Panel 3 The Need For Cyber Security Expert

MY DIGITAL WORKFORCE WEEK
WEBINAR KERJAYA INDUSTRI TEKNOLOGI DIGITAL:

KUASAI KEMAHIRAN KUASAI MASA DEPAN
1
Copyright © 2020 CyberSecurity Malaysia
PEOPLE CERTIFICATION:
THE NEED FOR CYBER SECURITY EXPERTS
19th August 2021

Ts. Zafreida Zahrullayali, CyberSecurity Malaysia
2
CYBER SECURITY BREACHES IN MALAYSIA
Earlier in September 2019, CIMB systems has been allegedly hit by data breach. Some IT security services provider are of the view that systems
are vulnerable to cyber attacks usually from within the organisations.
In same month, the media reported that budget airlines such as Malindo Air and Thai Lion Air acknowledged massive data breaches which began
in August, with the airlines eventually addressing them.
Recently, several universities have been hit by data breaches including Universiti Sabah Malaysia (UMS) and Universiti Malaya (UM).
In October 2019, University of Malaya ‘s (UM) e-payment page A hacker group known as BreachDB stole personal data of thousands
was defaced by hackers resulting in personal data of UM students from UMS in November 2019, and put up a post on Twitter
academic and non-academic staff leaked on an anonymous file offering for sale 50,000 of the personal data for US$50 (RM210) in
sharing site. bitcoin.
3
BACKGROUND
CYBER SECURITY WORKFORCE SHORTAGE
Source (ISC)2 Cybersecurity Workforce Study 2020
4
PROBLEM STATEMENTS
1. Shortage of cyber security personnel

capable of mitigating cyber-attacks and
reviving business operation.
2. Requirements of effective programmes to
ensure cybersecurity experts have the right
knowledge, skills, attitude and experience
continuously.
5
6
MALAYSIA COMPUTER EMERGENCY RESPONSE TEAM (MyCERT) INCIDENTS REPORT
Year 2020
Cyber
security
Incident
Statistics
(MyCERT) Year 2021
Top 3 highest incidents reported for the past 5
years :
- Social Engineering
1. Fraud
2. Intrusion
Technology
3. Malicious Code
6
CYBERSECURITY TALENT DEVELOPMENT METHODOLOGY
CYBER SECURITY CAPACITY BUILDING FRAMEWORK
Cybersecurity Talent Acculturation Receipients

Current Workforce
Short courses (competency &
professional courses), joint recognitions,
continuing professional development
IHL Students
Through alignment with industry
requirements, professional
development, certifications & practical.
1.Primary & secondary schools

2.Public at large
Through Outreach acrtivities,

awareness programs & public-private
collaboration
OBJECTIVES
To nurture cyber security
To nurture cyber security To nurture cyber security
professionals that are capable in
knowledge groups and/or practitioners that are technically
strategizing, planning and
individuals that are resilient to capable and proficient in the
executing cyber security
cyber security incidents operation
initiatives
7
CYBER SECURITY CAPACITY BUILDING FRAMEWORK
Global ACE Certification

https://www.cybereducationscheme.org
CyberGuru
https://www.cyberguru.my
CyberSAFE
https://www.cybersafe.my
8
CYBER SECURITY CAPACITY BUILDING ASPIRATIONS
Professional
Associate
Student
8
▪ Evolving in parallel with technology
▪ Adopting holistic strategy and through the use of new cyber tools 9
▪ Effectively applying cyber security fundamentals with innovative features and techniques
▪ Strengthening Public-Private-Academia Partnership and International Collaboration
9
CYBERSECURITY PROFESSIONAL
• Personnel with strategic capability in strategizing, planning and

executing cybersecurity initiatives.
• Responsible to advocate high standards of
ethical conducts with up-to-date
knowledge and skills that underpin
professionalism and competent practices.
• Systematically participate in the Continuing Professional
Development (CPD) plans addressing the emerging cyber
security needs and trend within the country and region.
10
Copyright © 2020 CyberSecurity Malaysia 10
1
MALAYSIA SCENARIO
ITU GLOBAL CYBER SECURITY INDEX 2020 - Malaysia is ranked 5th. in Global Ranking
CAPACITY
COUNTRY GCI SCORE LEGAL TECHNICAL ORGANIZATIONAL COOPERATION
BUILDING
11
CYBERSECURITY MALAYSIA
12
ABOUT CYBERSECURITY MALAYSIA
• A technical cyber security agency under the Ministry of Communications and Multimedia Malaysia
• Started operation as the Malaysia Computer Emergency Response Team (MyCERT) in year 1997
and later “rebranded” as CYBERSECURITY MALAYSIA in 2007
MINISTRY OF COMMUNICATIONS
AND MULTIMEDIA MALAYSIA
1997 2001 2005 2007 2018
NISER was officially Aug 2018

registered as CSM is put under
CyberSecurity Malaysia the purview of
(CSM) and put under Ministry of
the purview of MOSTI Communications
and Multimedia
20 Aug 2007 Malaysia
CSM was launched by
The Prime Minister of
Malaysia
13
C y b e r S e c u r i t y M a l a y s i a
14
GLOBAL ACE CERTIFICATION
The Global ACE Certification is a large-scale systematic plan of actions &

arrangements to establish the certification plans for Cybersecurity
Professional in collaboration with Government Agencies, Industry Partners
and Institute of Higher Learnings (IHLs)
Professional certifications are industry driven & vendor neutral.

Foundation to:
• Assure workforce capabilities and experiences
• Secure and validate core skills, knowledge, attitude and
experience
• Assure trustworthiness, ethical conducts and responsibilities
The Global ACE Certification is developed in tandem with international

standards such as ISO/IEC 17024 on people certification, ISO/IEC 27001 on
security management and ISO 9001 on process.
15
GOAL & OBJECTIVES
GOAL
To create world class competent work-force in cyber

security and promote the development of cyber
security professional programmes within the region
OBJECTIVES
1 To establish a 2 To provide cyber security 3 development
To promote the
professional certification professionals with the right of cyber
programme that is knowledge, skills, attitude security professional
recognized globally (KSA) and experience programmes globally
3 ensure accredited personnel has been independently assessed and

4 To
committed to a consistent and high-quality service level
16
GLOBAL ACCREDITED CYBERSECURITY EDUCATION
CERTIFICATION (GLOBAL ACE CERTIFICATION) SCHEME
A holistic framework of cyber

security professional certification
that outlines:
Identification and classification

1 of cybersecurity domains
2 Independent assessments
3 Impartiality of examinations
4 Competencies of trainers
The requirements of
5 professional memberships
17
PARTICIPATIONS IN THE GLOBAL ACE CERTIFICATION
PROGRAMMES
Universities:
Professional Training Providers:
Strategic Partners:
18
GLOBAL ACE CERTIFICATION RECOGNITIONS
8TH OIC-CERT ANNUAL GENERAL

OIC-CERT APPROVAL MEETING @ JEDDAH, KINGDOM OF
13 Dec 2016 SAUDI ARABIA
INITIATED THE MBOT CYBER SECURITY

MBOT APPROVAL SECTOR
27 July 2017
APPOINTED TEP & SIGNED MOU
APPROVAL OF ADVANCE PENETRATION

DEPARTMENT OF TESTING NATIONAL OCCUPATION SKILLS
SKILLS, MOHR STANDARD (NOSS)
Sept 2018 APPROVAL OF CYBER SECURITY
INDUSTRY LEAD BODY (ILB) - 2019
WINNER FOR THE WSIS PRIZES 2020

CATEGORY 5
BUILDING CONFIDENCE AND SECURITY
7 Sept 2020 IN THE USE OF ICTS
19
JABATAN PEMBANGUNAN KEMAHIRAN
CYBERSECURITY INDUSTRY LEAD BODY (ILB)
a) CyberSecurity Malaysia is the Industry Lead

Body (ILB) for the cyber security sector
appointed by the Department of Skills
Malaysia.
b) Developed the first cybersecurity NOSS -
Advanced Diploma in Penetration Testing &
Assessment (TVET Level 5).
c) The TVET syllabus consist of 5 compulsory
cybersecurity Competency Unit (CU) and 4
elective cyber security Competency Unit (CU).
20
KSA DESCRIPTORS
No KSA Descriptors No KSA Descriptors
1 ISMS Internal Auditor 14 Penetration Testing (Network)
2 Digital Forensic First Responder 15 Penetration Testing (Validator)
3 Information Security Awareness Manager 16 Internet of Things (IoT) Security
4 Penetration Tester 17 Cloud Security Auditor
5 Secure Application Practitioner 18 Smart Card Reader Security Analyst
6 Intrusion Detection, Monitoring and Prevention Analyst 19 MyCC Certifier and Evaluator
7 Windows Forensics 20 Data Security Analyst
8 Business Continuity & Disaster Recovery 21 Security Operations Centre Analyst

9 Operating Systems (Security) 22 Cybersecurity Awareness Educator
10 Incident Handling and Network Security 23 Forensics Analyst
11 Computer Networking (Security) 24 Cyber Law Practitioner
12 Penetration Testing (IoT) 25 Cybersecurity Risk Manager
13 Penetration Testing (Mobile Device) 26 IoT Blockchain Practitioner 21
CERTIFIED TRAINING PROGRAMMES
Global ACE Certification Upcoming Programmes (By

Programmes 2022)
❖ Certified Penetration Tester

❖ Certified Data Security Professional • Certified Industrial Control System
❖ Certified Secured Applications Security Analyst
Practitioner • Certified Smart Card Reader
❖ Certified Digital Forensics First • Certified IoT Blockchain
Responder Practitioner
❖ Certified Information Security • Certified Cyber Law Practitioner
Management System Auditor
• Certified Cyber Forensics Analyst
❖ Certified Information Security
Awareness Manager • Certified Cybersecurity Risk
Manager
❖ Certified Incident Handling and
Network Security • Certified Secure Web Application
(PHP) Developer
❖ Certified MyCC Evaluator
❖ Certified IoT Security Analyst
22
GLOBAL ACE CERTIFICATION MEMBERSHIP TYPES
STUDENT
Working
ASSOCIATE Experience: 20 CPD
To maintain
MEMBER Below 5 points/year
Years
Working
PROFESSIONAL Experience: 40 CPD
To maintain
MEMBER More than 5 points/year
years
23
MUTUAL RECOGNITION THROUGH
GLOBAL ACE CERTIFICATION RECOGNITION ARRANGEMENT
Global ACE Certification Recognition Arrangement allow mutual recognition of certified cyber
security professionals, which create value for cyber security industry and participating countries. 12
countries have shown interest to join the scheme as country chapters.
AZ Chapter IR Chapter
EG Chapter AE Chapter
NG Chapter BN Chapter
OM Chapter ID Chapter
SD Chapter BD Chapter
PK Chapter KZ Chapter
Knowledge, Skills & Attitude

Professional Examinations
Global ACE Certification
Professionals Credential
Mutual Recognition Areas
Registered Trainers
Registered Training Programs
24
GLOBAL ACE CERTIFICATION OUTCOMES
A common platform of cyber security capacity

building and lifelong learning
Inclusiveness, equitable and quality cyber security

education in the region
Cyber security professionals with the right

Knowledge, Skills, Attitude (KSA) and experience
Professional certification programmes that are

recognized globally
25
INTIATIVES BY CYBERSECURITY
MALAYSIA AS INDUSTRY LEAD BODY
ENDORSED BY JPK
26
CYBERSECURITY MODULAR PROFESSIONAL
CERTIFICATION
A collaborative project between:
Cyber Security NOSS Level 5:

Technology Field
Advance Diploma in 27
Penetration Testing & Assessment
Objective:
1. Produce cyber security professionals with multiple skill sets to
address the industry needs and support the government’s TVET
Initiative
2. Enhance cyber security professionals’ capabilities in mitigating cyber
threats
3. Provide a fast-track pathway to obtain the Malaysian Skills Advanced
Diploma (DLKM) under the Malaysia Act 652
4. Create a common platform of cyber security capacity building and
lifelong learning
27
Modular Professional Certification
a) The Cyber Security Penetration Testing and Assessment Competency Unit (CU) syllabus are aligned
with the relevant Global ACE Certifications during design.
b) Embed Global ACE Certification certified examinations with JPK’s PPA assessment requirements.
c) Acquired Global ACE Certification training programmes namely CIPA, CITA and CPT to fulfil 5 Core
CUs and either CSAP or CCDA certification to fulfill the elective CUs.
d) Upon passing the relevant Global ACE Certifications certified examinations, candidate is eligible to
apply for JPK’s Partial Certification leading towards the full DLKM (Advanced Diploma) certification
of in Penetration Testing & Assessment.
No Competency Unit Global ACE Scheme Certified Exam with PPA JPK Certifications
Advance Diploma In Penetration

Partial
1 Computer Network Protocol Analysis (CO1) Certified IP Associate (CIPA)
Certification
Testing & Assessment

Compulsory CUs
2 Secure Operating Systems Management (CO2) Partial

Certified IT Associate (CITA) Certification
3 Network Service Analysis (CO3)
4 Penetration testing (CO4) Partial

Certified Penetration Testing (CPT) Certification
5 Risk & Vulnerability Assessment (CO5)
6 Intrusion Detection & Monitoring (EO1)

Certified Cyber Defender Associate (CCDA) Partial
7 Intrusion Prevention (E02) Certification
8 Application Security Testing (E03) Certified Secure Application Practitioner Partial

(CSAP) Certification
9 Database Security Testing (E04)
28
1. DEVELOPMENT OF NOSS CYBER SECURITY
PENETRATION TESTING AND ASSESSMENT.
(2019)
2. DEVELOPMENT OF NOSS DIGITAL FORENSICS
FOR FIRST RESPONSE OPERATIONS (2020)
3. OCCUPATIONAL FRAMEWORK FOR CYBER
SECURITY FIELD (2020)
29
CYBERSECURITY MODULAR PROFESSIONAL CERTIFICATION STRUCTURE
The applicant must have:

1. At least 7 years of
working experience in
Cyber Security related
areas Evaluate Applicant’s
Provide Global ACE Laporan Pengalaman
Certification examinations & Keterampilan Terdahulu
Align Global ACE Certification
recognition: (LPKT)
examinations to address 5
1.Certified IP Associate (CIPA) core CUs and 4 elective CUs.
2. Passed the self- 2.Certified Information Technology Award Diploma Lanjutan
Associate (CITA) Kemahiran Malaysia
assessment, SISTEM 3.Certified penetration Testing
Award Partial NOSS
Certificates for Successful (DLKM) in Cyber Security
Candidates Penetration Testing &
KREDIT KEMAHIRAN (CPT)
Assessment
4.Certified Secure Application
MALAYSIA (SKKM) Practitioner (CSAP) dan
5.Certified Cyber Defender

according to the Associate (CCDA)
requested module/
CUs
Participants can obtain the Advance Diploma in about 3 months’ time as compare with the usual pathway that requires at least 2
years full-time study. Target audience is working adults from industry and academia
30
CYBERSECURITY MODULAR PROFESSIONAL CERTIFICATION
WAY FORWARD
1. Application For the Advanced Diploma in Penetration Testing and Assessment

Qualified applicants can proceed to apply via MySPIKE portal.
Further information on how to apply can be obtained at the MySPIKE portal.
2. Benefits
1. Validate professional competence through Global ACE Certification
2. Opportunity to obtain:
• Cyber security Certifications, MBOT Recognition & TVET Credentials
• Professional Membership
3. Equip yourself with a variety of skills
4. Obtain Advanced Diploma within a short period
5. Facilitate the path for career development in cybersecurity field
6. Increase marketability through the recognition by JPK, CyberSecurity Malaysia and MBOT along with support from
government and industry.
31
MODULAR PROFESSIONAL CERTIFICATION
(MPC) ROAD SHOWS IN 2019
32
CYBERSECURITY MODULAR PROFESSIONAL
CERTIFICATION ROAD SHOW IN 2019
33
(CYBER SECURITY PENETRATION TESTING & ASSESSMENT
AWARENESS PROGRAMME AND REFRESHER COURSE IN 2020
34
CYBER SECURITY PENETRATION TESTING & ASSESSMENT
AWARENESS PROGRAMME AND REFRESHER COURSE
➢ 1,691 attendees participated in both Cyber Security Penetration Testing and Assessment
Awareness and Refresher Course Webinar (26-27 Nov 2020)
➢ 3 refresher courses conducted on second day.
➢ Received positive feedback from participants.
35
MALAYSIA DIGITAL ECONOMY BLUEPRINT
DIGITAL TALENT CLUSTER:

CYBERSECURITY MALAYSIA PROGRAMMES AND
INTIATIVES
36
CYBERSECURITY MALAYSIA INVOLVEMENT IN DIGITAL TALENT
CLUSTER
THRUST 6 : SECTOR :
THRUST 4 :
Building trusted, secure and ethical Professional Services
Developing agile digital talent
digital environment
STRATEGY 1: STRATEGY 1: INITIATIVE

Integrate digital skills in primary and Strengthen security and ethics in Introduce sector-based digital skills
secondary education digital activities and transactions development schemes to enhance
existing professional services sector
workforce skills
STRATEGY 2:
Reposition the focus of vocational
and tertiary education from work -
specific skills to competencies and
adaptability
STRATEGY 3:
Retrain current workforce with the
digital skills needed to remain
relevant
37
CYBERSECURITY RELATED JOB AREAS
Incident Handling &

Digital Forensic
Response
Security Operation Outreach and Capacity

Building
Compliance
Risk & Governance
Security Solution Cryptography

Engineering
Global ACE Certification CyberGuru

https://www.globalace.org
Further info/enquiries https://www.cyberguru.my
38
39

Panel 3 The Need For Cyber Security Expert

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Panel 3 The Need For Cyber Security Expert

Uploaded by

Copyright:

Available Formats

MY DIGITAL WORKFORCE WEEK

WEBINAR KERJAYA INDUSTRI TEKNOLOGI DIGITAL:

19th August 2021

Source (ISC)2 Cybersecurity Workforce Study 2020

1. Shortage of cyber security personnel

MALAYSIA COMPUTER EMERGENCY RESPONSE TEAM (MyCERT) INCIDENTS REPORT

CYBER SECURITY CAPACITY BUILDING FRAMEWORK

Cybersecurity Talent Acculturation Receipients

1.Primary & secondary schools

Through Outreach acrtivities,

Global ACE Certification

• Personnel with strategic capability in strategizing, planning and

1997 2001 2005 2007 2018

NISER was officially Aug 2018

The Global ACE Certification is a large-scale systematic plan of actions &

Professional certifications are industry driven & vendor neutral.

The Global ACE Certification is developed in tandem with international

To create world class competent work-force in cyber

3 ensure accredited personnel has been independently assessed and

A holistic framework of cyber

Identification and classification

Professional Training Providers:

8TH OIC-CERT ANNUAL GENERAL

INITIATED THE MBOT CYBER SECURITY

APPROVAL OF ADVANCE PENETRATION

WINNER FOR THE WSIS PRIZES 2020

a) CyberSecurity Malaysia is the Industry Lead

1 ISMS Internal Auditor 14 Penetration Testing (Network)

2 Digital Forensic First Responder 15 Penetration Testing (Validator)

3 Information Security Awareness Manager 16 Internet of Things (IoT) Security

4 Penetration Tester 17 Cloud Security Auditor

5 Secure Application Practitioner 18 Smart Card Reader Security Analyst

7 Windows Forensics 20 Data Security Analyst

8 Business Continuity & Disaster Recovery 21 Security Operations Centre Analyst

Global ACE Certification Upcoming Programmes (By

❖ Certified Penetration Tester

Knowledge, Skills & Attitude

A common platform of cyber security capacity

Inclusiveness, equitable and quality cyber security

Cyber security professionals with the right

Professional certification programmes that are

A collaborative project between:

Cyber Security NOSS Level 5:

Advance Diploma In Penetration

Testing & Assessment

2 Secure Operating Systems Management (CO2) Partial

4 Penetration testing (CO4) Partial

6 Intrusion Detection & Monitoring (EO1)

8 Application Security Testing (E03) Certified Secure Application Practitioner Partial

The applicant must have:

5.Certified Cyber Defender

1. Application For the Advanced Diploma in Penetration Testing and Assessment

Further information on how to apply can be obtained at the MySPIKE portal.

5. Facilitate the path for career development in cybersecurity field

DIGITAL TALENT CLUSTER:

STRATEGY 1: STRATEGY 1: INITIATIVE

Incident Handling &

Security Operation Outreach and Capacity

Security Solution Cryptography

Global ACE Certification CyberGuru

You might also like