Cybersecurity Talent Landscape – Costa Rica and Panama
December 2018
22
AGENDA
Cybersecurity Talent Landscape – Costa Rica and Panama
Costa Rica: Cybersecurity Talent Deep Dive
Overview and Talent Stack Of The Global Cybersecurity Industry
Panama: Cybersecurity Talent Deep Dive
33
Global Cybersecurity Overview: A potential $6 trillion problem
Note: The represented data has been collected from cybersecurity ventures, CSO online, multiple sources and DRAUP Proprietary Database updated as of Dec, 2018
> $120 BillionValue of Cybersecurity Industry in 2017
$134 BillionGlobal Spending on Cybersecurity in 2017
$6 TrillionIn damages caused by cyber attacks by 2021
~200,000 Cyber Incidents targeting Businesses in 2017
(2x higher than the incidents that occurred in 2016)
Top Affected Industries
8996
102
117
126134
143
2012 2013 2014 2015 2016 2017 2018
1%
10%
18%
17%
33%Information Communications Technology
Manufacturing
Retail
Professional Services
(2014)
Financial Services
Top affected firms
(2013)(2011)
(2017)
(2011)
(2014) (2014)
(2005) (2017)
(2017)
~2,00,000 Cybersecurity incidents and attacks in 2017
Cybersecurity Spend (in USD Billions)
44
Certifications in Cybersecurity have accelerated talent upskilling and enabled employees to command higher compensations
Beginner Intermediate Advanced Expert
CompTIA A+
Microsoft Technology Associate: Security
Fundamentals
CompTIA Security+
CompTIA CySA+
CompTIA PenTest+
Cisco Certified Network Associate Security
SANS GIAC Certified Incident Handler
SANS GIAC Information Security Professional
EC Council Certified Ethical Hacker (CEH)
EC Council Computer Hacking Forensic Investigator
EC Council Certified Network Defender
GIAC Certified Intrusion Analyst
CompTIA Advanced Security Practitioner (CASP+)
Cisco Certified Network Professional Security
ISC² Certified Secure Software Lifecycle Professional
ISACA Certified Information Systems Auditor
CSA Certificate of Cloud Security Knowledge
GIAC Security Leadership Certification
GIAC Certified Enterprise Defender
Security University GIAC Certified Enterprise Defender
Cisco Certified Internetwork Expert -Security
Securing Cisco Networks with Threat Detection and Analysis
Certified Information Systems Security Professional (CISSP)
ISACA Certified Information Security Manager
Mile 2 Certified Penetration Testing Engineer
Note: The above list of certifications is non-exhaustive and the analysis shows the most commonly accepted Cybersecurity certifications found from CompTIA and curated by DRAUP Research Team
55
Cybersecurity Tech Stack spans across 3 major verticals: Security Architecture/Orchestration, Security Operations and Research Center and Identity Management
Note: The represented data is a stack derived by analysing multiple Cybersecurity profiles and job postings. This domain clustering is defined by DRAUP’s Talent Module updated in Dec, 2018
Domain Roles
• Enterprise Security Architect• Network Security Engineer• Cloud Security Arhcitect• Network Security Architect• Security Solutions Architect• Information Security Consultant• Security Practice Architect
Risk, Governance & Compliance Management
• Cryptographer• Analyst End Point
Security• Backup/Security
Administrator• Systems Security
Analyst
• Analyst Compliance Audit • Privacy & Compliance Officer• Cybersecurity Risk Manager
• Engineer – Risk, Audit & Compliance • GDPR Programme Manager • IT Risk & Compliance officer
Cyb
erS
ecu
rity
Te
ch-S
tack
• Analyst Identity and Access Management
• Access Control Administrator
• IAM Engineer• Active Directory
Engineer
• SIEM Engineer• Security Operations Lead• Junior Threat Monitoring
Analyst• Threat Monitoring SOC
Analyst• Intrusion Detection
Specialist
• Security Engineer (Incident Response)
• Senior Incident Handler
• Incident Response Analyst
• Incident Responder
Security Architecture/Orchestration
Enterprise-wide Encryption Strategy
Cloud Security Architecture
Network Security Architecture
E2E Secure System build
Proxy/Content Filtering
Vulnerability Management
Network Application/Firewall
Data Loss Prevention (DLP)
Endpoint Protection
Security Operation and Research Center
Threat Monitoring
Threat/Attack Mitigation
Log Analysis
Encryption and Data Masking
NetFlow Analysis
Backup & Site Recovery
Forensic Investigation
Penetration Testing
Incident Response
SIEM
Identity Management
Identity Protection
Account creation/deletion
Access Management
CredentialingRemote Access &
Authentication
Backup/Recovery Planning
Security Policies & Procedures
Network Segmentation
Threat Prevention Threat Detection Incident Management
Software Developer/Engineer Roles: Develop Software Systems and Tools to be used across the Cybersecurity Value ChainSoftware Development
66
Clusters Description Responsibilities (Not exhaustive) Technical Skills
Security Architect
A Security Architect designs, builds and oversees the implementation of network and computer security for an organization.
• Plan, research and design robust security architectures.
• Determine security requirements by assessing business strategies, conducting system security, vulnerability analyses and risk assessments
• Develop requirements for local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), routers, firewalls, and related network devices.
• Develop and implement security policies and procedures such as authentication rules, security escalation procedures and encryption routines
• Review and approve installation of firewall, VPN, routers, IDS scanning technologies and servers.
Skills:• Perimeter security controls – firewall, IDS/IPS,
network access control and network segmentation.
• Security concepts related to DNS, routing, authentication, VPN, proxy services and DDOS mitigation technologies
• Router, switch and VLAN security; wireless security.
• Network security architecture development and definition
Certifications:CISSP, CISSP – ISSAP, CISM, CEH, CSSA,GSEC/GCIH/GCIA.
A Security Software Developer does one of two things: 1) Develops security software2) Integrates security into applications software during the course of design and development
Security Software Developer
• Develop a company-wide software security strategy.
• Create new software systems or forensic tools.
• Participate in the lifecycle development of software systems using agile methodologies.
• Design and build proof of concept prototype solutions.
• Leverage attack tools to test your work for software vulnerabilities.
• Take a leadership role in software design, implementation and testing.
Skills:• C, C++, C#, Java, ASM, PHP, PERL• TCP/IP-based network communications• IP security• Relational databases (e.g. SQL, MySQL, SQLite,
etc.)• Hypervisors (e.g. VMware, KVM, etc.)• Python Experience in HTML/CSS• XML/Web Services, AJAX• Cloud computingCertifications:ECSP, CSSLP, GSSP – JAVA, GWEB, GSSP - .NET,CEH, CES.
1)
2)
List of 4 unique job clusters and definitions extracted from sample profiles (1/2)
Roles
• IT Security Architect• Security Infrastructure Architect• Security Architecture Consultant• Information Security Architect• Cloud Security Architect• Network Security Architect• Security Solutions Architect
• Security Engineer (Software Development)
• Software Developer• Cybersecurity Developer• Security Tools Developer• Application Security
Engineer• Security Software Engineer
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018
77
Security Operations
A Security Operations Engineer is responsible for regular development, monitoring and maintenance of security infrastructure, rapidly addressing security incidents and threats within an organization.
• Perform security audits, risk analysis, network forensics and penetration testing
• Create a program development plan that includes security gap assessments, policies, procedures, playbooks, training and tabletop testing.
• Develop a procedural set of responses to security problems & identify security flaws and vulnerabilities among servers, systems and network devices.
• Establish protocols for communication within an organization and dealings with law enforcement during security incidents
• Liaison with other cyber threat analysis entities.
Skills:• C, C++, C#, Java, ASM, PHP, PERL• eDiscovery tools (NUIX, Relativity,
Clearwell, etc.)• Security frameworks (e.g. ISO
27001/27002, NIST, HIPPA, SOX, etc.)• Forensic software applications (e.g.
EnCase, FTK, Helix, Cellebrite, XRY, etc.)• Enterprise system monitoring tools• Vulnerability analysis and reverse
engineering• Metasploit framework• Cloud computingCertifications:CEH, CCE, GCFE, GCFA, GCIH, GCIA, CCFE,CPT, CREA, GCFA, CISSP, OSCP, GPEN
3)
List of 4 unique job clusters and definitions extracted from sample profiles (2/2)
Clusters Description Responsibilities (Not exhaustive) Technical Skills Roles
• Incident Responder• Security Engineer
(Incident Response)• Senior Incident Handler • Incident Response Analyst • Penetration Tester• Threat Monitoring Analyst• Threat Monitoring SOC Analyst• Intrusion Detection Specialist.• Analyst Identity and Access
Management• Ethical Hacker• Forensic Investigator• Vulnerability Analyst• Access Control Administrator
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018
CryptographerDevelops algorithms, ciphers and security systems to encrypt sensitive information, analyzes and decrypts any type of hidden information (e.g. encrypted data, cipher texts, telecommunications protocols) in cryptographic security systems.
• Design robust security systems to prevent vulnerabilities & test computational models for reliability and accuracy
• Develop statistical and mathematical modelsto analyze data and solve security problems.
• Protect important information frominterception, copying, modification and/ordeletion.
• Evaluate, analyze and target weaknesses incryptographic security systems and algorithms
Skills:• C, C++, Python, Java and similar
programming languages.• Linear/matrix algebra and/or discrete
mathematics.• Computer architecture, data structures
and algorithms.• Principles of symmetric & asymmetric
cryptography.• Probability theory, information theory,
complexity theory and number theoryCertifications:CES certification
4) • Secure Computation Researcher
• Machine Learning Security Researcher
• Offensive Security Researcher – AI
• Encryption Engineer• Cryptologist• Encryption Specialist
88
Workload focus areas : Deep dive analysis of key focus areas across the 4 Job families
Security Systems Monitoring
Security Analysis
Security Architecture Development
Incident Response
Penetration Testing
Forensics
Malware Research & Analysis
Security Audit
Threat Intelligence Analysis
Security Project Management
Risk Analysis & Management
User Awareness Training
Intrusion Detection
Security Software & Tools Development
Endpoint Security Management
Technical Writing
Architect & Orchestrators (1) Cryptography & Research (4)Software Development (3)Engineering & Operations (2)
Medium
Low
High
Medium
High
High
Medium
High
High
Low
Low
Low
Low
Low
Low
High
Medium
Low
High
Medium
High
High
Low
High
Medium
High
Low
High
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
Low
High
High
High
Low
Low
Low
Low
Low
High
Low
Low
Low
Low
Low
Low
Low
High
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018
High
Medium
Medium
Medium
Focus Area
Indicates workload across job families
Clusters
99
Hiring Intensity: Traditional roles such as Security Engineers are the most hired/filled jobs in both Costa Rica and Panama, while new age roles such as Intrusion Analyst, Penetration Tester and Crypto Analyst are gaining demand recently
Hiring Intensity Heat Map – Period at which a particular role is hired the most
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018
2013
2014
2015
2016
2017
2018
Yea
r
Security Architect
Security Operations
DevOps Engineers
Security QA Engineer
Security Engineer
(Operations)
Security Software
Developer
Crypto Analyst
Incident Responder
Threat Responder
Network Security Engineer
Vulnerability Tester
Penetration Tester
Intrusion Analyst
Companies massively hired these roles due to the cost advantage and scale of operations these locations offered
Maturing cyber-security talent supply and certification courses along with the low cost advantage drove companies to hire more roles in Cryptography and Risk Management clusters
Adoption of new age technologies among the tech companies increased the demand of new age cybersecurity skills in the areas of Cryptography and threat analysis
1010
AGENDA
Cybersecurity Talent Landscape – Costa Rica and Panama
Costa Rica: Cybersecurity Talent Deep Dive
Overview and Talent Stack Of The Global Cybersecurity Industry
Panama: Cybersecurity Talent Deep Dive
1111
Services sector contributes to a large proportion of GDP. This sector employs ~69% of the overall talent
Population: ~4.9 Million
Literacy level: ~97.8%
Top Spoken Languages: Spanish, English
Ethnicity: Castizo (66%)
Total labor force: ~2.2 Million
Unemployment rate*: ~9%
Median age: ~32 years
Sex ratio: 50 Female/ 50 Male
GDP : ~57.4 Billion
GDP growth rate: ~3.4%
Percentage of workforce in different industries
Costa Rica’s exports in technology, information and communication (ICT) is US$3.3 billion, which is ~5.8%
of the Gross Domestic Product (GDP)
Total Workforce : ~2.2 Million
A total of 300 tech companies, ~24% of which are Fortune 100 have operations in Costa Rica. In 2016
alone 2/3rd of these companies expanded their operations in Costa Rica
Costa Rica has a constant flow of STEM talent at ~7% every year, while the growth of IT graduates stands at
~4% annually
Source : Costa Rica Census BureauNote: The represented data has been collected from multiple NEWS sources and DRAUP Proprietary Database
1212
Talent Dashboard: ~67% of the installed cybersecurity talent pool falls under the Security Operations cluster
1.a
~4,500
~3,000
~350
Total Relevant Cybersecurity talent pool
Security Operations Engineer
Directly Relevant Talent Pool
Note : DRAUP’s Talent Simulation Module was used to analyze talent by location and skill sets
Security Software Developer
Security Architect
• Network Security Administration• Security Engineer
Sample Roles *
• Software Developer• Security Software Developer
• Information Security Architect• Security and Solution Architect
~850
*Listed roles are a sample set and are not exhaustive** The overall talent might be less than the number due to overlap of skills
Cryptographer ~300 • Cryptographer• Cryptanalyst
70-80 DaysAverage time taken to fill cybersecurity jobs across
various levels
~65%Organizations doesn’t find perfect talent for
cybersecurity roles
~30-35%Of current cybersecurity talent hold atleast one
security related certification
~3-5 JobsPosted everyday for Cybersecurity related
roles
5-8%
BFSI
Software & Internet
Telecom
Others
65-70%
5-8%
10-14%
Vertical level cybersecurity talent split
• Cyber Security Analyst• Cyber Security Engineer
• Information Security Application Developer• Security Software Engineer
• Information Security Engineer• Security Architect
• Researcher• Cryptologist
1313
Skill-level Analysis: Large proportion of employed talent pool is skilled in core cybersecurity skills such as TCP/IP Security, Firewall Management and Risk Assessment
TCP/IP Security 1,600Firewall
Management1,040
Risk Assessment
950
Encryption 260Ethical
Hacking240
Malware Analysis
200 DNS Security 200
Forensics 150Penetration
Testing160
Incident Response
150Identity Access Management
130
Cryptography 100Vulnerability
Testing90 Web Security 80
Intrusion Detection
80
Note: DRAUP’s Talent Simulation Module was used to analyze talent by skill sets
Sub Netting 55
Network Access control
15Threat
Intelligence20
SIEM 200
Top cybersecurity skills talent
** The overall talent might be less than the number due to overlap of skills
1414
Location Hotspot: San Jose and Heredia Province employs >95% of the installed cybersecurity talent in Costa Rica. These locations hosts the major technology employers from the Software & Internet, BFSI and Telecom verticals
Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database
Hotspot Top Employers Universities
Key Insights
IntelHPE
Cognizant
BAC Credomatic
Microsoft
CiscoOracle
IBM
Academia Natraj
Universidad Central
Texas Tech Costa Rica
• San Jose Province and Heredia Province are the key hotspots for cybersecurity talent in Costa Rica
• More than 95% of the installed cybersecurity talent is spread across these two locations. San Jose houses ~30 – 35% of the installed talent, while Heredia has the remaining ~60 – 65% of the total installed cybersecurity talent in Costa Rica
• America Free Zone, a major tech park in the Heredia Province is home to large MNCs such as Dell, Amazon, IBM, HP, HPE, NTT Data, VMware, Experian, Citrix, Intertec and Teradyne
• Distrito Financiero, Lindora Park Free Zone and Ultra Park Free Zone in San Jose Province is home to top MNCs like Microsoft, Akamai, Cisco, Oracle, BAC Credomatic
San Jose ProvinceHosts Software and Telecom
MNCs
Heredia ProvinceHotspot for Software & Internet
and BFSI MNCs
San Jose Province
Heredia Province
Akamai
Cartago Province
Emerging Location
Lead University
1515
Costa Rica – MSA Deep Dive: Heredia Province has the highest cybersecurity talent in Costa Rica, employing about ~60-65% of the total installed talent
Heredia : ~60 - 65% Cybersecurity Installed TalentSan Jose : ~30 - 35% Cybersecurity Installed Talent
~4,400 – Cybersecurity Talent Spread Across San Jose Province and Heredia Province
Peer Employers Extended List
Emerson Automation Solutions SPC International
Juniper Networks GBS Data Corporation
Western Union Invinsec
Sungard Availability Services Millicom
Oracle Zenedge
Walmart Q6 Cyber
Teleperformance Adistec
Banco de Costa Rica SISAP
Consulting Group Trustnet Information Security
Conzultek Brightstar Corporation
Peer Employers Extended List
Experian Cargill
Sykes Enterprises, Incorporated Cheetah Digital
Micro Focus Desert Development Company
Citrix Dell
Equifax FIFCO
VMware Kaspersky Labs
Fujitsu CSS Corp
3M First Data
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
1616
Costa Rica: Top Employer Profiles for Security Architect talent pool
~50
~40
~20
~20
~20
Top Employers & Headcount Job Titles Workloads
• Security Architect• Information Security Engineer• Security Correlation Engineer• Cloud Security Architect
• Security Architect• Security Solution Architect• Information Security Architect
• Security Architect• Security Solution Architect
• Cloud Security Engineer• IT Security Architect• Security Solution Architect
• Determine security requirements by assessing business strategies, conducting system security, vulnerability analyses and risk assessments
• Design, review and develop functional and technical security requirements• Design and incorporate security controls in new legacy and in-progress environments
with general IT transitions and upgrades
• Implement and troubleshoot issues on working firewalls with technologies such as SNMP, failover, load balancing, DNS, NAT and DHCP
• Configure and set routing protocols to communicate networks and implement failover solutions
• Troubleshoot and support Intrusion Prevention Systems to large-scale sectors
• Create, test and implement disaster recovery plans• Design and build automation systems for secure review, deployment and continuous
validation of cloud infrastructure• Design internal escalation processes with backup and recovery services and design
robust security architectures
• Analyse and initiate activities to optimize and enhance enterprise security service architecture
• Provide architectural support for the implementation of information security initiatives and deployment of solutions
• Design security architecture elements to mitigate threats and security solutions
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Security Analyst• Security Architect• Information Security Analyst
• Design authentication rules, security escalation procedures, encryption routines and implement security policies
• Develop and implement processes with standards, procedures and guidelines based on risk assessment and analysis
• Manage and configure security services for multi-vendor network devices
1717
Core ResponsibilitiesCore Responsibilities
Costa Rica: Security Architect : Sample Talent Profiles
Carlos Lopez ChinchillaEducation: Diploma in Information Technology Networking at Latin University of Costa Rica
• Prepare security standards, policies, procedures and install application patches to verify data collection and backups
• Analyse IT security risks to optimize the SIEM system capabilities and audit the logging features of the event and log sources
• Develop an enterprise Security Architecture strategy, blueprint and reference architectures using CIBC architecture standards
AWS Certified Security Solution ArchitectExperience in Current Role: 2+ YearsTotal Experience: 11+ Years
Marcelo RuizEducation: Computer and Information Security Certification at Bureau Veritas Certification North America, Inc
• Design and implement Risk Assessment LITE application to determine an application's criticality to withstand downtime events and risks
• Deploy security services for platforms to provide compliance to BC/DR policy of Portfolio application
• Analyse endpoint security solutions which include File Integrity Monitoring and Data Loss Prevention
• Develop and enforce business group information security policies and evaluate new security technologies
Information Security ArchitectExperience in Current Role: 2+ YearsTotal Experience: 40+ Years
• Implement, test and fine-tune Akamai's Cloud Security Solutions such as Web Application Firewall for DDoS Protection and Web Application Controls
• Configure, implement and troubleshoot security based Cisco-Checkpoint Firewalls, Tipping Point IPS, Websense BlueCoat Proxys
• Develop and execute test cases and scripts for solutions with analysis on different technical aspects including Web Performance solutions and Cloud Security
Luis Diego RagaEducation: Bachelor of Science(BS) System Engineering at Latin University of Costa Rica
Senior Security Solutions ArchitectExperience in Current Role: 6+ MonthsTotal Experience: 13+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities
• Configure, implement and troubleshoot security based Cisco-Checkpoint Firewalls, Tipping Point IPS, Websense BlueCoat Proxys
• Detect changes on configuration of the devices and troubleshoot hardware issues to identify root cause and proceed with RMA
• Design and deploy different security solutions which includes scanning software (VMS), monitoring QRadar, Juniper and IPS
Gerardo Barrios E.Education: Bachelor Degree Computer System Networking and Telecom, University of Costa Rica
Network Security EngineerExperience in Current Role: 4+ YearsTotal Experience: 9+ Years
Core Responsibilities
1818
Costa Rica: Top Employer Profiles for Security Operations Engineer talent pool
~230
~170
~120
~85
~75
Top Employers & Headcount Job Titles Workloads
• Network Security Administrator• Security Administrator• Security Engineer
• Security Delivery Specialist• Network Security – Threat Intelligence
Analyst• Security Engineer
• Cyber Security Analyst• Network Cyber Security• Information Security Engineer
• Network and Security Engineer• Cybersecurity Engineer• Information Security Expert
• Senior Network Security Engineer• Security Operations Analyst• Cyber Security Specialist
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Create and support internal solutions related to security incidents and threats• Proactively monitors company security systems for unhandled issues and threats• Perform basic vulnerability scans using vendor utility tools• Monitor the security audit and intrusion detection system logs for system and network anomalies
• Design and develop an innovative security ecosystem enablement framework and provide roadmap using the security content and resources
• Analyse events, flows, alerts and advance analysis of potential security incidents• Develop and deliver customer presentation regarding security and enhancing the security posture
• Analyse security events in compliance with HIPAA and federal regulations using Arcsight and Qradar• Monitor the SIEM system patches and upgrades, installing application, verifying data collection, verifying
backups are running and complete• Perform the product evaluations and recommends products/services for network security
• Securely develop and support internal security/administrative tools and reports• Implement ongoing security improvements for foundational infrastructure stack and administrative
environment for the security and IT operations• Investigate, troubleshoot and improve process in applications for enhancing the information security
• Maintain the integrity and security of enterprise-wide cyber systems and networks• Correlate actionable security events and develop unique correlation techniques• Integrate, configure and test the computer and network security solutions to manage the
network/system's firewalls and intrusion detection systems
1919
Costa Rica: Security Operations Engineer: Sample Talent Profiles
Eugenio JimenezEducation: Business Administration, University Florencio del Castillo
Core Responsibilities
• Monitor, analyse and determine threat to a network, server or other devices based in logs, traffic flows and information provided by security devices and software across the network
• Identify potential vulnerabilities that could be exploited to gain unauthorized access or disrupt on systems and implement solutions in case of vulnerabilities
• Analyse events, flows, alerts and advance analysis of potential security incidents
• Improve the security posture and mitigate different attacks based on trend analysis
SIEM Security AnalystExperience in Current Role: 2 YearsTotal Experience: Years
Carlos LopezEducation: Information Technology, Castro Carazo University
Core Responsibilities
• Architecture design for security tower as a lead, including cost model, necessary force for T&T and technical design
• Implement security solutions such as Trend Micro Host Intrusion Prevention, SIEM, Juniper, Cisco and Checkpoint firewalls, Onsite Aggregators, Vulnerability scanners
• Architectural involvement on new and current deployments
Security ArchitectExperience in Current Role: 2 YearsTotal Experience: 15 Years
Leonardo Guzman
Education: International University of the Americas
Core Responsibilities
• Develop and manage the security for more than one IT functional area (e.g., data, systems, network and/or Web) across the enterprise
• Develop and implement the security policies and procedures (e.g., user log-on and authentication rules, security breach escalation procedures, security auditing procedures and use of firewalls and encryption routines)
• Use tools and technology to identify threats and generate actions for due diligence
Security EngineerExperience in Current Role: 3 YearsTotal Experience: 12 Years
Core Responsibilities
• Design and development of NGFW, Firepower, ASA, IDS/IPS, VPN
• Reviewing/configure/troubleshoot Security technologies from Mid to Large Scale Networks
• Collect and analyse the syslog messages, system debugs or traffic captures to identify root cause for unexpected behaviours or misconfiguration issues
• Second level support for SOC) / Triage and analysis of security incidents, security research / SOC Infrastructure owner
Information Security SpecialistExperience in Current Role: 3 YearsTotal Experience: 18 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Roberto Buján UgaldeEducation: MS Cyber Security Information Security, Latin American University of Science and Technology
2020
Costa Rica: Top Employer Profiles for Security Software Developer talent pool
~55
~45
~40
~40
~40
Top Employers & Headcount Job Titles Workloads
• Security Engineer• Software Developer• Security Software Development Engineer
• Software Security Developer• Software Development Lead• Software Quality and Security Engineer• Information Security Application Developer
• Security Software Developer• Cyber Security Developer• Software Developer(Security and Cloud)
• Security Software Developer• Software Developer• Security Software Development Engineer• Software Engineer - Security
• Software Developer• Security Engineer• Security Software Engineer
• Drive and develop ArcSight – HP’s enterprise security software• Handle the complete testing and QA tasks for the ArcSight investigate software • Develop software tools and applications for the secure development processes• Design and implement security features in software systems• Review threat models of applications and overview quality issues of these applications
• Develop new software systems and forensic tools• Plan, design, develop and test software systems and applications for security software
enhancements • Create and maintain identity & access management applications, architecture, and
standards for delivering enterprise identity, access, and authentication services
• Develop and test IBM security products to ensure its functions are according to the specifications based on client requirements
• Deep dive on the software stacks to troubleshoot any issues while developing the security software
• Design and develop software for system integration platforms
• Design and develop high-performance software focused on enterprise security and networking needs
• Develop security framework and create libraries using RESTful architecture for client applications
• Drive the entire QA life cycle for the security software
• Designing new forensics tools and security software systems • Design solutions and create proof of concept ideas for security software tool• Monitor the development phases of an application project for the organization and
ensure the security of the developed software tool
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
2121
Core Responsibilities
Core Responsibilities
Core Responsibilities
Core Responsibilities
Costa Rica: Security Software Developer : Sample Talent Profiles
Olman Rojas EspinozaEducation: Bachelor Degree Computer Engineering at UNED
• Build the ground reliable security software services in IBM Cloud to deliver highly scalable services
• Build engineering automation and productivity tools to streamline and scale applications in the production environment
• Design, build and automate solutions for running mission-critical and scalable workloads for cloud security
• Build, maintain and manage security policies for cloud infrastructure
Security Software DeveloperExperience in Current Role: 6 MonthsTotal Experience: 19 Years
Mauricio OrtunoEducation: Masters Degree Information Technology Management at National University of Costa Rica
• Design and develop Identity and Access security applications
• Develop internal business applications and test anti-malware software to all endpoints at Intel
• Develop and maintain web applications for the Corporate Quality Network organization within Intel Corporation
• Analyse, design, develop and deploy critical business application requirements
Software Development LeadExperience in Current Role: 3 YearsTotal Experience: 14 Years
• Provide support to the clients to deploy the developed security tools
• Support software development and automation efforts for the security tools and software
• Perform software development and quality assurance for security software and tools
• Document the software development lifecycle for future reference
• Develop security software and integrate security into software during the course of design and development
• Design, develop, troubleshoot and debug software programs for software enhancement and new products
• Provide guidance and mentor staff members for security software systems design
• Maintain secure design and development for providing highly efficient tools to ensure a secure code
Leonardo GuzmanEducation: International University of the Americas
Security engineer Experience in Current Role: 3+ YearsTotal Experience: 11 Years
Diego Villalta DelgadoEducation: Master Degree Computer and Information Systems Security/ Information Assurance at VIU - International University of Valencia
Security Software EngineerExperience in Current Role: 2+ YearsTotal Experience: 8 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
2222
Costa Rica: Top Employer Profiles for Cryptographer talent pool
~30
~15
~15
~15
~10
Top Employers & Headcount Job Titles Workloads
• Security Analyst(Cryptography)• Cryptographic Analyst• Cryptographer
• Cryptographic Architect• Cryptography and Security Researcher
• Cryptographic Security Analyst• Cyber Threat Analyst
• Cryptographic Analyst• Cryptographic Security Engineer
• Cryptographer• Cryptanalyst
• Prepare security standards and interface different hardware devices with secure communication between different hardware
• Analyse and update new developments in computer and network vulnerabilities, data hiding and encryption
• Analysis of data logs from multiple network devices for real network security threats
• Design and develop cryptographic and security based solution• Analyse principles of asymmetric cryptography such as asymmetric encryption, key
exchange, digital signatures• Develop computer architecture, data and algorithms to identify security vulnerabilities
• Monitor, investigation and response to cyber security incidents, analysis of incident trending with development of security architecture
• Design algorithms, data structures based on cryptography and data security related activities
• Design crypto based security architecture elements to mitigate threats
• Basic support to low level component design, implementation and technical change to support technology systems
• Design of models based on Security services and Cryptography services• Identify, report, manage and mitigate risk within a defined risk appetite with
cryptographic strategies
• Refactor legacy code to support up to date standards on cryptography and current hardware architectures
• Development and maintenance of business intelligence product used to extract, transform and load from different input files or databases
• Analyse public key cryptography (PKI) and encryption methodologies
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
2323
Costa Rica: Cryptographer: Sample Talent Profiles
Jorge CamachoEducation: Security Certified Professional,Fidelitas University
Core Responsibilities
• High level Analysis of data logs from multiple network devices to determine possible cyber attacks to be false positive, false negative or real network security risk
• Analyse and decipher encryption systems with development of new encryption algorithms, statistical and mathematical models
• Design, develop, integrate and update technical security based solutions for confidentiality, integrity, availability, authentication and non repudiation using public key algorithms
Cyber Threat AnalystExperience in Current Role: 2+ MonthsTotal Experience: 7+ Years
Randy Varela CorderoEducation: Information System Security, Latin American University of Technology
Core Responsibilities
• Design and develop hardware security modules with programming and cryptographic solutions
• Design and configure encryption protocols on networks and troubleshoot connectivity issues and associated VPN technologies
• Implement, test and deployment of Akamai platform configurations with development and execution of test cases and scripts for solutions
Cryptographic Security AnalystExperience in Current Role: 2+ YearsTotal Experience: 5+ Years
• Resolve the vulnerabilities in AWS and Azure accounts and implement server health dashboard for service transition from non-automated environment
• Install and configure server certificates based on cryptography using PKI for compliance and create own certificate authorities
• Design of models using cryptographic hash algorithms, encryption and decryption process
• Monitor and Analysis of cryptographic services infrastructure with incidents log into Service Now management
• Diagnose software malfunctions, troubleshoot configuration issues and provide implementation recommendations for all models of Cisco Firewalls, NGWF and ACS
• Develop encryption solutions using API with cyber security strategic plans
Francisco HuertasEducation: Cisco CCNA,Cisco Netacad
Core Responsibilities
Cryptographic AnalystExperience in Current Role: 9+ MonthsTotal Experience: 7+ Years
Katherine SerranoEducation: Information System Engineering, National University
Cybersecurity AnalystExperience in Current Role: 3+ YearsTotal Experience: 6+ Years
Core Responsibilities
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
2424
Costa Rica – Talent Demand Analysis: Security Operations Engineer, DevOps Engineer and Vulnerability Testing job roles are the most in-demand job roles in the past 3 months
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018
Security Architect Incident Response Threat Response Security Operations Network SecurityEngineer
DevOps Engineers Security QA Engineer Penetration Tester Vulnerability testing Security Engineer(Operations)
Intrusion Detection Security SoftwareDeveloper
Security ToolsDeveloper
Cryptoanalyst
3% 83% 9% 5%
Architect and Orchestrators Engineering & Operations Software Development Cryptography & Research
5 - 10
15 - 20
20 - 25
50 - 55
10 - 15
25 - 30
15 - 20
10 - 15 10 - 15
25 - 30
5 - 10
15 - 20
5 - 10
10 - 15
Cybersecurity Job Openings for the past 3 Months in Costa Rica
Job Openings Distribution by Job Clusters
2525
Leading universities such as University of Costa Rica and Cenfotec University offers large number of courses in Cybersecurity
~20+Total Number Of Universities In Costa
Rica
~242KStudent Enrolment in Costa Rica
Universities
Key Insights
• The literacy rate of Costa Rica is 98% and is the
highest among all Latin American countries
• Public spending on education makes up ~31.5% of
total government expenditure, which is highest of all
OECD and partner countries, notifying that
investment in education is a top priority for the
country
• The Spanish National Cyber security Institute, S.A.
(INCIBE) with the Organization of American States
(OAS) offers training programs in Costa Rica
specializing in cyber security for the cybersecurity
talent
~80-85KTotal Number Of Graduates In Costa
Rica
~15-20KTotal Number Of STEM Graduates In
Costa Rica
~100-200Total Number Of Graduates Pursuing
Cybersecurity Courses
Overview
Universities Cybersecurity Courses
UNIVERSITY OF COSTA RICA
• CCNA (Cisco Certified Network Associate),• CCNP (Cisco Certified Network Professional)• CCNA Security
CENFOTEC UNIVERSITY
• Computer Security and Ethical Hacking, • Incident Response and Computer Forensics,• Preparation for the Information System Security
Professional CISSP certification • Principles of Cryptography • GSI: Information security and cybersecurity • GSI: Security of communications and personal
devices• GSI: Information security management system • GSI: Business continuity and risk management• Management of security incidents
LEAD UNIVERSITY • Specialty in Cybersecurity
Cybersecurity Courses In Costa Rica
Top Universities
Note : DRAUP’s Talent Module analysed 20+ Costa Rica universities
2626
University of Costa Rica
Top Awards and Rankings:University of Costa Rica ranks 19th in LATAM University Rankings, ranks 500th in the QS World University Ranking
Marquee Alumni• Vanessa Ramirez,
Commercial Director at Forbes
• Juan Gabriel Ruiz Gutierrez, Director at Resonetics
Key Programs and Courses Offered Key Alumni Profiles
University of Costa Rica: University of Costa Rica, an institution financed by the State that has the widest academic courses in the country. The university offers cybersecurity and networking related courses in association with Cisco
Total Enrolment
~41,000Graduation Rate
~13%
Courses Offered• CCNA (Cisco Certified Network Associate)• CCNP (Cisco Certified Network Professional)• CCNA Security A• Configuration of Linux Servers• Development of Websites with Drupal• IT Essentials• Applied networks• Computer and Information
Note : DRAUP’s Talent Module analysed 20+ Costa Rica universities
Kerry PorrasDESIGNATION: Security Delivery Specialist SRM Compliance Management at IBM
Education: BS IT Essentials and CCNA at University of Costa Rica, BS Systems Engineering at Central University
Current works: Physical Security review of IBM sites and leading the work place Security program for GTS, an internal program based on internalPhysical audits (workstations) to be sure no confidential information is exposed
Jamie CordobaDESIGNATION: Enterprise Security Engineer at Tek Experts
Education: Information Technology at University of Costa Rica, System Administration at Cisco Networking Academy
Current works: Big data security analytics and intelligence software for security information and event management and log management solution
• CCNA Security: complementary course that delves into the design, implementation and support of network security
• CCNP provides the knowledge and skills necessary for the implementation and maintenance of an integrated network infrastructure of services and applications
University Of Costa Rica has partnered with Cisco for Cybersecurity and Networking courses
Cybersecurity and related Courses
2727
Cenfotec University
Top Awards and Rankings:Cenfotec University ranks 30th in Country Ranking
Marquee Alumni• Alexander Carrillo, Head
of Technical Support at Logical Data
• Esteban Oviedo Blanco, Director General at Grupo Babel Software & IT Services
Key Programs and Courses Offered Key Alumni Profiles
Cenfotec University: Universidad Cenfotec (Cenfotec University) offers a wide range of courses in Cybersecurity. The university is one of the preferred hotspot for employers hiring Cybersecurity talent
Total Enrolment
~2,000Admission Rate
~80-90%
Erick GamboaDESIGNATION: Cyber Security Engineer at DXC Technology
Education: MS Cyber Security at Cenfotec University, BS Computer Science at Latin University of Costa Rica
Current works: Security-related compliance and delivery governance, working with senior management and focusing specifically on security environment in relation to client business objectives
Gustavo MendezDESIGNATION: Information Security and Compliance Specialist at Desert Development Company
Education: MS Cyber Security at Cenfotec University, BS Computer Engineering at Latin University of Costa Rica
Current works: Design and implement cyber security policies and security procedures for a software development company and execute the Security Incidents Management Process
Courses Offered• Management of Software Requirements• CISCO CCNA 1 (Fundamentals of CISTEC1 Networks)• Design and construction of components• Computer networks• Object-oriented programming• Software conceptual design• Development of Web Applications• SCRUM Master Professional Certificate (SMPC)
Cyber Security Courses Offered• Security of the information• Cybersecurity• Security management system• Security in communications and personal devices• Security in wireless networks and mobile devices• Security in operating systems• Security of applications and systems• Management of security incidents
Note : DRAUP’s Talent Module analysed 20+ Costa Rica universities
2828
AGENDA
Cybersecurity Talent Landscape – Costa Rica and Panama
Costa Rica: Cybersecurity Talent Deep Dive
Overview and Talent Stack Of The Global Cybersecurity Industry
Panama: Cybersecurity Talent Deep Dive
2929
Service sector contributes to a large proportion of GDP. This sector employs ~67% of the total talent
Population: ~3.8 Million
Literacy level: 95%
Top Spoken Languages: Spanish, Ngabere, Buglere
Ethnicity: Mestizo(65%)
Total labor force: ~1.633 Million
Unemployment rate*: 6.0%
Median age: 29.2 years
Sex ratio: ~1:1
GDP : $61.84 Billion
GDP growth rate: 5.4%
Percentage of workforce in different industriesA large proportion of employees are employed in
Service sector which includes services such as logistics, banking, insurance and tourism and accounts
for about ~66.74%
Total Workforce : ~1.6 Million
Panama has the highest rate of youth unemployment which is 15%. The technology sector in Panama
employs ~15-20% of the overall talent
Panama ranked 54th in National Cyber Security Index and 61st in Global Cyber Security Index
Source : Panama Census BureauNote: The represented data has been collected from multiple news sources and DRAUP Proprietary Database
3030
Talent Dashboard: ~74% of the installed cybersecurity talent pool falls under the Security Operations cluster
1.a
~2,700
~2,000
~150
Total Relevant Cybersecurity talent pool
Security Operations Engineer
Directly Relevant Talent Pool
Note : DRAUP’s Talent Simulation Module was used to analyze talent by location and skill sets
Security Software Developer
Security Architect
• Network Security Administration• Security Engineer
Sample Roles *
• Software Developer• Security Software Developer
• IT Security Architect• Security Solution Architect
~300
*Listed roles are a sample set and are not exhaustive** The overall talent might be less than the number due to overlap of skills
Cryptographer ~250 • Cryptographer• Cryptographic Analyst
BFSI
Software & Internet
Telecom
Others
10-14%
Vertical level cybersecurity talent split
• Cyber Security Analyst• Cyber Security Engineer
• Information Security Application Developer• Security Software Engineer
• Information Security Officer• Security Architect
• Researcher• Security Threat Analyst
~70%Organizations doesn’t find perfect talent for
cybersecurity roles
75-90 DaysAverage time taken to fill cybersecurity jobs
across various levels
~30-35%Of current cybersecurity talent hold atleast
one security related certification
~3-5 JobsPosted everyday for Cybersecurity related
roles
58-62%
10-13%
9-11%
3131
Firewall Management
830 Risk Assessment 750 DNS Security 590
Identity Access Management
10
Ethical Hacking
110Penetration
Testing110 Encryption 90 Forensics 80 TCP/IP Security 80
Intrusion Detection
80VulnerabilityAssessment
70Incident
Response60
Cryptography 40Web ApplicationSecurity
30Threat
Intelligence20
MalwareAnalysis
20
Skill-level Analysis: Large proportion of employed talent pool is skilled in core cybersecurity skills such as Firewall Management, Risk Assessment and DNS Security
Note: DRAUP’s Talent Simulation Module was used to analyze talent by skill sets
Sub Netting 15Network Access
control10
SIEM 50
** The overall talent might be less than the number due to overlap of skills
Top cybersecurity skills talent
3232
Panama City
Location Hotspot: Panama City employs >95% of the installed cybersecurity talent in Republic of Panama. The city hosts the major technology employers from the Software & Internet, BFSI and Telecom verticals
Note: The represented data has been collected from multiple articles and are curated from DRAUP Proprietary Database
• More than 95% of the installed cybersecurity talent is based out of Panama City, while a bare minimum headcount is present in other cities
• The International Technopark of Panama is an entrepreneurial development growth pole that houses major IT and biotech companies such as HP, Ericsson, Copa Airlines, Cable Onda, AQ1 Systems
• The Ciudad del Saber (City of Knowledge) is a center for innovation and knowledge exchange combining business, research and studies
Key Insights
Panama CanalMajority of the Services and Business Parks are located in this area in Panama
and is home to the top employers in the Cybersecurity vertical
Dell EMC
Cisco SmartmaticMicrosoft
Brinks
Quest Software
Rootstack
Panama University
Technology University of Panama
3333
Panama – MSA Deep Dive: Panama City has the highest cybersecurity talent in the Republic of Panama, employing about ~95-98% of the total installed talent
~2,600 – Cybersecurity Talent Spread Across Panama City
Peer Employers Extended List
Quest Software Indra SISAP St.Georges Bank
TECNASA Telered - Panama Banco Nacional de Panama Inteligo Bank Ltd
Smartmatic Soluciones Seguras International Insurance Company Digicel Panama Ltd.
GBM as a Service Security Solutions Distributors Sigma Security Sefisa
NTT Data Services HSBC CITI Trend Micro
Global Bank Viva Solutions S.A. Nativa Holding Medios De Pago, S.L. Grupo CS Panama
Bicsa Cisco TowerBank Inc. Grupo UPS
Telecarrier E Risk Corporation DGI Ximark Technologies
Sofistic Bladex M.B.Security Metrobank N.A.
Fronteras Security BAC Credomatic CLAdirect Ultrared Internacional SA
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
3434
Panama: Top Employer Profiles for Security Architect talent pool
Banco Nacional de
Panama
~20
~20
~10
~10
~10
Top Employers & Headcount Job Titles Workloads
• IT Security Specialist• Information Security Officer• Security Specialist
• IT Security Architect• IT Security Specialist• Security Infrastructure Architect
• Security Architect• Security Solution Architect
• Information Security Architect• Security Solutions Architect
• IT Security Architect• Security Architect
• Provide security guidance across security architectural reviews and multiple technologies
• Manage security related projects and effective transition of security services • Design of Information Protection Architecture by defining shared services, consistent
patterns and toolsets
• Implement and integrate Security Equipment in security service based infrastructures• Support development, implementation, maintenance and enforcement of controls,
tools, documentation, processes and standards• Monitor and report IT security risk status, security architecture design principles and
technologies
• Design, build, test and implement security systems and conduct security and privacy reviews to determine compliance
• Verify the security and privacy requirements defined in the security plans, policies and procedures
• Support software and data delivery platforms design with reusable components
• Implement security systems by specifying intrusion detection methodologies and equipment
• Define, design, evaluate and maintain the enterprise security architecture• Deploy information protection services such as encryption, key management, hardware
security modules, public key infrastructure and information lifecycle management
• Design security standard and authentication protocols for security systems• Development of robust security architecture and define technical solutions to address
security threats• Design, implement and standardize the security framework to improve the security
posture
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
3535
Core ResponsibilitiesCore Responsibilities
Panama: Security Architect : Sample Talent Profiles
Jose Luis Vega CamarenaEducation: System Management in IT Security, Inter-American University of Panama
• Manage action plan on reports of threats and vulnerabilities emitted by scanning and monitoring tools such as McAfee Secure, Network Security Manager-IPS, SIEM
• Implement and Integrate Security Equipment in the Infrastructure and penetration test in the network
• Perform security architecture and risk assessment with metrics and processes
• Deployment of security services in the integration with third-party services such as cloud, ADFS
IT Security ArchitectExperience in Current Role: 8+ YearsTotal Experience: 9+ Years
• Design technological and security architecture for a new payment service to invoice merchants with integration to online banks
• Create and implement the business continuity plan, disaster recovery plan and test periodically for successful results
• Establish encryption securities and technology policies for personnel, data security, disaster recovery and business continuity
Elio RodriguesEducation: Diploma in Information Security, IUTIRLA
Security ArchitectExperience in Current Role: 2+ YearsTotal Experience: 4+ Years
• Develop, document and implement information security policies, procedures and monitor security infrastructure and respond to security requests
• Develop and deploy robust security schemas to incorporate redundant solutions, electronic auditing, intrusion detection and identification of attack signatures
• Modernize outdated information security policies to manage, coordinate and track mitigations to ensure appropriate progress
• Design of scalable architecture based on business requirements, while complying with security and infrastructure standards
• Build system architecture that enable business units to execute strategic business plans and deployment of security services
• Create and evolve business cases that support implementation of new technologies and develop product security architectures
Alejandro GerbaudEducation: BBA Management Information System, University of Notre Dame
Information Technology ArchitectExperience in Current Role: 7+ YearsTotal Experience: 9+ Years
Adrian DEducation: Information Security and Risk Management, University of Washington
Security ArchitectExperience in Current Role: 4+ YearsTotal Experience: 8+ Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Core Responsibilities Core Responsibilities
3636
Panama: Top Employer Profiles for Security Operations Engineer talent pool
~50
~40
~40
~40
~30
Top Employers & Headcount Job Titles
• Information Security Officer• Security Operations Specialist• Security Operations Center (SOC) Analyst
• Security Operations Consultant• Security Operations Engineer• Security Operations Specialist
• Chief Information Security Officer• Senior Security Engineer
• Security Operations Center (SOC) Analyst• Information Security Engineer
• Information Security• Information Security Operations• Cyber Security Operation
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
• Monitor, research, assess and analyse intrusion detections, prevention tools • Oversee anomaly detection systems, firewalls, antivirus systems, proxy devices • Act as a SPOC for any security incidents• Perform initial risk assessment on new threats and vulnerabilities
• Design and develop enterprise security solutions • Provide security requirements during planning sessions, functional and technical requirement
sessions • Provide user story creation and grooming, and technical design based on identified risks
• Develop and maintain the information security strategy• Evaluate and develop secure solutions based on approved security architectures• Develop the business, information and technical artifacts that constitute the enterprise information
security architecture and solutions
• Configuration, implementation and monitoring of one or more SIEM tools (QRadar, Arcsight, etc)• Monitor SIEM and other SOC tools by following operational process and procedures to appropriately
analyse, escalate, and assist in remediation of security incidents
• Escalate the security incidents in the incident response procedures• Proactively identify the emerging cyber threats within the environment and PLS industry• Provide on-call support for broken or disrupted security technologies
Workloads
3737
Panama: Security Operations Engineer: Sample Talent Profiles
Edgar A. Rivas JEducation: MS Computational Security, Latin University of Panama
Core Responsibilities
• Conduct security verification & validation reviews to identify security risk and non-compliance areas and to ensure the ongoing protection of Verizon assets and sensitive customer information
• Operate and administrate the organization's information security activities including systems and data security, disaster recovery, and archiving
• Risk Assessment and Security Compliance and Assurance along with internal Process, Quality Assurance, Reporting
Information SecurityExperience in Current Role: 4 YearsTotal Experience: 15 Years
Core Responsibilities
• Performs risk analysis to identify any security issues that could lead to lost or stolen data
• Analyse the security data from computing and network devices to identify potential threats and vulnerabilities
• Initial detection, analysis, and investigation of security events to determine likelihood of compromise and respond according to processes
• Analyse the system outages, alerts, and reports of abnormal system behaviour due to suspected security related events such as viruses, and hacker intrusions
IT Security AnalystExperience in Current Role: 1 YearTotal Experience: 10 Years
Aaron EchazabalEducation: BS Electrical, Electronics Engineering, Panama University
Core Responsibilities
• Monitor the control environment to ensure compliance with information security policies and standards
• Coordinate and participate in multiple audits campaigns of information security practices
• Plan, develop, monitor and manage the policies, procedures and initiatives to ensure that information security compliance stands within its pillars of confidentiality, integrity and availability
System Security EngineerExperience in Current Role: 4 YearsTotal Experience: 7 Years
Core Responsibilities
• Develop a security awareness program and developing mitigation strategies for the issues identified
• Design and develop data security frameworks and best practices ((ISO 27002, COBIT, RISK IT)
• Develop risk mitigation strategies required to protect the confidentiality, integrity and availability of information systems and client data
Chief Information Security OfficerExperience in Current Role: 4 YearsTotal Experience: 15 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Rodolfo Gallardo
Education: Science Technology Information Security Specialist
Akeem RodriguezEducation: MS Computer Security, Interamerican University of Panama
3838
Panama: Top Employer Profiles for Security Software Developer talent pool
~20
~10
~10
~10
~10
Top Employers & Headcount Job Titles Workloads
• Security Engineer• Security Software Developer• Security Tools Developer
• Security Software Developer• Software Developer• Security Software Engineer• Secure Application Designer
• Software Development Engineer• Security Application Developer
• Software Developer• Security Engineer• Security software developer
• Software Developer• Security Engineer
• Perform secure software engineering tasks and fix detected vulnerabilities to maintain a high-security standard software's
• Implement security tools based on the design and specifications• Implement, test and operate advanced software security techniques in compliance with
the technical reference architecture
• Analyse, design, develop and deliver high-quality security software solutions• Architect, design, develop, test and troubleshoot features and functions during security
software development• Investigate security breaches and other cyber-security incidents
• Perform on-going security test and code review to improve software security• Validate the Software components against the requirements to ensure full coverage
and quality• Install security measures and operate software to protect systems and information
infrastructure, including firewalls and data encryption programs
• Design, analyse, develop, configure, test, train and secure the software and computer systems
• Perform security testing and code review to improve software security• Implement the security tools based on the design and specifications
• Design, develop, and test software to meet quality, performance security and non-functional requirements like accessibility and localisation
• Contribute to the development of features in the network, storage and security domains
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
3939
Core Responsibilities
Core ResponsibilitiesCore Responsibilities
Core Responsibilities
Panama: Security Software Developer : Sample Talent Profiles
• Design and deliver advanced defence, intelligence, and security solutions to support the important missions of customers for enhancing the security
• Plan, design, develop and test software systems and applications for software enhancements
• Analyse, test and integrate application components
• Enable solutions for security APIs, scalability, manageability, usability, and other critical factors
Ramón A. Burgos AngaritaEducation: Master in Computer Security Cyber Security at Polytechnic University of Catalonia
Security Software Engineer LeadExperience in Current Role: 1 YearTotal Experience: 12 Years
Carlos BerrioEducation: Computing with Specialization in Management Computing at American University (PA)
• Design new forensic tools and security software systems
• Monitor the development phases of the security application project for the organization
• Implement, test and operate advanced security software techniques in compliance with the technical reference architecture
• Provide engineering designs for new software solutions to help mitigate security vulnerabilities
Software EngineerExperience in Current Role: 10 MonthsTotal Experience: 11 Years
• Develop security software and integrate security into software during the course of design and development
• Design security products and involve at all stages of product development for maintaining quality
• Architect, design, and implement security related technologies
• Design test automation, integration testing, performance testing and security testing approach
• Identify and resolve security issues and perform security analysis, defences and countermeasures to provide strong and reliable software
• Create secure software tools and systems with a team of developers and provide engineering designs for new software solutions
• Research and identify flaws and troubleshoot and debug issues that arise during development
• Participate in security requirement, maintain technical documentation and monitor platform administration
Juan Carlos Guevara PinzónEducation: Degree in Computer Engineering
Software EngineerExperience in Current Role: 13+ YearTotal Experience: 17 Years
Yuk Yon ChenEducation: Technology University of Panama
Software Development EngineerExperience in Current Role: 4 MonthsTotal Experience: 15 Years
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
4040
Panama: Top Employer Profiles for Cryptographer talent pool
~20
~10
~10
~10
~10
Top Employers & Headcount Job Titles Workloads
• Cryptographic Analyst• Security Threat Analyst
• Cryptographer• Cryptographic Analyst
• Cryptographic Security Analyst• Cybersecurity Analyst
• Cryptographic Analyst• Cryptographic Security Engineer
• Cryptography Specialist• Security Analyst• Cryptanalyst
• Analysis and design cryptographic controls, protocols and their activities• Design, implement and verification of cryptography and security based systems using
machine learning concepts• Create privacy-preserving data exchange algorithms to build production-level system
• Analysis and maintenance of existing application cryptographic services and cloud based crypto services
• Design of hybrid crypto solutions for both Key and Certificate strategies• Design, implement and improve tools and services used to support symmetric and
public key cryptography management activities
• Develop and maintain internal expertise in cryptography and security of algorithms executed on embedded systems
• Analysis of cryptographic codes embedded in products and realisation of high level of cryptographic side-channel attacks
• Deployment of UL Security Evaluation services
• Identify network attacks and systemic security issues using public key cryptography, digital certificates, signatures and key management
• Support cryptography and key management activities using PIN Security, PCI Compliance, ANS X9/TR-39, TG-3 a plus
• Create or modify new cryptographically secured algorithms and calculate its entropy
• Define security requirements and develop standards spanning on multiple security domains
• Maintain key service of PKI systems with standard procedures, change control policies and procedures
• Support data encryption deployments and applied cryptographic strategies
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Secure Solutions
4141
Panama: Cryptographer: Sample Talent Profiles
Omar GudinoEducation: Cybersecurity Analyst,CompTIA
Core Responsibilities
• Design and develop encrypted solutions on incident response, risk reviews, vulnerability assessments and identifying threats
• Design, deployment, operation and support on security of network and infrastructure
• Build advanced cyber-security models for high-value data, workflows and accountability based on cryptographic expertise
Cybersecurity AnalystExperience in Current Role: 1+ YearsTotal Experience: 8+ Years
Anibal VeraEducation: Master of Computer Science,Central University of Venezuela
Core Responsibilities
• Define security and protection standards and analysis of computer malware forensics
• Perform vulnerability scanning and penetration testing, with web application, quality standards and methods
• Development and analyse cryptographic procedures with forensic tools such as EnCase, Access Data, FTK and WinHex
Cybersecurity AnalystExperience in Current Role: 3+ YearsTotal Experience: 5+ Years
• Deployment of System Security Hardening and Cybersecure Architecture using security process and procedures
• Analyse principles of asymmetric cryptography such as asymmetric encryption, key exchange, digital signatures
• Design of security models using cryptographic hash algorithms, encryption and decryption process
• Develop security models for cloud, identify security vulnerabilities and manage secret key material in HSM, both for short-lived and long-lived credentials
• Design secure communication protocols and approach challenges of identity management to develop a secure user and device identity framework
• Implement foster developing technology to have cryptographic primitives and secure key management technologies
Mauro Antonio Reluz CedenoEducation: Master of Business Administration, Inter-American University of Panama
Core Responsibilities
Cryptographic AnalystExperience in Current Role: 9+ YearsTotal Experience: 10+ Years
Fabian ChieraEducation: Postgrade CryptographyInstitute of Higher Education of Army
Cybersecurity AnalystExperience in Current Role: 1+ YearsTotal Experience: 15+ Years
Core Responsibilities
Note : DRAUP’s Proprietary Talent Module was used to analyze talent by locations and skill sets
Secure Solutions
4242
Panama – Talent Demand Analysis: Security Operations Engineer, Security Software Developer and Network Security Engineer job roles are the most in-demand job roles in the past 3 months
Note: The represented data is derived from DRAUP’s Proprietary Talent Module, updated in Dec, 2018
Security Architect Incident Response Threat Response Security Operations Network SecurityEngineer
DevOps Engineers Security QA Engineer Penetration Tester Vulnerability testing Security Engineer(Operations)
Security SoftwareDeveloper
Cryptoanalyst
7% 76% 13% 4%
Architect and Orchestrators Engineering & Operations Software Development Cryptography & Research
Cybersecurity Job Openings for the past 3 Months in Panama
5 - 10 5 - 10 5 - 10 5 - 10
15 - 20
5 - 10 5 - 10
10 - 15
5 - 10 5 - 10
15 - 20
10 - 15
Job Openings Distribution by Job Clusters
4343
Leading universities such as Technological University of Panama and Panama University offers large number of courses in Cybersecurity
~10+Total Number Of Universities In Panama
~152KStudent Enrolment in Panama
Universities
Key Insights
• Panama Universities offer courses in engineering,
public health, nursing, and biosciences
• Panamas City attracts a lot of international students
as the education is free. US universities such as
Florida State University and the University of
Louisville has branches in Panama
• Panama ranked 48th out of 70 countries on the EF
English Proficiency Index
• Panama has ~53% of women in higher education
depicting a large female population
~60-65KTotal Number Of Graduates In Panama
~20-25KTotal Number Of STEM Graduates In
Panama
~100-200Total Number Of Graduates Pursuing
Cybersecurity Courses
Overview
Universities Cybersecurity Courses
TECHNOLOGICAL UNIVERSITY OF PANAMA
• Computer security and Cryptography
PANAMA UNIVERSITY
• Security and Privacy of Networks• Quality of Network Security and
Management of Security• Control and Evaluation of
Computer Resources
INTER-AMERICAN UNIVERSITY OF PANAMA
• CISCO CCNA Security
LATIN UNIVERSITY OF PANAMA• Master's Degree in System and
Management with Specialization in Computer Security
Cybersecurity Courses In Panama
Top Universities
Note : DRAUP’s Talent Module analysed 10+ Panama universities
4444
Panama University
Top Awards and Rankings:Panama University ranks as 139th in LatAm University rankings, 36th in Academic Reputation
Marquee Alumni• Romano Feoli, Partner at
Feoli & Co • Radames Villaverd CPA,
Regional Accounting Director at Dell
Key Programs and Courses Offered Relevant Statistics Key Alumni Profiles
Panama University: Panama University has several research agreements with the government agencies in the areas of science and technology. Cybersecurity is one of the focus areas in this segment
~970 International
Students
Total Enrolment
~37,500Total Graduates
~10,000Courses• Computer security and
cryptography• Artificial intelligence –
Cybernetics• Software Engineering• Theoretical computer science• Information and coding theory• Computer architecture and
computer engineering• Computer performance analysis• Concurrent, parallel and
distributed systems• Computer networks• Scientific computing• Computer applications• Programming language theory
~94% UG Students
~6% PG Students
Joaquin RodriguezDESIGNATION: Cybersecurity Evangelyst at Information Security Evangelyst
Education: BS in Electronic Communications at Panama University, MS in Information and Communications Security at Alfonso X El Sabio University
Current works: Cybersecurity ambassador for Central America to share experiences and best practices in the cybersecurity field
Samuel Sie-ky LaoDESIGNATION: Senior Infrastructure Security Engineer at Telconet
Education: BS Electronics and Communications Engineering at Panama University, PG at Panama University
Current works: Support the IT infrastructure team with scheduled maintenance such as troubleshooting and new settings for security devices and deploy security settings for IT infrastructure
Note : DRAUP’s Talent Module analysed 10+ Panama universities
Cybersecurity and related Courses
4545
Technological University of Panama
Top Awards and
Rankings:Ranks 2nd in Panama, Ranks 119th in the LatAmUniversity Ranking
Marquee Alumni• Juan Antonio Cedeño
González, CEO at Alpicio Software
• Leonardo Dugarte, Director and Partner at GEPSA - Energy Group Panama
Key Programs and Courses Offered Relevant Statistics Key Alumni Profiles
Technological University of Panama: The second-largest university in Panama offers security courses in networking. The university attracts international students as it offers free courses
Humberto Williams AllenDESIGNATION: Information Security Analyst
Education: BS in Computer Science at Technological University of Panama, MS in Computer Security –Interamerican University of Panama
Current works: Develop a security awareness program and developing mitigation strategies
Paul Chen Charter DESIGNATION: Computer Specialist at Canal de Panamá
Education: BS in Business/ Commerce at Technological University of Panama, MS in Computer and Information Systems at Interamerican University of Panama
Current works: Information Security Management, Endpoint Protection, Vulnerability Management and Cloud Security
~550 International
StudentsTotal Enrolment
~24,000Master Degrees
~40+
Courses• Security and Privacy of Networks I• Security and Privacy of Networks II• Quality of Network Security• Management of Security, Control
and Evaluation of Computer Resources
• Organization and Architecture of Computers
• Operating systems• Analysis and Design of Networks• Network Systems Administration• Computer networks• Micro Computation• Data Communication• Analysis and Design of Networks
98% - UG Students
2% - PG Students
• Information and Communications Technology Center
• Engineering Experimental Center
Note : DRAUP’s Talent Module analysed 10+ Panama universities
Cybersecurity and related Courses
Research, Development and Innovation Centres
Source : DRAUP
46
46
www.DRAUP.com