Cybersecurity Talent Landscape Costa Rica and Panama...Cybersecurity Talent Landscape ... Practitioner (CASP+) Cisco Certified Network Professional Security ... the course of design

Cybersecurity Talent Landscape – Costa Rica and Panama

December 2018

22

AGENDA


Costa Rica: Cybersecurity Talent Deep Dive

Overview and Talent Stack Of The Global Cybersecurity Industry

Panama: Cybersecurity Talent Deep Dive

33

Global Cybersecurity Overview: A potential $6 trillion problem

Note: The represented data has been collected from cybersecurity ventures, CSO online, multiple sources and DRAUP Proprietary Database updated as of Dec, 2018

> $120 BillionValue of Cybersecurity Industry in 2017

$134 BillionGlobal Spending on Cybersecurity in 2017

$6 TrillionIn damages caused by cyber attacks by 2021

~200,000 Cyber Incidents targeting Businesses in 2017

(2x higher than the incidents that occurred in 2016)

Top Affected Industries

8996

102

117

126134

143

2012 2013 2014 2015 2016 2017 2018

1%

10%

18%

17%

33%Information Communications Technology

Manufacturing

Retail

Professional Services

(2014)

Financial Services

Top affected firms

(2013)(2011)

(2017)

(2011)

(2014) (2014)

(2005) (2017)

(2017)

~2,00,000 Cybersecurity incidents and attacks in 2017

Cybersecurity Spend (in USD Billions)

44

Certifications in Cybersecurity have accelerated talent upskilling and enabled employees to command higher compensations

Beginner Intermediate Advanced Expert

CompTIA A+

Microsoft Technology Associate: Security

Fundamentals

CompTIA Security+

CompTIA CySA+

CompTIA PenTest+

Cisco Certified Network Associate Security

SANS GIAC Certified Incident Handler

SANS GIAC Information Security Professional

EC Council Certified Ethical Hacker (CEH)

EC Council Computer Hacking Forensic Investigator

EC Council Certified Network Defender

GIAC Certified Intrusion Analyst

CompTIA Advanced Security Practitioner (CASP+)

Cisco Certified Network Professional Security

ISC² Certified Secure Software Lifecycle Professional

ISACA Certified Information Systems Auditor

CSA Certificate of Cloud Security Knowledge

GIAC Security Leadership Certification

GIAC Certified Enterprise Defender

Security University GIAC Certified Enterprise Defender

Cisco Certified Internetwork Expert -Security

Securing Cisco Networks with Threat Detection and Analysis

Certified Information Systems Security Professional (CISSP)

ISACA Certified Information Security Manager

Mile 2 Certified Penetration Testing Engineer

Note: The above list of certifications is non-exhaustive and the analysis shows the most commonly accepted Cybersecurity certifications found from CompTIA and curated by DRAUP Research Team

55

Cybersecurity Tech Stack spans across 3 major verticals: Security Architecture/Orchestration, Security Operations and Research Center and Identity Management

Note: The represented data is a stack derived by analysing multiple Cybersecurity profiles and job postings. This domain clustering is defined by DRAUP’s Talent Module updated in Dec, 2018

Domain Roles

• Enterprise Security Architect• Network Security Engineer• Cloud Security Arhcitect• Network Security Architect• Security Solutions Architect• Information Security Consultant• Security Practice Architect

Risk, Governance & Compliance Management

• Cryptographer• Analyst End Point

Security• Backup/Security

Administrator• Systems Security

Analyst

• Analyst Compliance Audit • Privacy & Compliance Officer• Cybersecurity Risk Manager

• Engineer – Risk, Audit & Compliance • GDPR Programme Manager • IT Risk & Compliance officer

Cyb

erS

ecu

rity

Te

ch-S

tack

• Analyst Identity and Access Management

• Access Control Administrator

• IAM Engineer• Active Directory

Engineer

• SIEM Engineer• Security Operations Lead• Junior Threat Monitoring

Analyst• Threat Monitoring SOC

Analyst• Intrusion Detection

Specialist

• Security Engineer (Incident Response)

• Senior Incident Handler

• Incident Response Analyst

• Incident Responder

Security Architecture/Orchestration

Enterprise-wide Encryption Strategy

Cloud Security Architecture

Network Security Architecture

E2E Secure System build

Proxy/Content Filtering

Vulnerability Management

Network Application/Firewall

Data Loss Prevention (DLP)

Endpoint Protection

Security Operation and Research Center

Threat Monitoring

Threat/Attack Mitigation

Log Analysis

Encryption and Data Masking

NetFlow Analysis

Backup & Site Recovery

Forensic Investigation

Penetration Testing

Incident Response

SIEM

Identity Management

Identity Protection

Account creation/deletion

Access Management

CredentialingRemote Access &

Authentication

Backup/Recovery Planning

Security Policies & Procedures

Network Segmentation

Threat Prevention Threat Detection Incident Management

Software Developer/Engineer Roles: Develop Software Systems and Tools to be used across the Cybersecurity Value ChainSoftware Development

66

Clusters Description Responsibilities (Not exhaustive) Technical Skills

Security Architect

A Security Architect designs, builds and oversees the implementation of network and computer security for an organization.

• Plan, research and design robust security architectures.

• Determine security requirements by assessing business strategies, conducting system security, vulnerability analyses and risk assessments

• Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.

• Develop and implement security policies and procedures such as authentication rules, security escalation procedures and encryption routines

• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers.

Skills:• Perimeter security controls – firewall, IDS/IPS,

network access control and network segmentation.

• Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies

• Router, switch and VLAN security; wireless security.

• Network security architecture development and definition

Certifications:CISSP, CISSP – ISSAP, CISM, CEH, CSSA,GSEC/GCIH/GCIA.

A Security Software Developer does one of two things: 1) Develops security software2) Integrates security into applications software during the course of design and development

Security Software Developer

• Develop a company-wide software security strategy.

• Create new software systems or forensic tools.

• Participate in the lifecycle development of software systems using agile methodologies.

• Design and build proof of concept prototype solutions.

• Leverage attack tools to test your work for software vulnerabilities.

• Take a leadership role in software design, implementation and testing.

Skills:• C, C++, C#, Java, ASM, PHP, PERL• TCP/IP-based network communications• IP security• Relational databases (e.g. SQL, MySQL, SQLite,

etc.)• Hypervisors (e.g. VMware, KVM, etc.)• Python Experience in HTML/CSS• XML/Web Services, AJAX• Cloud computingCertifications:ECSP, CSSLP, GSSP – JAVA, GWEB, GSSP - .NET,CEH, CES.

1)

2)

List of 4 unique job clusters and definitions extracted from sample profiles (1/2)

Roles

• IT Security Architect• Security Infrastructure Architect• Security Architecture Consultant• Information Security Architect• Cloud Security Architect• Network Security Architect• Security Solutions Architect

• Security Engineer (Software Development)

• Software Developer• Cybersecurity Developer• Security Tools Developer• Application Security

Engineer• Security Software Engineer

Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018

77

Security Operations

A Security Operations Engineer is responsible for regular development, monitoring and maintenance of security infrastructure, rapidly addressing security incidents and threats within an organization.

• Perform security audits, risk analysis, network forensics and penetration testing

• Create a program development plan that includes security gap assessments, policies, procedures, playbooks, training and tabletop testing.

• Develop a procedural set of responses to security problems & identify security flaws and vulnerabilities among servers, systems and network devices.

• Establish protocols for communication within an organization and dealings with law enforcement during security incidents

• Liaison with other cyber threat analysis entities.

Skills:• C, C++, C#, Java, ASM, PHP, PERL• eDiscovery tools (NUIX, Relativity,

Clearwell, etc.)• Security frameworks (e.g. ISO

27001/27002, NIST, HIPPA, SOX, etc.)• Forensic software applications (e.g.

EnCase, FTK, Helix, Cellebrite, XRY, etc.)• Enterprise system monitoring tools• Vulnerability analysis and reverse

engineering• Metasploit framework• Cloud computingCertifications:CEH, CCE, GCFE, GCFA, GCIH, GCIA, CCFE,CPT, CREA, GCFA, CISSP, OSCP, GPEN

3)

List of 4 unique job clusters and definitions extracted from sample profiles (2/2)

Clusters Description Responsibilities (Not exhaustive) Technical Skills Roles

• Incident Responder• Security Engineer

(Incident Response)• Senior Incident Handler • Incident Response Analyst • Penetration Tester• Threat Monitoring Analyst• Threat Monitoring SOC Analyst• Intrusion Detection Specialist.• Analyst Identity and Access

Management• Ethical Hacker• Forensic Investigator• Vulnerability Analyst• Access Control Administrator


CryptographerDevelops algorithms, ciphers and security systems to encrypt sensitive information, analyzes and decrypts any type of hidden information (e.g. encrypted data, cipher texts, telecommunications protocols) in cryptographic security systems.

• Design robust security systems to prevent vulnerabilities & test computational models for reliability and accuracy

• Develop statistical and mathematical modelsto analyze data and solve security problems.

• Protect important information frominterception, copying, modification and/ordeletion.

• Evaluate, analyze and target weaknesses incryptographic security systems and algorithms

Skills:• C, C++, Python, Java and similar

programming languages.• Linear/matrix algebra and/or discrete

mathematics.• Computer architecture, data structures

and algorithms.• Principles of symmetric & asymmetric

cryptography.• Probability theory, information theory,

complexity theory and number theoryCertifications:CES certification

4) • Secure Computation Researcher

• Machine Learning Security Researcher

• Offensive Security Researcher – AI

• Encryption Engineer• Cryptologist• Encryption Specialist

88

Workload focus areas : Deep dive analysis of key focus areas across the 4 Job families

Security Systems Monitoring

Security Analysis

Security Architecture Development

Incident Response

Penetration Testing

Forensics

Malware Research & Analysis

Security Audit

Threat Intelligence Analysis

Security Project Management

Risk Analysis & Management

User Awareness Training

Intrusion Detection

Security Software & Tools Development

Endpoint Security Management

Technical Writing

Architect & Orchestrators (1) Cryptography & Research (4)Software Development (3)Engineering & Operations (2)

Medium

Low

High

Medium

High

High

Medium

High

High

Low

Low

Low

Low

Low

Low

High

Medium

Low

High

Medium

High

High

Low

High

Medium

High

Low

High

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

Low

High

High

High

Low

Low

Low

Low

Low

High

Low

Low

Low

Low

Low

Low

Low

High


High

Medium

Medium

Medium

Focus Area

Indicates workload across job families

Clusters

99

Hiring Intensity: Traditional roles such as Security Engineers are the most hired/filled jobs in both Costa Rica and Panama, while new age roles such as Intrusion Analyst, Penetration Tester and Crypto Analyst are gaining demand recently

Hiring Intensity Heat Map – Period at which a particular role is hired the most


2013

2014

2015

2016

2017

2018

Yea

r

Security Architect

Security Operations

DevOps Engineers

Security QA Engineer

Security Engineer

(Operations)

Security Software

Developer

Crypto Analyst

Incident Responder

Threat Responder

Network Security Engineer

Vulnerability Tester

Penetration Tester

Intrusion Analyst

Companies massively hired these roles due to the cost advantage and scale of operations these locations offered

Maturing cyber-security talent supply and certification courses along with the low cost advantage drove companies to hire more roles in Cryptography and Risk Management clusters

Adoption of new age technologies among the tech companies increased the demand of new age cybersecurity skills in the areas of Cryptography and threat analysis

1010

AGENDA





1111

Services sector contributes to a large proportion of GDP. This sector employs ~69% of the overall talent

Population: ~4.9 Million

Literacy level: ~97.8%

Top Spoken Languages: Spanish, English

Ethnicity: Castizo (66%)

Total labor force: ~2.2 Million

Unemployment rate*: ~9%

Median age: ~32 years

Sex ratio: 50 Female/ 50 Male

GDP : ~57.4 Billion

GDP growth rate: ~3.4%

Percentage of workforce in different industries

Costa Rica’s exports in technology, information and communication (ICT) is US$3.3 billion, which is ~5.8%

of the Gross Domestic Product (GDP)

Total Workforce : ~2.2 Million

A total of 300 tech companies, ~24% of which are Fortune 100 have operations in Costa Rica. In 2016

alone 2/3rd of these companies expanded their operations in Costa Rica

Costa Rica has a constant flow of STEM talent at ~7% every year, while the growth of IT graduates stands at

~4% annually

Source : Costa Rica Census BureauNote: The represented data has been collected from multiple NEWS sources and DRAUP Proprietary Database

1212

Talent Dashboard: ~67% of the installed cybersecurity talent pool falls under the Security Operations cluster

1.a

~4,500

~3,000

~350

Total Relevant Cybersecurity talent pool

Security Operations Engineer

Directly Relevant Talent Pool

Note : DRAUP’s Talent Simulation Module was used to analyze talent by location and skill sets


Security Architect

• Network Security Administration• Security Engineer

Sample Roles *

• Software Developer• Security Software Developer

• Information Security Architect• Security and Solution Architect

~850

*Listed roles are a sample set and are not exhaustive** The overall talent might be less than the number due to overlap of skills

Cryptographer ~300 • Cryptographer• Cryptanalyst

70-80 DaysAverage time taken to fill cybersecurity jobs across

various levels

~65%Organizations doesn’t find perfect talent for

cybersecurity roles

~30-35%Of current cybersecurity talent hold atleast one

security related certification

~3-5 JobsPosted everyday for Cybersecurity related

roles

5-8%

BFSI

Software & Internet

Telecom

Others

65-70%

5-8%

10-14%

Vertical level cybersecurity talent split

• Cyber Security Analyst• Cyber Security Engineer

• Information Security Application Developer• Security Software Engineer

• Information Security Engineer• Security Architect

• Researcher• Cryptologist

1313

Skill-level Analysis: Large proportion of employed talent pool is skilled in core cybersecurity skills such as TCP/IP Security, Firewall Management and Risk Assessment

TCP/IP Security 1,600Firewall

Management1,040

Risk Assessment

950

Encryption 260Ethical

Hacking240

Malware Analysis

200 DNS Security 200

Forensics 150Penetration

Testing160

Incident Response

150Identity Access Management

130

Cryptography 100Vulnerability

Testing90 Web Security 80

Intrusion Detection

80

Note: DRAUP’s Talent Simulation Module was used to analyze talent by skill sets

Sub Netting 55

Network Access control

15Threat

Intelligence20

SIEM 200

Top cybersecurity skills talent

** The overall talent might be less than the number due to overlap of skills

1414

Location Hotspot: San Jose and Heredia Province employs >95% of the installed cybersecurity talent in Costa Rica. These locations hosts the major technology employers from the Software & Internet, BFSI and Telecom verticals

Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database

Hotspot Top Employers Universities

Key Insights

IntelHPE

Cognizant

BAC Credomatic

Microsoft

CiscoOracle

IBM

Academia Natraj

Universidad Central

Texas Tech Costa Rica

• San Jose Province and Heredia Province are the key hotspots for cybersecurity talent in Costa Rica

• More than 95% of the installed cybersecurity talent is spread across these two locations. San Jose houses ~30 – 35% of the installed talent, while Heredia has the remaining ~60 – 65% of the total installed cybersecurity talent in Costa Rica

• America Free Zone, a major tech park in the Heredia Province is home to large MNCs such as Dell, Amazon, IBM, HP, HPE, NTT Data, VMware, Experian, Citrix, Intertec and Teradyne

• Distrito Financiero, Lindora Park Free Zone and Ultra Park Free Zone in San Jose Province is home to top MNCs like Microsoft, Akamai, Cisco, Oracle, BAC Credomatic

San Jose ProvinceHosts Software and Telecom

MNCs

Heredia ProvinceHotspot for Software & Internet

and BFSI MNCs

San Jose Province

Heredia Province

Akamai

Cartago Province

Emerging Location

Lead University

1515

Costa Rica – MSA Deep Dive: Heredia Province has the highest cybersecurity talent in Costa Rica, employing about ~60-65% of the total installed talent

Heredia : ~60 - 65% Cybersecurity Installed TalentSan Jose : ~30 - 35% Cybersecurity Installed Talent

~4,400 – Cybersecurity Talent Spread Across San Jose Province and Heredia Province

Peer Employers Extended List

Emerson Automation Solutions SPC International

Juniper Networks GBS Data Corporation

Western Union Invinsec

Sungard Availability Services Millicom

Oracle Zenedge

Walmart Q6 Cyber

Teleperformance Adistec

Banco de Costa Rica SISAP

Consulting Group Trustnet Information Security

Conzultek Brightstar Corporation


Experian Cargill

Sykes Enterprises, Incorporated Cheetah Digital

Micro Focus Desert Development Company

Citrix Dell

Equifax FIFCO

VMware Kaspersky Labs

Fujitsu CSS Corp

3M First Data

Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets

1616

Costa Rica: Top Employer Profiles for Security Architect talent pool

~50

~40

~20

~20

~20

Top Employers & Headcount Job Titles Workloads

• Security Architect• Information Security Engineer• Security Correlation Engineer• Cloud Security Architect

• Security Architect• Security Solution Architect• Information Security Architect

• Security Architect• Security Solution Architect

• Cloud Security Engineer• IT Security Architect• Security Solution Architect

• Determine security requirements by assessing business strategies, conducting system security, vulnerability analyses and risk assessments

• Design, review and develop functional and technical security requirements• Design and incorporate security controls in new legacy and in-progress environments

with general IT transitions and upgrades

• Implement and troubleshoot issues on working firewalls with technologies such as SNMP, failover, load balancing, DNS, NAT and DHCP

• Configure and set routing protocols to communicate networks and implement failover solutions

• Troubleshoot and support Intrusion Prevention Systems to large-scale sectors

• Create, test and implement disaster recovery plans• Design and build automation systems for secure review, deployment and continuous

validation of cloud infrastructure• Design internal escalation processes with backup and recovery services and design

robust security architectures

• Analyse and initiate activities to optimize and enhance enterprise security service architecture

• Provide architectural support for the implementation of information security initiatives and deployment of solutions

• Design security architecture elements to mitigate threats and security solutions


• Security Analyst• Security Architect• Information Security Analyst

• Design authentication rules, security escalation procedures, encryption routines and implement security policies

• Develop and implement processes with standards, procedures and guidelines based on risk assessment and analysis

• Manage and configure security services for multi-vendor network devices

1717

Core ResponsibilitiesCore Responsibilities

Costa Rica: Security Architect : Sample Talent Profiles

Carlos Lopez ChinchillaEducation: Diploma in Information Technology Networking at Latin University of Costa Rica

• Prepare security standards, policies, procedures and install application patches to verify data collection and backups

• Analyse IT security risks to optimize the SIEM system capabilities and audit the logging features of the event and log sources

• Develop an enterprise Security Architecture strategy, blueprint and reference architectures using CIBC architecture standards

AWS Certified Security Solution ArchitectExperience in Current Role: 2+ YearsTotal Experience: 11+ Years

Marcelo RuizEducation: Computer and Information Security Certification at Bureau Veritas Certification North America, Inc

• Design and implement Risk Assessment LITE application to determine an application's criticality to withstand downtime events and risks

• Deploy security services for platforms to provide compliance to BC/DR policy of Portfolio application

• Analyse endpoint security solutions which include File Integrity Monitoring and Data Loss Prevention

• Develop and enforce business group information security policies and evaluate new security technologies

Information Security ArchitectExperience in Current Role: 2+ YearsTotal Experience: 40+ Years

• Implement, test and fine-tune Akamai's Cloud Security Solutions such as Web Application Firewall for DDoS Protection and Web Application Controls

• Configure, implement and troubleshoot security based Cisco-Checkpoint Firewalls, Tipping Point IPS, Websense BlueCoat Proxys

• Develop and execute test cases and scripts for solutions with analysis on different technical aspects including Web Performance solutions and Cloud Security

Luis Diego RagaEducation: Bachelor of Science(BS) System Engineering at Latin University of Costa Rica

Senior Security Solutions ArchitectExperience in Current Role: 6+ MonthsTotal Experience: 13+ Years


Core Responsibilities

• Configure, implement and troubleshoot security based Cisco-Checkpoint Firewalls, Tipping Point IPS, Websense BlueCoat Proxys

• Detect changes on configuration of the devices and troubleshoot hardware issues to identify root cause and proceed with RMA

• Design and deploy different security solutions which includes scanning software (VMS), monitoring QRadar, Juniper and IPS

Gerardo Barrios E.Education: Bachelor Degree Computer System Networking and Telecom, University of Costa Rica

Network Security EngineerExperience in Current Role: 4+ YearsTotal Experience: 9+ Years


1818

Costa Rica: Top Employer Profiles for Security Operations Engineer talent pool

~230

~170

~120

~85

~75


• Network Security Administrator• Security Administrator• Security Engineer

• Security Delivery Specialist• Network Security – Threat Intelligence

Analyst• Security Engineer

• Cyber Security Analyst• Network Cyber Security• Information Security Engineer

• Network and Security Engineer• Cybersecurity Engineer• Information Security Expert

• Senior Network Security Engineer• Security Operations Analyst• Cyber Security Specialist


• Create and support internal solutions related to security incidents and threats• Proactively monitors company security systems for unhandled issues and threats• Perform basic vulnerability scans using vendor utility tools• Monitor the security audit and intrusion detection system logs for system and network anomalies

• Design and develop an innovative security ecosystem enablement framework and provide roadmap using the security content and resources

• Analyse events, flows, alerts and advance analysis of potential security incidents• Develop and deliver customer presentation regarding security and enhancing the security posture

• Analyse security events in compliance with HIPAA and federal regulations using Arcsight and Qradar• Monitor the SIEM system patches and upgrades, installing application, verifying data collection, verifying

backups are running and complete• Perform the product evaluations and recommends products/services for network security

• Securely develop and support internal security/administrative tools and reports• Implement ongoing security improvements for foundational infrastructure stack and administrative

environment for the security and IT operations• Investigate, troubleshoot and improve process in applications for enhancing the information security

• Maintain the integrity and security of enterprise-wide cyber systems and networks• Correlate actionable security events and develop unique correlation techniques• Integrate, configure and test the computer and network security solutions to manage the

network/system's firewalls and intrusion detection systems

1919

Costa Rica: Security Operations Engineer: Sample Talent Profiles

Eugenio JimenezEducation: Business Administration, University Florencio del Castillo


• Monitor, analyse and determine threat to a network, server or other devices based in logs, traffic flows and information provided by security devices and software across the network

• Identify potential vulnerabilities that could be exploited to gain unauthorized access or disrupt on systems and implement solutions in case of vulnerabilities

• Analyse events, flows, alerts and advance analysis of potential security incidents

• Improve the security posture and mitigate different attacks based on trend analysis

SIEM Security AnalystExperience in Current Role: 2 YearsTotal Experience: Years

Carlos LopezEducation: Information Technology, Castro Carazo University


• Architecture design for security tower as a lead, including cost model, necessary force for T&T and technical design

• Implement security solutions such as Trend Micro Host Intrusion Prevention, SIEM, Juniper, Cisco and Checkpoint firewalls, Onsite Aggregators, Vulnerability scanners

• Architectural involvement on new and current deployments

Security ArchitectExperience in Current Role: 2 YearsTotal Experience: 15 Years

Leonardo Guzman

Education: International University of the Americas


• Develop and manage the security for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise

• Develop and implement the security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)

• Use tools and technology to identify threats and generate actions for due diligence

Security EngineerExperience in Current Role: 3 YearsTotal Experience: 12 Years


• Design and development of NGFW, Firepower, ASA, IDS/IPS, VPN

• Reviewing/configure/troubleshoot Security technologies from Mid to Large Scale Networks

• Collect and analyse the syslog messages, system debugs or traffic captures to identify root cause for unexpected behaviours or misconfiguration issues

• Second level support for SOC) / Triage and analysis of security incidents, security research / SOC Infrastructure owner

Information Security SpecialistExperience in Current Role: 3 YearsTotal Experience: 18 Years


Roberto Buján UgaldeEducation: MS Cyber Security Information Security, Latin American University of Science and Technology

2020

Costa Rica: Top Employer Profiles for Security Software Developer talent pool

~55

~45

~40

~40

~40


• Security Engineer• Software Developer• Security Software Development Engineer

• Software Security Developer• Software Development Lead• Software Quality and Security Engineer• Information Security Application Developer

• Security Software Developer• Cyber Security Developer• Software Developer(Security and Cloud)

• Security Software Developer• Software Developer• Security Software Development Engineer• Software Engineer - Security

• Software Developer• Security Engineer• Security Software Engineer

• Drive and develop ArcSight – HP’s enterprise security software• Handle the complete testing and QA tasks for the ArcSight investigate software • Develop software tools and applications for the secure development processes• Design and implement security features in software systems• Review threat models of applications and overview quality issues of these applications

• Develop new software systems and forensic tools• Plan, design, develop and test software systems and applications for security software

enhancements • Create and maintain identity & access management applications, architecture, and

standards for delivering enterprise identity, access, and authentication services

• Develop and test IBM security products to ensure its functions are according to the specifications based on client requirements

• Deep dive on the software stacks to troubleshoot any issues while developing the security software

• Design and develop software for system integration platforms

• Design and develop high-performance software focused on enterprise security and networking needs

• Develop security framework and create libraries using RESTful architecture for client applications

• Drive the entire QA life cycle for the security software

• Designing new forensics tools and security software systems • Design solutions and create proof of concept ideas for security software tool• Monitor the development phases of an application project for the organization and

ensure the security of the developed software tool


2121





Costa Rica: Security Software Developer : Sample Talent Profiles

Olman Rojas EspinozaEducation: Bachelor Degree Computer Engineering at UNED

• Build the ground reliable security software services in IBM Cloud to deliver highly scalable services

• Build engineering automation and productivity tools to streamline and scale applications in the production environment

• Design, build and automate solutions for running mission-critical and scalable workloads for cloud security

• Build, maintain and manage security policies for cloud infrastructure

Security Software DeveloperExperience in Current Role: 6 MonthsTotal Experience: 19 Years

Mauricio OrtunoEducation: Masters Degree Information Technology Management at National University of Costa Rica

• Design and develop Identity and Access security applications

• Develop internal business applications and test anti-malware software to all endpoints at Intel

• Develop and maintain web applications for the Corporate Quality Network organization within Intel Corporation

• Analyse, design, develop and deploy critical business application requirements

Software Development LeadExperience in Current Role: 3 YearsTotal Experience: 14 Years

• Provide support to the clients to deploy the developed security tools

• Support software development and automation efforts for the security tools and software

• Perform software development and quality assurance for security software and tools

• Document the software development lifecycle for future reference

• Develop security software and integrate security into software during the course of design and development

• Design, develop, troubleshoot and debug software programs for software enhancement and new products

• Provide guidance and mentor staff members for security software systems design

• Maintain secure design and development for providing highly efficient tools to ensure a secure code

Leonardo GuzmanEducation: International University of the Americas

Security engineer Experience in Current Role: 3+ YearsTotal Experience: 11 Years

Diego Villalta DelgadoEducation: Master Degree Computer and Information Systems Security/ Information Assurance at VIU - International University of Valencia

Security Software EngineerExperience in Current Role: 2+ YearsTotal Experience: 8 Years


2222

Costa Rica: Top Employer Profiles for Cryptographer talent pool

~30

~15

~15

~15

~10


• Security Analyst(Cryptography)• Cryptographic Analyst• Cryptographer

• Cryptographic Architect• Cryptography and Security Researcher

• Cryptographic Security Analyst• Cyber Threat Analyst

• Cryptographic Analyst• Cryptographic Security Engineer

• Cryptographer• Cryptanalyst

• Prepare security standards and interface different hardware devices with secure communication between different hardware

• Analyse and update new developments in computer and network vulnerabilities, data hiding and encryption

• Analysis of data logs from multiple network devices for real network security threats

• Design and develop cryptographic and security based solution• Analyse principles of asymmetric cryptography such as asymmetric encryption, key

exchange, digital signatures• Develop computer architecture, data and algorithms to identify security vulnerabilities

• Monitor, investigation and response to cyber security incidents, analysis of incident trending with development of security architecture

• Design algorithms, data structures based on cryptography and data security related activities

• Design crypto based security architecture elements to mitigate threats

• Basic support to low level component design, implementation and technical change to support technology systems

• Design of models based on Security services and Cryptography services• Identify, report, manage and mitigate risk within a defined risk appetite with

cryptographic strategies

• Refactor legacy code to support up to date standards on cryptography and current hardware architectures

• Development and maintenance of business intelligence product used to extract, transform and load from different input files or databases

• Analyse public key cryptography (PKI) and encryption methodologies


2323

Costa Rica: Cryptographer: Sample Talent Profiles

Jorge CamachoEducation: Security Certified Professional,Fidelitas University


• High level Analysis of data logs from multiple network devices to determine possible cyber attacks to be false positive, false negative or real network security risk

• Analyse and decipher encryption systems with development of new encryption algorithms, statistical and mathematical models

• Design, develop, integrate and update technical security based solutions for confidentiality, integrity, availability, authentication and non repudiation using public key algorithms

Cyber Threat AnalystExperience in Current Role: 2+ MonthsTotal Experience: 7+ Years

Randy Varela CorderoEducation: Information System Security, Latin American University of Technology


• Design and develop hardware security modules with programming and cryptographic solutions

• Design and configure encryption protocols on networks and troubleshoot connectivity issues and associated VPN technologies

• Implement, test and deployment of Akamai platform configurations with development and execution of test cases and scripts for solutions

Cryptographic Security AnalystExperience in Current Role: 2+ YearsTotal Experience: 5+ Years

• Resolve the vulnerabilities in AWS and Azure accounts and implement server health dashboard for service transition from non-automated environment

• Install and configure server certificates based on cryptography using PKI for compliance and create own certificate authorities

• Design of models using cryptographic hash algorithms, encryption and decryption process

• Monitor and Analysis of cryptographic services infrastructure with incidents log into Service Now management

• Diagnose software malfunctions, troubleshoot configuration issues and provide implementation recommendations for all models of Cisco Firewalls, NGWF and ACS

• Develop encryption solutions using API with cyber security strategic plans

Francisco HuertasEducation: Cisco CCNA,Cisco Netacad


Cryptographic AnalystExperience in Current Role: 9+ MonthsTotal Experience: 7+ Years

Katherine SerranoEducation: Information System Engineering, National University

Cybersecurity AnalystExperience in Current Role: 3+ YearsTotal Experience: 6+ Years



2424

Costa Rica – Talent Demand Analysis: Security Operations Engineer, DevOps Engineer and Vulnerability Testing job roles are the most in-demand job roles in the past 3 months


Security Architect Incident Response Threat Response Security Operations Network SecurityEngineer

DevOps Engineers Security QA Engineer Penetration Tester Vulnerability testing Security Engineer(Operations)

Intrusion Detection Security SoftwareDeveloper

Security ToolsDeveloper

Cryptoanalyst

3% 83% 9% 5%

Architect and Orchestrators Engineering & Operations Software Development Cryptography & Research

5 - 10

15 - 20

20 - 25

50 - 55

10 - 15

25 - 30

15 - 20

10 - 15 10 - 15

25 - 30

5 - 10

15 - 20

5 - 10

10 - 15

Cybersecurity Job Openings for the past 3 Months in Costa Rica

Job Openings Distribution by Job Clusters

2525

Leading universities such as University of Costa Rica and Cenfotec University offers large number of courses in Cybersecurity

~20+Total Number Of Universities In Costa

Rica

~242KStudent Enrolment in Costa Rica

Universities

Key Insights

• The literacy rate of Costa Rica is 98% and is the

highest among all Latin American countries

• Public spending on education makes up ~31.5% of

total government expenditure, which is highest of all

OECD and partner countries, notifying that

investment in education is a top priority for the

country

• The Spanish National Cyber security Institute, S.A.

(INCIBE) with the Organization of American States

(OAS) offers training programs in Costa Rica

specializing in cyber security for the cybersecurity

talent

~80-85KTotal Number Of Graduates In Costa

Rica

~15-20KTotal Number Of STEM Graduates In

Costa Rica

~100-200Total Number Of Graduates Pursuing

Cybersecurity Courses

Overview

Universities Cybersecurity Courses

UNIVERSITY OF COSTA RICA

• CCNA (Cisco Certified Network Associate),• CCNP (Cisco Certified Network Professional)• CCNA Security

CENFOTEC UNIVERSITY

• Computer Security and Ethical Hacking, • Incident Response and Computer Forensics,• Preparation for the Information System Security

Professional CISSP certification • Principles of Cryptography • GSI: Information security and cybersecurity • GSI: Security of communications and personal

devices• GSI: Information security management system • GSI: Business continuity and risk management• Management of security incidents

LEAD UNIVERSITY • Specialty in Cybersecurity

Cybersecurity Courses In Costa Rica

Top Universities

Note : DRAUP’s Talent Module analysed 20+ Costa Rica universities

2626

University of Costa Rica

Top Awards and Rankings:University of Costa Rica ranks 19th in LATAM University Rankings, ranks 500th in the QS World University Ranking

Marquee Alumni• Vanessa Ramirez,

Commercial Director at Forbes

• Juan Gabriel Ruiz Gutierrez, Director at Resonetics

Key Programs and Courses Offered Key Alumni Profiles

University of Costa Rica: University of Costa Rica, an institution financed by the State that has the widest academic courses in the country. The university offers cybersecurity and networking related courses in association with Cisco

Total Enrolment

~41,000Graduation Rate

~13%

Courses Offered• CCNA (Cisco Certified Network Associate)• CCNP (Cisco Certified Network Professional)• CCNA Security A• Configuration of Linux Servers• Development of Websites with Drupal• IT Essentials• Applied networks• Computer and Information


Kerry PorrasDESIGNATION: Security Delivery Specialist SRM Compliance Management at IBM

Education: BS IT Essentials and CCNA at University of Costa Rica, BS Systems Engineering at Central University

Current works: Physical Security review of IBM sites and leading the work place Security program for GTS, an internal program based on internalPhysical audits (workstations) to be sure no confidential information is exposed

Jamie CordobaDESIGNATION: Enterprise Security Engineer at Tek Experts

Education: Information Technology at University of Costa Rica, System Administration at Cisco Networking Academy

Current works: Big data security analytics and intelligence software for security information and event management and log management solution

• CCNA Security: complementary course that delves into the design, implementation and support of network security

• CCNP provides the knowledge and skills necessary for the implementation and maintenance of an integrated network infrastructure of services and applications

University Of Costa Rica has partnered with Cisco for Cybersecurity and Networking courses

Cybersecurity and related Courses

2727

Cenfotec University

Top Awards and Rankings:Cenfotec University ranks 30th in Country Ranking

Marquee Alumni• Alexander Carrillo, Head

of Technical Support at Logical Data

• Esteban Oviedo Blanco, Director General at Grupo Babel Software & IT Services

Key Programs and Courses Offered Key Alumni Profiles

Cenfotec University: Universidad Cenfotec (Cenfotec University) offers a wide range of courses in Cybersecurity. The university is one of the preferred hotspot for employers hiring Cybersecurity talent

Total Enrolment

~2,000Admission Rate

~80-90%

Erick GamboaDESIGNATION: Cyber Security Engineer at DXC Technology

Education: MS Cyber Security at Cenfotec University, BS Computer Science at Latin University of Costa Rica

Current works: Security-related compliance and delivery governance, working with senior management and focusing specifically on security environment in relation to client business objectives

Gustavo MendezDESIGNATION: Information Security and Compliance Specialist at Desert Development Company

Education: MS Cyber Security at Cenfotec University, BS Computer Engineering at Latin University of Costa Rica

Current works: Design and implement cyber security policies and security procedures for a software development company and execute the Security Incidents Management Process

Courses Offered• Management of Software Requirements• CISCO CCNA 1 (Fundamentals of CISTEC1 Networks)• Design and construction of components• Computer networks• Object-oriented programming• Software conceptual design• Development of Web Applications• SCRUM Master Professional Certificate (SMPC)

Cyber Security Courses Offered• Security of the information• Cybersecurity• Security management system• Security in communications and personal devices• Security in wireless networks and mobile devices• Security in operating systems• Security of applications and systems• Management of security incidents


2828

AGENDA





2929

Service sector contributes to a large proportion of GDP. This sector employs ~67% of the total talent

Population: ~3.8 Million

Literacy level: 95%

Top Spoken Languages: Spanish, Ngabere, Buglere

Ethnicity: Mestizo(65%)

Total labor force: ~1.633 Million

Unemployment rate*: 6.0%

Median age: 29.2 years

Sex ratio: ~1:1

GDP : $61.84 Billion

GDP growth rate: 5.4%

Percentage of workforce in different industriesA large proportion of employees are employed in

Service sector which includes services such as logistics, banking, insurance and tourism and accounts

for about ~66.74%

Total Workforce : ~1.6 Million

Panama has the highest rate of youth unemployment which is 15%. The technology sector in Panama

employs ~15-20% of the overall talent

Panama ranked 54th in National Cyber Security Index and 61st in Global Cyber Security Index

Source : Panama Census BureauNote: The represented data has been collected from multiple news sources and DRAUP Proprietary Database

3030

Talent Dashboard: ~74% of the installed cybersecurity talent pool falls under the Security Operations cluster

1.a

~2,700

~2,000

~150

Total Relevant Cybersecurity talent pool

Security Operations Engineer

Directly Relevant Talent Pool

Note : DRAUP’s Talent Simulation Module was used to analyze talent by location and skill sets


Security Architect

• Network Security Administration• Security Engineer

Sample Roles *

• Software Developer• Security Software Developer

• IT Security Architect• Security Solution Architect

~300

*Listed roles are a sample set and are not exhaustive** The overall talent might be less than the number due to overlap of skills

Cryptographer ~250 • Cryptographer• Cryptographic Analyst

BFSI

Software & Internet

Telecom

Others

10-14%

Vertical level cybersecurity talent split

• Cyber Security Analyst• Cyber Security Engineer

• Information Security Application Developer• Security Software Engineer

• Information Security Officer• Security Architect

• Researcher• Security Threat Analyst

~70%Organizations doesn’t find perfect talent for

cybersecurity roles

75-90 DaysAverage time taken to fill cybersecurity jobs

across various levels

~30-35%Of current cybersecurity talent hold atleast

one security related certification

~3-5 JobsPosted everyday for Cybersecurity related

roles

58-62%

10-13%

9-11%

3131

Firewall Management

830 Risk Assessment 750 DNS Security 590

Identity Access Management

10

Ethical Hacking

110Penetration

Testing110 Encryption 90 Forensics 80 TCP/IP Security 80

Intrusion Detection

80VulnerabilityAssessment

70Incident

Response60

Cryptography 40Web ApplicationSecurity

30Threat

Intelligence20

MalwareAnalysis

20

Skill-level Analysis: Large proportion of employed talent pool is skilled in core cybersecurity skills such as Firewall Management, Risk Assessment and DNS Security

Note: DRAUP’s Talent Simulation Module was used to analyze talent by skill sets

Sub Netting 15Network Access

control10

SIEM 50

** The overall talent might be less than the number due to overlap of skills

Top cybersecurity skills talent

3232

Panama City

Location Hotspot: Panama City employs >95% of the installed cybersecurity talent in Republic of Panama. The city hosts the major technology employers from the Software & Internet, BFSI and Telecom verticals

Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database

• More than 95% of the installed cybersecurity talent is based out of Panama City, while a bare minimum headcount is present in other cities

• The International Technopark of Panama is an entrepreneurial development growth pole that houses major IT and biotech companies such as HP, Ericsson, Copa Airlines, Cable Onda, AQ1 Systems

• The Ciudad del Saber (City of Knowledge) is a center for innovation and knowledge exchange combining business, research and studies

Key Insights

Panama CanalMajority of the Services and Business Parks are located in this area in Panama

and is home to the top employers in the Cybersecurity vertical

Dell EMC

Cisco SmartmaticMicrosoft

Brinks

Quest Software

Rootstack

Panama University

Technology University of Panama

3333

Panama – MSA Deep Dive: Panama City has the highest cybersecurity talent in the Republic of Panama, employing about ~95-98% of the total installed talent

~2,600 – Cybersecurity Talent Spread Across Panama City


Quest Software Indra SISAP St.Georges Bank

TECNASA Telered - Panama Banco Nacional de Panama Inteligo Bank Ltd

Smartmatic Soluciones Seguras International Insurance Company Digicel Panama Ltd.

GBM as a Service Security Solutions Distributors Sigma Security Sefisa

NTT Data Services HSBC CITI Trend Micro

Global Bank Viva Solutions S.A. Nativa Holding Medios De Pago, S.L. Grupo CS Panama

Bicsa Cisco TowerBank Inc. Grupo UPS

Telecarrier E Risk Corporation DGI Ximark Technologies

Sofistic Bladex M.B.Security Metrobank N.A.

Fronteras Security BAC Credomatic CLAdirect Ultrared Internacional SA


3434

Panama: Top Employer Profiles for Security Architect talent pool

Banco Nacional de

Panama

~20

~20

~10

~10

~10


• IT Security Specialist• Information Security Officer• Security Specialist

• IT Security Architect• IT Security Specialist• Security Infrastructure Architect

• Security Architect• Security Solution Architect

• Information Security Architect• Security Solutions Architect

• IT Security Architect• Security Architect

• Provide security guidance across security architectural reviews and multiple technologies

• Manage security related projects and effective transition of security services • Design of Information Protection Architecture by defining shared services, consistent

patterns and toolsets

• Implement and integrate Security Equipment in security service based infrastructures• Support development, implementation, maintenance and enforcement of controls,

tools, documentation, processes and standards• Monitor and report IT security risk status, security architecture design principles and

technologies

• Design, build, test and implement security systems and conduct security and privacy reviews to determine compliance

• Verify the security and privacy requirements defined in the security plans, policies and procedures

• Support software and data delivery platforms design with reusable components

• Implement security systems by specifying intrusion detection methodologies and equipment

• Define, design, evaluate and maintain the enterprise security architecture• Deploy information protection services such as encryption, key management, hardware

security modules, public key infrastructure and information lifecycle management

• Design security standard and authentication protocols for security systems• Development of robust security architecture and define technical solutions to address

security threats• Design, implement and standardize the security framework to improve the security

posture


3535


Panama: Security Architect : Sample Talent Profiles

Jose Luis Vega CamarenaEducation: System Management in IT Security, Inter-American University of Panama

• Manage action plan on reports of threats and vulnerabilities emitted by scanning and monitoring tools such as McAfee Secure, Network Security Manager-IPS, SIEM

• Implement and Integrate Security Equipment in the Infrastructure and penetration test in the network

• Perform security architecture and risk assessment with metrics and processes

• Deployment of security services in the integration with third-party services such as cloud, ADFS

IT Security ArchitectExperience in Current Role: 8+ YearsTotal Experience: 9+ Years

• Design technological and security architecture for a new payment service to invoice merchants with integration to online banks

• Create and implement the business continuity plan, disaster recovery plan and test periodically for successful results

• Establish encryption securities and technology policies for personnel, data security, disaster recovery and business continuity

Elio RodriguesEducation: Diploma in Information Security, IUTIRLA

Security ArchitectExperience in Current Role: 2+ YearsTotal Experience: 4+ Years

• Develop, document and implement information security policies, procedures and monitor security infrastructure and respond to security requests

• Develop and deploy robust security schemas to incorporate redundant solutions, electronic auditing, intrusion detection and identification of attack signatures

• Modernize outdated information security policies to manage, coordinate and track mitigations to ensure appropriate progress

• Design of scalable architecture based on business requirements, while complying with security and infrastructure standards

• Build system architecture that enable business units to execute strategic business plans and deployment of security services

• Create and evolve business cases that support implementation of new technologies and develop product security architectures

Alejandro GerbaudEducation: BBA Management Information System, University of Notre Dame

Information Technology ArchitectExperience in Current Role: 7+ YearsTotal Experience: 9+ Years

Adrian DEducation: Information Security and Risk Management, University of Washington

Security ArchitectExperience in Current Role: 4+ YearsTotal Experience: 8+ Years


Core Responsibilities Core Responsibilities

3636

Panama: Top Employer Profiles for Security Operations Engineer talent pool

~50

~40

~40

~40

~30

Top Employers & Headcount Job Titles

• Information Security Officer• Security Operations Specialist• Security Operations Center (SOC) Analyst

• Security Operations Consultant• Security Operations Engineer• Security Operations Specialist

• Chief Information Security Officer• Senior Security Engineer

• Security Operations Center (SOC) Analyst• Information Security Engineer

• Information Security• Information Security Operations• Cyber Security Operation


• Monitor, research, assess and analyse intrusion detections, prevention tools • Oversee anomaly detection systems, firewalls, antivirus systems, proxy devices • Act as a SPOC for any security incidents• Perform initial risk assessment on new threats and vulnerabilities

• Design and develop enterprise security solutions • Provide security requirements during planning sessions, functional and technical requirement

sessions • Provide user story creation and grooming, and technical design based on identified risks

• Develop and maintain the information security strategy• Evaluate and develop secure solutions based on approved security architectures• Develop the business, information and technical artifacts that constitute the enterprise information

security architecture and solutions

• Configuration, implementation and monitoring of one or more SIEM tools (QRadar, Arcsight, etc)• Monitor SIEM and other SOC tools by following operational process and procedures to appropriately

analyse, escalate, and assist in remediation of security incidents

• Escalate the security incidents in the incident response procedures• Proactively identify the emerging cyber threats within the environment and PLS industry• Provide on-call support for broken or disrupted security technologies

Workloads

3737

Panama: Security Operations Engineer: Sample Talent Profiles

Edgar A. Rivas JEducation: MS Computational Security, Latin University of Panama


• Conduct security verification & validation reviews to identify security risk and non-compliance areas and to ensure the ongoing protection of Verizon assets and sensitive customer information

• Operate and administrate the organization's information security activities including systems and data security, disaster recovery, and archiving

• Risk Assessment and Security Compliance and Assurance along with internal Process, Quality Assurance, Reporting

Information SecurityExperience in Current Role: 4 YearsTotal Experience: 15 Years


• Performs risk analysis to identify any security issues that could lead to lost or stolen data

• Analyse the security data from computing and network devices to identify potential threats and vulnerabilities

• Initial detection, analysis, and investigation of security events to determine likelihood of compromise and respond according to processes

• Analyse the system outages, alerts, and reports of abnormal system behaviour due to suspected security related events such as viruses, and hacker intrusions

IT Security AnalystExperience in Current Role: 1 YearTotal Experience: 10 Years

Aaron EchazabalEducation: BS Electrical, Electronics Engineering, Panama University


• Monitor the control environment to ensure compliance with information security policies and standards

• Coordinate and participate in multiple audits campaigns of information security practices

• Plan, develop, monitor and manage the policies, procedures and initiatives to ensure that information security compliance stands within its pillars of confidentiality, integrity and availability

System Security EngineerExperience in Current Role: 4 YearsTotal Experience: 7 Years


• Develop a security awareness program and developing mitigation strategies for the issues identified

• Design and develop data security frameworks and best practices ((ISO 27002, COBIT, RISK IT)

• Develop risk mitigation strategies required to protect the confidentiality, integrity and availability of information systems and client data

Chief Information Security OfficerExperience in Current Role: 4 YearsTotal Experience: 15 Years


Rodolfo Gallardo

Education: Science Technology Information Security Specialist

Akeem RodriguezEducation: MS Computer Security, Interamerican University of Panama

3838

Panama: Top Employer Profiles for Security Software Developer talent pool

~20

~10

~10

~10

~10


• Security Engineer• Security Software Developer• Security Tools Developer

• Security Software Developer• Software Developer• Security Software Engineer• Secure Application Designer

• Software Development Engineer• Security Application Developer

• Software Developer• Security Engineer• Security software developer

• Software Developer• Security Engineer

• Perform secure software engineering tasks and fix detected vulnerabilities to maintain a high-security standard software's

• Implement security tools based on the design and specifications• Implement, test and operate advanced software security techniques in compliance with

the technical reference architecture

• Analyse, design, develop and deliver high-quality security software solutions• Architect, design, develop, test and troubleshoot features and functions during security

software development• Investigate security breaches and other cyber-security incidents

• Perform on-going security test and code review to improve software security• Validate the Software components against the requirements to ensure full coverage

and quality• Install security measures and operate software to protect systems and information

infrastructure, including firewalls and data encryption programs

• Design, analyse, develop, configure, test, train and secure the software and computer systems

• Perform security testing and code review to improve software security• Implement the security tools based on the design and specifications

• Design, develop, and test software to meet quality, performance security and non-functional requirements like accessibility and localisation

• Contribute to the development of features in the network, storage and security domains


3939




Panama: Security Software Developer : Sample Talent Profiles

• Design and deliver advanced defence, intelligence, and security solutions to support the important missions of customers for enhancing the security

• Plan, design, develop and test software systems and applications for software enhancements

• Analyse, test and integrate application components

• Enable solutions for security APIs, scalability, manageability, usability, and other critical factors

Ramón A. Burgos AngaritaEducation: Master in Computer Security Cyber Security at Polytechnic University of Catalonia

Security Software Engineer LeadExperience in Current Role: 1 YearTotal Experience: 12 Years

Carlos BerrioEducation: Computing with Specialization in Management Computing at American University (PA)

• Design new forensic tools and security software systems

• Monitor the development phases of the security application project for the organization

• Implement, test and operate advanced security software techniques in compliance with the technical reference architecture

• Provide engineering designs for new software solutions to help mitigate security vulnerabilities

Software EngineerExperience in Current Role: 10 MonthsTotal Experience: 11 Years

• Develop security software and integrate security into software during the course of design and development

• Design security products and involve at all stages of product development for maintaining quality

• Architect, design, and implement security related technologies

• Design test automation, integration testing, performance testing and security testing approach

• Identify and resolve security issues and perform security analysis, defences and countermeasures to provide strong and reliable software

• Create secure software tools and systems with a team of developers and provide engineering designs for new software solutions

• Research and identify flaws and troubleshoot and debug issues that arise during development

• Participate in security requirement, maintain technical documentation and monitor platform administration

Juan Carlos Guevara PinzónEducation: Degree in Computer Engineering

Software EngineerExperience in Current Role: 13+ YearTotal Experience: 17 Years

Yuk Yon ChenEducation: Technology University of Panama

Software Development EngineerExperience in Current Role: 4 MonthsTotal Experience: 15 Years


4040

Panama: Top Employer Profiles for Cryptographer talent pool

~20

~10

~10

~10

~10


• Cryptographic Analyst• Security Threat Analyst

• Cryptographer• Cryptographic Analyst

• Cryptographic Security Analyst• Cybersecurity Analyst

• Cryptographic Analyst• Cryptographic Security Engineer

• Cryptography Specialist• Security Analyst• Cryptanalyst

• Analysis and design cryptographic controls, protocols and their activities• Design, implement and verification of cryptography and security based systems using

machine learning concepts• Create privacy-preserving data exchange algorithms to build production-level system

• Analysis and maintenance of existing application cryptographic services and cloud based crypto services

• Design of hybrid crypto solutions for both Key and Certificate strategies• Design, implement and improve tools and services used to support symmetric and

public key cryptography management activities

• Develop and maintain internal expertise in cryptography and security of algorithms executed on embedded systems

• Analysis of cryptographic codes embedded in products and realisation of high level of cryptographic side-channel attacks

• Deployment of UL Security Evaluation services

• Identify network attacks and systemic security issues using public key cryptography, digital certificates, signatures and key management

• Support cryptography and key management activities using PIN Security, PCI Compliance, ANS X9/TR-39, TG-3 a plus

• Create or modify new cryptographically secured algorithms and calculate its entropy

• Define security requirements and develop standards spanning on multiple security domains

• Maintain key service of PKI systems with standard procedures, change control policies and procedures

• Support data encryption deployments and applied cryptographic strategies


Secure Solutions

4141

Panama: Cryptographer: Sample Talent Profiles

Omar GudinoEducation: Cybersecurity Analyst,CompTIA


• Design and develop encrypted solutions on incident response, risk reviews, vulnerability assessments and identifying threats

• Design, deployment, operation and support on security of network and infrastructure

• Build advanced cyber-security models for high-value data, workflows and accountability based on cryptographic expertise


Anibal VeraEducation: Master of Computer Science,Central University of Venezuela


• Define security and protection standards and analysis of computer malware forensics

• Perform vulnerability scanning and penetration testing, with web application, quality standards and methods

• Development and analyse cryptographic procedures with forensic tools such as EnCase, Access Data, FTK and WinHex


• Deployment of System Security Hardening and Cybersecure Architecture using security process and procedures

• Analyse principles of asymmetric cryptography such as asymmetric encryption, key exchange, digital signatures

• Design of security models using cryptographic hash algorithms, encryption and decryption process

• Develop security models for cloud, identify security vulnerabilities and manage secret key material in HSM, both for short-lived and long-lived credentials

• Design secure communication protocols and approach challenges of identity management to develop a secure user and device identity framework

• Implement foster developing technology to have cryptographic primitives and secure key management technologies

Mauro Antonio Reluz CedenoEducation: Master of Business Administration, Inter-American University of Panama


Cryptographic AnalystExperience in Current Role: 9+ YearsTotal Experience: 10+ Years

Fabian ChieraEducation: Postgrade CryptographyInstitute of Higher Education of Army




Secure Solutions

4242

Panama – Talent Demand Analysis: Security Operations Engineer, Security Software Developer and Network Security Engineer job roles are the most in-demand job roles in the past 3 months


Security Architect Incident Response Threat Response Security Operations Network SecurityEngineer

DevOps Engineers Security QA Engineer Penetration Tester Vulnerability testing Security Engineer(Operations)

Security SoftwareDeveloper

Cryptoanalyst

7% 76% 13% 4%

Architect and Orchestrators Engineering & Operations Software Development Cryptography & Research

Cybersecurity Job Openings for the past 3 Months in Panama

5 - 10 5 - 10 5 - 10 5 - 10

15 - 20

5 - 10 5 - 10

10 - 15

5 - 10 5 - 10

15 - 20

10 - 15

Job Openings Distribution by Job Clusters

4343

Leading universities such as Technological University of Panama and Panama University offers large number of courses in Cybersecurity

~10+Total Number Of Universities In Panama

~152KStudent Enrolment in Panama

Universities

Key Insights

• Panama Universities offer courses in engineering,

public health, nursing, and biosciences

• Panamas City attracts a lot of international students

as the education is free. US universities such as

Florida State University and the University of

Louisville has branches in Panama

• Panama ranked 48th out of 70 countries on the EF

English Proficiency Index

• Panama has ~53% of women in higher education

depicting a large female population

~60-65KTotal Number Of Graduates In Panama

~20-25KTotal Number Of STEM Graduates In

Panama

~100-200Total Number Of Graduates Pursuing

Cybersecurity Courses

Overview

Universities Cybersecurity Courses

TECHNOLOGICAL UNIVERSITY OF PANAMA

• Computer security and Cryptography

PANAMA UNIVERSITY

• Security and Privacy of Networks• Quality of Network Security and

Management of Security• Control and Evaluation of

Computer Resources

INTER-AMERICAN UNIVERSITY OF PANAMA

• CISCO CCNA Security

LATIN UNIVERSITY OF PANAMA• Master's Degree in System and

Management with Specialization in Computer Security

Cybersecurity Courses In Panama

Top Universities

Note : DRAUP’s Talent Module analysed 10+ Panama universities

4444

Panama University

Top Awards and Rankings:Panama University ranks as 139th in LatAm University rankings, 36th in Academic Reputation

Marquee Alumni• Romano Feoli, Partner at

Feoli & Co • Radames Villaverd CPA,

Regional Accounting Director at Dell

Key Programs and Courses Offered Relevant Statistics Key Alumni Profiles

Panama University: Panama University has several research agreements with the government agencies in the areas of science and technology. Cybersecurity is one of the focus areas in this segment

~970 International

Students

Total Enrolment

~37,500Total Graduates

~10,000Courses• Computer security and

cryptography• Artificial intelligence –

Cybernetics• Software Engineering• Theoretical computer science• Information and coding theory• Computer architecture and

computer engineering• Computer performance analysis• Concurrent, parallel and

distributed systems• Computer networks• Scientific computing• Computer applications• Programming language theory

~94% UG Students

~6% PG Students

Joaquin RodriguezDESIGNATION: Cybersecurity Evangelyst at Information Security Evangelyst

Education: BS in Electronic Communications at Panama University, MS in Information and Communications Security at Alfonso X El Sabio University

Current works: Cybersecurity ambassador for Central America to share experiences and best practices in the cybersecurity field

Samuel Sie-ky LaoDESIGNATION: Senior Infrastructure Security Engineer at Telconet

Education: BS Electronics and Communications Engineering at Panama University, PG at Panama University

Current works: Support the IT infrastructure team with scheduled maintenance such as troubleshooting and new settings for security devices and deploy security settings for IT infrastructure



4545

Technological University of Panama

Top Awards and

Rankings:Ranks 2nd in Panama, Ranks 119th in the LatAmUniversity Ranking

Marquee Alumni• Juan Antonio Cedeño

González, CEO at Alpicio Software

• Leonardo Dugarte, Director and Partner at GEPSA - Energy Group Panama

Key Programs and Courses Offered Relevant Statistics Key Alumni Profiles

Technological University of Panama: The second-largest university in Panama offers security courses in networking. The university attracts international students as it offers free courses

Humberto Williams AllenDESIGNATION: Information Security Analyst

Education: BS in Computer Science at Technological University of Panama, MS in Computer Security –Interamerican University of Panama

Current works: Develop a security awareness program and developing mitigation strategies

Paul Chen Charter DESIGNATION: Computer Specialist at Canal de Panamá

Education: BS in Business/ Commerce at Technological University of Panama, MS in Computer and Information Systems at Interamerican University of Panama

Current works: Information Security Management, Endpoint Protection, Vulnerability Management and Cloud Security

~550 International

StudentsTotal Enrolment

~24,000Master Degrees

~40+

Courses• Security and Privacy of Networks I• Security and Privacy of Networks II• Quality of Network Security• Management of Security, Control

and Evaluation of Computer Resources

• Organization and Architecture of Computers

• Operating systems• Analysis and Design of Networks• Network Systems Administration• Computer networks• Micro Computation• Data Communication• Analysis and Design of Networks

98% - UG Students

2% - PG Students

• Information and Communications Technology Center

• Engineering Experimental Center



Research, Development and Innovation Centres

Source : DRAUP

46

46

www.DRAUP.com

https://twitter.com/draupplatform

https://twitter.com/draupplatform

https://www.facebook.com/DraupPlatform/

https://www.facebook.com/DraupPlatform/

https://www.linkedin.com/company/draupplatform/

https://www.linkedin.com/company/draupplatform/

mailto:[email protected]?subject=How can we help you?

mailto:[email protected]?subject=How can we help you?

http://draup.com/

Documents

Cybersecurity Talent Landscape Costa Rica and Panama...Cybersecurity Talent Landscape ... Practitioner (CASP+) Cisco Certified Network Professional Security ... the course of design