plan, structuring appropriately their personal career goals. This plan is not a static document but a living blueprint for career progression, subject to refinement and evolution. Learners are guided to structure their career goals thoughtfully, integrating their personal strengths and aspirations with the needs and opportunities of the cybersecurity sector. Through the guided activity, focusing on creating professional development plans, learners can build analytical skills and demonstrate attention to detail by identifying industry needs and trends. In addition to recognising industry trends, attention to detail also plays a vital role in setting realistic career goals and developing a tailored execution plan. By outlining specific milestones and regularly assessing progress, learners can effectively track their professional development and make necessary adjustments to their plans. Constructive feedback from experienced professionals plays a pivotal role in this process, ensuring that the development plan is not only aspirational but also pragmatic and achievable.

In essence, the combination of self-awareness and industry-awareness serves as a driving force for learners, fostering a forward-thinking attitude and resilience. This mindset is critical in cybersecurity, where professionals must not only anticipate and adapt to new challenges but also proactively engage in lifelong learning to remain relevant and effective in their roles. This comprehensive approach to professional development, grounded in self-awareness and industry understanding, can equip learners to navigate the complexities of the cybersecurity landscape successfully, both now and in the future. This approach ensures that their learning trajectory is both focused and adaptable, aligning with the dynamic nature of the cybersecurity domain. This consistent approach to professional development, in combination with a commitment to continuous learning, promotes dependability which is paramount to cybersecurity domain.

Moreover, the curriculum emphasises the critical importance of staying current in the rapidly evolving field of cybersecurity. It teaches learners various strategies to remain up-to-date with the latest industry developments, tools and practices. This includes practical guidance on registering for industry newsletters, which serve as a valuable source of information on trends, breakthroughs and best practices. Newsletters from leading cybersecurity organisations provide a continuous stream of insights and updates, ensuring that learners are always aware of the latest happenings in the field. Networking is another key aspect covered in the curriculum. Building a professional network through industry conferences, seminars, online forums and social media groups opens doors to knowledge exchange, mentorship opportunities and insights into emerging industry challenges. Networking not only keeps learners informed but also enhances their professional visibility and connectivity in the cybersecurity community. Furthermore, the curriculum encourages regular practice, enabling learners to reinforce theoretical knowledge and stay proficient in the use of current cybersecurity tools and techniques. Also, being able to locate resources, use discovery techniques and prompt engineering to explore new industry needs and identify opportunities for learning is a core skill for cultivating lifelong learning competencies. Such exploration and attention to detail can ignite the interest and curiosity of learners, effectively engaging them in their educational journey, promoting a positive attitude towards upskilling and lifelong learning and fostering dependability.

In a labour market where needs may suddenly shift, individuals should demonstrate a range of self-efficacy attitudes to be able to handle adversities, identify new career opportunities and control their personal and professional growth. These aspects have been the inspiration for the design of the proposed curriculum.

4.3 Feedback from learners

The curriculum was delivered in the context of a postgraduate, synchronous, distance cybersecurity program, to a cohort of adult learners (n = 38) with varying working experience. Most learners (91%) were working professionals, with a mixture of participants in terms of work seniority (ranging from no experience (8%) to 1–5 years (50%), to 6–9 years (8%), to over 10 years of experience (34%)). After the curriculum delivery, the learners completed a questionnaire to evaluate the delivered content, its usefulness to assist them in planning for their professional development, and their learning experience in general. Responses were submitted anonymously, and no sensitive information was requested.

Overall, the learners’ feedback was very positive and confirmed the value of introducing innovative and forward-looking curricula emphasising self-efficacy attitudes in higher education. Some indicative verbatim comments are extracted from the responses to demonstrate how learners’ perceived the learning experience: “very helpful and informative”, “topics discussed were very helpful”, “very interesting, […] never thought that I should take actions like the ones covered to look for a job”, “highly useful and innovative compared to other courses taken”, “an excellent idea that drives my professional plan”, “[…] ‘forced’ me to look into various certificates in depth to understand what I am most interested in. It was the first time I entered this process, which will be very useful in my future career!”, “topics we covered are quite satisfactory and have helped me to a great extent for my professional development”, “very useful regarding my future career”. The learners’ comments provide insights on their positive attitude and enthusiasm towards upskilling and development. Furthermore, encouraging results have been reported, indicating that learners enhanced their self-awareness and dependability, demonstrating a lifelong learning mentality. A high percentage of learners (87%) reported that they will maintain the plan that was created in the context of the proposed curriculum to pursue their professional growth. This outcome is very encouraging, confirming the need to integrate such innovative, efficacious activities in academic curricula, cultivating a lifelong learning mentality and empowering learners to become job resilient in the case of shifting industry needs.

5.1 Cultivating self-efficacy in cybersecurity

It is projected that by 2027 there will be a 50% change in the skillsets attached to jobs (Kimbrough, 2022) and that by 2030 more than one billion people will need to reskill as new technologies penetrate the labour markets (World Economic Forum (WEF), 2023b). Nevertheless, there is a way forward. According to the World Economic Forum (WEF) managing director:

The good news is that there is a clear way forward to ensure resilience. Governments and businesses must invest in supporting the shift to the jobs of the future through the education, reskilling and social support structures that can ensure individuals are at the heart of the future of work [World Economic Forum (WEF), 2023a].

The “Reskilling Revolution” agenda and other initiatives have been launched with the aim to empower people with better education, skills and economic opportunities by 2030 [World Economic Forum (WEF), 2023c]. This brings to the foreground the value of education, the genuine need for continuous skills development, as well as the role of social aspects and human factors in creating a resilient workforce which can sustain its employability status when labour markets undergo sudden changes.

In the context of this research, which is situated in the field of cybersecurity, demonstrating self-efficacy means being self-aware, having a clear perception of the current level of competencies possessed, being curious to investigate what opportunities are available to expand one’s learning paths, setting new growth targets and being flexible to adjust these learning paths and pursue diverse job opportunities. Developing self-efficacy skills should be a top priority in higher education to prepare the future workforce to identify and develop its talent, and it should be embedded transparently in educational policies and curriculum. To support this priority, higher education needs to include learning activities that cultivate self-efficacy skills.

The focus of this research on self-efficacy is instigated by three incentives. First, the need to reinstate the workforce’s confidence, trust and mental health and well-being following the rapid social, business and technological changes which have disrupted the way we learn, work and live in recent years and resulted in increased levels of anxiety, demotivation and uncertainty. Second, the need for resilience, flexibility and adaptation, placing an emphasis on “embracing change” rather than merely restoring balance. By default, every “new normal” is different, thus being agile and having the ability to swiftly adjust prior knowledge to new problems should lie at the core of any learning initiative. Finally, the need to enable willingness to learn, intrinsic motivation and self-awareness and drive for personal and professional development.

As novel technologies emerge and become more widely accessible by non-expert users, the responsibilities of cybersecurity professionals become more critical. They need to be at the forefront of technological advances, familiarise with novel policies and mechanisms devised to handle the legal, social, ethical, professional and geo-political implications emerging technologies raise, or propose new ones. Safety, security and privacy concerns are intertwined with emerging technologies, hence professionals in the field need to be able to adjust and demonstrate intellectual curiosity, critical thinking, and problem solving. Fostering self-efficacy is a driving force to ensure these professionals remain resilient and effective in addressing the complex challenges posed by an ever-evolving cyber threat landscape.

5.2 The role of higher education in fostering self-efficacy

Higher education has a significant role in cultivating not only practical skills and competences, but also the attitudes and values that drive the right mindset for personal and professional growth and lifelong learning. Therefore, higher education can contribute to bridging the skills gap for diverse job roles, motivating learners to learn, empowering them to control their learning path and develop their talents.

This means that the right skills can be developed for the right job role, giving people the chance to flourish, to improve their talents and to connect to the right employability opportunity when adversity transforms labour market needs. This research work considers the four broad categories of self-efficacy [World Economic Forum (WEF), 2024b] as the basis to investigate the attitudes that are essential to make people to want to learn, and to progress their skills effectively throughout their life.

Fostering self-efficacy attitudes should be set as a priority in higher education to prepare the future workforce to identify, nurture and develop talents. This should be embedded transparently or “seamlessly” in educational policies and curricula. More specifically, the learning objectives defined should be mapped with each of the four self-efficacy attitudes. To demonstrate how this can be achieved, we presented a case study in postgraduate cybersecurity education. The choice was both opportunistic (having access to postgraduate students, module and curriculum design) and purposeful, since the target group captures graduates, early career workers and professionals (Stavrou and Polycarpou, 2020).

5.3 Future challenges

It is noteworthy to observe that although businesses continue reporting self-efficacy attitudes as part of their upskilling and reskilling priorities for the period 2023–2027 [World Economic Forum (WEF), 2023b], their ranking is decreased as other strategic priorities take presence such as “AI and big data” and “leadership and social influence”, pushing down self-efficacy related skills. Therefore, although businesses recognise that self-efficacy is important for their workforce, this is not sufficiently reflected in their upskilling strategies. Another appealing yet alarming observation is that specific sectors such as information and technology services and education and training sectors have prioritised very low in their upskilling and reskilling strategies focusing on self-efficacy. This suggests that more collective efforts are needed for these industries to realise the importance of cultivating self-efficacy as a driving force to address the skills gaps. If students, aspiring and working professionals are not effectively engaged with learning and attuned to a growth mindset, they will not be able to effectively develop their skills. This means that the right skillset/talent will not be able to match emerging work opportunities. Therefore, the primary focus in the ongoing reskilling revolution [World Economic Forum (WEF), 2023c] should be on fostering self-efficacy and a growth mindset to ensure that the workforce is adaptable, resilient and capable of meeting the demands of an evolving job market.