National Cybersecurity Skills Strategy and Action Plan
Abridged Version for Stakeholder Validation | January 2026
KNS KNOWLEDGE NETWORK SOLUTIONS
NATIONAL CYBERSECURITY COORDINATION CENTRE (NC3)
SIERRA LEONE DIGITAL TRANSFORMATION PROJECT
TABLE OF CONTENTS
01
Executive Summary
02
Stakeholder Consultation and Strategy Validation
03
Strategic Framework
04
Strategic Pillars and Initiatives
05
Cross-Cutting Issues and Thematic Priorities
06
Action Plan
07
Governance and Implementation Roadmap
08
Stakeholder Roles and Responsibilities
1. Executive Summary
In response to Sierra Leone's rapid digital transformation and the corresponding escalation in sophisticated cyber threats, this National Cybersecurity Skills Strategy and Action Plan has been meticulously formulated. Its central purpose is to cultivate a robust, highly skilled, and resilient national cybersecurity workforce. Commissioned by the National Cybersecurity Coordination Centre (NC3) with vital support from the World Bank, this strategy is the culmination of a comprehensive national workforce assessment and an extensive stakeholder consultation process. It identifies critical skills gaps, defines clear strategic objectives, and presents an actionable roadmap to position Sierra Leone as a competitive leader in the global cybersecurity market.
1.1 Purpose and Scope
This strategy provides a comprehensive, forward-looking roadmap designed to fortify Sierra Leone's cybersecurity workforce and ecosystem. It is built upon a rigorous, evidence-based assessment of the existing skills landscape, including a detailed analysis of workforce supply and demand, competency gaps, and the distribution of talent across various sectors and demographics. The development process was deeply collaborative, engaging a wide array of stakeholders from government, the private sector, academia, civil society, and international partners to ensure a holistic, inclusive, and nationally-owned strategy. The document prioritizes the creation of a future-ready talent pipeline, the strengthening of educational pathways from primary to tertiary levels, the promotion of a vibrant and innovative domestic industry, and the fostering of a security-conscious culture across the nation.
1.2 National Context and Situational Analysis
Sierra Leone is navigating a significant phase of digital transformation, propelled by increasing internet connectivity and the expansion of digital services. The Government has demonstrated a clear commitment to digital resilience through the enactment of the Cyber Crime Act (2021) and the formation of the NC3. Despite these progressive steps, the country faces notable exposure to a wide spectrum of cyber threats, including data breaches, financial fraud, and potential attacks against critical infrastructure. These vulnerabilities, if inadequately addressed, pose substantial risks to public confidence, national security, and the sustainable advancement of Sierra Leone's digital economy.
The recent national assessment underscores a critical shortfall in cybersecurity professionals. The current workforce is primarily concentrated in select government agencies and large private sector organizations, with a significant void in small and medium-sized enterprises (SMEs) and rural communities. While most practitioners demonstrate foundational IT competencies, there is a substantial deficit in advanced expertise in areas like digital forensics, incident response, and secure software development.
1.3 Key Findings from Workforce Assessment
The national workforce assessment and subsequent stakeholder consultations revealed several critical challenges that this strategy aims to address:
Pronounced Skills Deficit
A severe shortage of qualified cybersecurity professionals exists across all sectors. Key specialized roles, such as Incident Responder and Threat Analyst, are largely absent, with most cybersecurity duties informally delegated to general IT staff who lack specialized training.
Lack of Standardization
Existing training programs and certifications are not aligned with globally recognized frameworks like the National Initiative for Cybersecurity Education (NICE) or the European Cybersecurity Skills Framework (ECSF), hindering career progression and international competitiveness.
Insufficient Educational Integration
Cybersecurity concepts are not systematically integrated into formal education curricula at primary, secondary, or tertiary levels, resulting in low foundational awareness and a severely limited talent pipeline.
Demographic and Regional Underrepresentation
Women, youth, and individuals from rural communities are significantly underrepresented in the cybersecurity workforce, reflecting broader inequities in access to STEM education and professional opportunities.
Nascent Industry and Innovation Ecosystem
The domestic cybersecurity industry remains in its early stages, characterized by constrained opportunities for research, innovation, local solution development, and entrepreneurship.
Fragmented Efforts and Low Awareness
Despite legislative progress, efforts to build cyber resilience remain fragmented. Public and private sector entities exhibit low levels of specialized cyber hygiene knowledge, creating systemic vulnerabilities.
1.4 Vision and Strategic Objectives
Vision
To position Sierra Leone as a leader in the global cybersecurity market, fostering a secure digital society, a thriving and innovative cybersecurity industry, and a resilient, inclusive workforce that supports national development and global competitiveness.
Mission
To build an inclusive, resilient, and future-ready cybersecurity ecosystem by integrating cybersecurity education at all levels, enhancing workforce capacity, promoting innovation, and ensuring broad-based participation across all demographic groups and geographic regions of Sierra Leone.
Strategic Objectives:
1
Systematically integrate comprehensive cybersecurity education across all levels of the national curriculum to build foundational awareness, digital citizenship, and technical competency from an early age.
2
Advance workforce capacity and professionalism through continuous development, upskilling, and accessible pathways to internationally benchmarked certification programs for both specialist and non-specialist personnel.
3
Foster the growth of a vibrant and self-sustaining local cybersecurity industry by actively promoting research, innovation, entrepreneurship, and the development of homegrown solutions.
4
Enhance public awareness and promote cybersecurity as a viable, attractive, and inclusive career path, with a dedicated focus on engaging and empowering women, youth, and other underrepresented groups.
5
Strengthen and expand multi-stakeholder partnerships and international collaborations to leverage global expertise, share best practices, mobilize resources, and ensure the long-term sustainability of the strategy.
2. Stakeholder Consultation and Strategy Validation
A cornerstone of this strategy's development was the National Cybersecurity Skills Strategy and Action Plan Consultative Meeting, held on July 29, 2025, in Freetown. Organized by the NC3, this pivotal event brought together a diverse assembly of over 100 professionals from financial institutions, telecommunications companies, national security agencies, civil society organizations, academic institutions, and the media. The primary objective was to validate the findings of the national skills assessment, gather expert feedback, and build a collective consensus on the strategic path forward.
Figure 1: View of the National Cybersecurity Skills Strategy Consultative Meeting held in July 2025.
Summary of Consultation Feedback
The dialogue and breakout sessions during the consultation provided invaluable insights, confirming the assessment's findings and adding crucial context. Key feedback themes included:
Urgent Need for Standardization
Stakeholders from all sectors strongly advocated for the adoption of international frameworks like NICE and ECSF to create national job standards. This was seen as essential for defining clear career pathways and aligning Sierra Leone with the global market.
Emphasis on Practical, Hands-On Education
Participants stressed the need for practical training through cybersecurity clubs, national hackathons, and robust internship programs to bridge the gap between theory and practice.
Mandating Key Roles
There was a strong consensus on the need to mandate key cybersecurity roles, particularly the Chief Information Security Officer (CISO), within all critical national infrastructure sectors to ensure accountability.
Call for Public-Private Collaboration
The private sector, particularly financial and telecommunications companies, expressed a strong willingness to collaborate on curriculum development, training initiatives, and resource sharing.
Grassroots Awareness is Key
Civil society and media representatives emphasized the need for sustained, nationwide awareness campaigns that are culturally relevant and accessible in local languages to foster a society-wide culture of security.
Integration of Feedback into the Strategy
The feedback from the consultative meeting has been systematically integrated into every pillar of this strategy, transforming it into a truly nationally-owned document. This direct stakeholder input ensures the strategy is relevant, practical, and addresses the most pressing needs of the nation.
Specific Refinements Based on Feedback:
  • Pillar 1 (Education): The initiative to "Establish Cybersecurity Clubs" was added directly based on stakeholder recommendations to foster early interest and practical skills among youth.
  • Pillar 2 (Workforce Development): The action to "Develop and mandate national cybersecurity job standards based on NICE/ECSF" was elevated in priority due to the strong consensus on the need for standardization. The target to train over 1,000 public sector professionals was also incorporated.
  • Pillar 4 (Policy): The recommendation to "Mandate the appointment of CISOs" in critical sectors has been included as a key policy initiative to enhance governance and accountability.
  • Action Plan: Specific initiatives like "Conduct comprehensive cyber audits through NC3" and designing "targeted training programs aligned with industry requirements" were directly shaped by the detailed discussions during the consultation.
  • Partnerships: The strategy now places a greater emphasis on formalizing mechanisms for public-private partnerships, reflecting the concrete commitments made by institutions like Orange (SL) Ltd and the Financial Intelligence Unit (FIU) during the meeting.
This collaborative approach ensures that the strategy is not merely a top-down directive but a shared roadmap, built on the collective expertise and commitment of Sierra Leone's key stakeholders.
3. Strategic Framework
The strategy is built upon five interdependent pillars, complemented by cross-cutting themes, as identified in the national skills assessment and validated by stakeholders. This structure ensures a comprehensive, integrated, and holistic approach to building national cybersecurity capacity.
Guiding Principles
Inclusivity
Guaranteeing equitable access to cybersecurity education and careers for all, irrespective of gender, age, location, or disability.
Sustainability
Promoting long-term development of national capacity through continuous learning and local ownership.
Collaboration
Fostering robust multi-stakeholder partnerships across government, academia, industry, and civil society.
Innovation
Cultivating a dynamic culture of research, development, and entrepreneurship.
Excellence
Upholding the highest international standards in education, training, and practice.
Agility
Ensuring the strategy remains flexible and responsive to the rapidly changing digital environment.
Critical Pillars of the Strategy
The strategy is structured around five key pillars and a set of integral cross-cutting themes:
1
Education and Training
Integrating cybersecurity into formal education, from primary to tertiary levels.
2
Workforce Development
Reskilling and upskilling the current workforce and standardizing job roles.
3
Fostering Local Cybersecurity Industry and Innovation
Supporting entrepreneurship and the development of homegrown solutions.
4
Policy and Regulatory Frameworks
Establishing robust policies, national standards, and governance structures.
5
Monitoring and Evaluation (M&E)
Ensuring evidence-based tracking of progress, impact, and accountability.
4. Strategic Pillars and Initiatives
Pillar 1: Education and Training
Objective: To systematically integrate cybersecurity awareness and foundational competencies across all stages of the national education framework, from primary to tertiary levels, thereby cultivating a sustainable and diverse talent pipeline.
Key Initiatives:
  • Curriculum Development and Integration: In collaboration with the Ministry of Basic and Senior Secondary Education (MBSSE) and the Ministry of Technical and Higher Education (MTHE), lead a structured process to develop and integrate age-appropriate cybersecurity modules into national curricula. This will cover topics from digital hygiene in primary schools to ethical hacking principles in secondary and TVET institutions.
  • Higher Education Program Enhancement: Actively support universities and technical institutes in establishing comprehensive undergraduate and postgraduate degree programs in cybersecurity, aligning them with industry needs and international standards.
  • Teacher Capacity Building: Design and implement a nationwide "Train-the-Trainer" program to equip educators at all levels with the necessary knowledge and pedagogical tools to effectively deliver cybersecurity education, supported by continuous professional development.
  • Educational and Grassroots Initiatives: Establish and support dedicated cybersecurity clubs in secondary schools and tertiary institutions to foster early interest and practical skill development. Develop official cybersecurity-focused websites as central information hubs.
Pillar 2: Workforce Development
Objective: To strengthen the capabilities and competencies of both current and future professionals by implementing robust frameworks for continuous professional development, upskilling, and access to internationally benchmarked certification programs.
Key Initiatives:
  • National Workforce Standardization: Develop and mandate national cybersecurity job standards based on internationally recognized frameworks like NICE and ECSF. This will create clear career pathways and provide a benchmark for skills and qualifications.
  • Specialized and Sector-Specific Training: Design and deliver advanced training modules in critical domains such as digital forensics, incident response, and cyber risk management, tailored for key sectors like finance, telecommunications, and government.
  • Certification Support and Accessibility: Establish a national cybersecurity certification fund and scholarship schemes to reduce financial barriers for professionals seeking globally recognized certifications (e.g., CISSP, CISM, CompTIA Security+), including creating local testing centers.
  • National Internship and Apprenticeship Program: In partnership with industry, establish a comprehensive national framework for paid internships and apprenticeships to provide students with invaluable practical experience.
Pillar 3: Fostering Local Cybersecurity Industry and Innovation
Objective: To cultivate a vibrant, innovative, and self-sustaining local cybersecurity industry, support entrepreneurship, and promote the development of homegrown solutions.
Key Initiatives:
  • Startup Incubation and Acceleration: Establish a dedicated cybersecurity startup incubator and innovation hub in Freetown to provide business development services, mentorship, technical training, and access to seed capital.
  • Industry-Academia-Government Collaboration: Forge formalized partnerships (PPPs) to drive collaborative research and development, focusing on co-creating and commercializing advanced cybersecurity solutions tailored to Sierra Leone's context.
  • Market Development and Local Procurement: Implement policies and incentives to promote the procurement of locally developed cybersecurity products and services within public and private sector organizations.
  • National Innovation Challenges: Organize annual national cybersecurity hackathons, innovation challenges, and "capture-the-flag" competitions to identify and nurture local talent and stimulate creative problem-solving.
Pillar 4: Policy and Regulatory Frameworks
Objective: To establish and enforce a robust, agile, and comprehensive governance, policy, and regulatory framework that safeguards national critical infrastructure and promotes best practices.
Key Initiatives:
  • Mandate Critical Cybersecurity Roles: Develop and enact legislation that mandates the appointment of a Chief Information Security Officer (CISO) within all government ministries and private sector entities designated as critical national infrastructure.
  • Strengthen and Update Legislative Frameworks: Conduct a continuous review of the Cyber Crime Act of 2021 and other relevant legislation to ensure they remain effective in addressing emerging technologies (like AI and IoT) and new threat vectors.
  • Adoption of National and International Standards: Promote and enforce the adoption of international best practices and technical standards, such as the ISO/IEC 27001 series and the NIST Cybersecurity Framework.
  • Comprehensive Cyber Audits: Empower the NC3 to design and conduct regular, comprehensive cyber audits across all critical sectors to ensure compliance with national standards and identify systemic vulnerabilities.
Pillar 5: Monitoring and Evaluation (M&E)
Objective: To ensure the effective implementation, accountability, and continuous improvement of the National Cybersecurity Skills Strategy through a rigorous, transparent, and evidence-based M&E system.
Key Initiatives:
  • Establish a Comprehensive M&E Framework: Develop a detailed M&E framework with clearly defined Key Performance Indicators (KPIs), baseline data, and achievable targets for each strategic objective. This framework will track inputs, activities, outputs, outcomes, and long-term impact.
  • Periodic Assessments and In-depth Reviews: Conduct systematic annual performance reviews to assess progress against targets and facilitate adaptive management. A formal, independent mid-term evaluation will be conducted at Year 3, followed by a final evaluation at Year 5.
  • National Incident Simulation Exercises: Organize regular "cyber-drill" exercises involving multiple stakeholders to test the nation's preparedness, response coordination, and recovery capabilities, with lessons learned feeding back into strategy refinement.
  • Public Reporting and Transparency: Develop and maintain a public-facing online dashboard to track and display progress on key strategic indicators, promoting transparency and fostering public and stakeholder accountability.
5. Cross-Cutting Issues and Thematic Priorities
To ensure the strategy is equitable and sustainable, a series of cross-cutting issues are integrated across all five pillars. These address systemic challenges fundamental to building an inclusive cybersecurity ecosystem.
5.1 Gender Equality and Women's Participation
Challenge: The national assessment revealed a stark gender disparity, with women constituting less than 20% of the cybersecurity workforce. This gap represents a significant loss of potential talent and perpetuates inequality.
Strategic Approach: A deliberate, multi-faceted strategy is required to dismantle barriers and actively promote women's participation. This includes:
Policy and Advocacy
Enacting policies that promote gender equality in STEM/ICT education and employment, in partnership with organizations like the 50/50 Group.
Targeted Education and Training
Developing scholarship programs specifically for women and girls pursuing cybersecurity degrees and certifications.
Mentorship and Role Models
Establishing a national mentorship network connecting aspiring female professionals with established women leaders and launching a "Women in Cyber" campaign to showcase success stories.
Inclusive Workplace Practices
Working with employers to adopt inclusive hiring practices, flexible work arrangements, and zero-tolerance policies for harassment.
5.2 Youth Engagement and Development
Challenge: While Sierra Leone has a large, digitally-savvy youth population, there are limited structured pathways for them to transition from interest in technology to a professional career in cybersecurity.
Strategic Approach: Foster a vibrant ecosystem that captures the interest of young people from an early age and provides them with skills and opportunities. This includes:
Early Exposure in Schools
Establishing and funding cybersecurity clubs in every secondary school and tertiary institution as hubs for practical learning and peer mentorship.
Gamification and Competitions
Organizing annual national events such as hackathons and "capture-the-flag" competitions to make learning engaging and identify top talent.
Structured Internships
Developing a national, government-endorsed internship program that provides paid, hands-on work experience.
Youth-Led Initiatives
Supporting and funding youth-led organizations focused on digital literacy and cybersecurity awareness.
6. Action Plan
The Action Plan operationalizes the strategy through specific, time-bound, and measurable activities. It delineates clear responsibilities, timelines, and performance indicators, creating a pragmatic framework for implementation.
Pillar 1: Education
Pillar 2: Workforce
Pillar 3: Industry & Innovation
Pillar 4: Policy & Regulation
Pillar 5: Public Awareness & Inclusion
7. Governance and Implementation Roadmap
Successful implementation requires robust governance, clear accountability, and a phased approach to ensure momentum and long-term sustainability.
7.1 Governance and Accountability Mechanisms
Clear governance structures will be established to ensure all stakeholders are aligned and responsible for delivering on their commitments:
Lead Agency (NC3)
The National Cybersecurity Coordination Centre (NC3) is designated as the lead agency, responsible for the overall coordination, day-to-day management, monitoring, and reporting of the strategy's implementation.
National Cybersecurity Skills Council (Steering Committee)
A multi-stakeholder Steering Committee, co-chaired by a high-level government official and a private sector representative, will be established. It will comprise representatives from key ministries, academia, the private sector, and civil society to provide high-level oversight, strategic direction, and ensure political and financial commitment.
Pillar Implementation Teams
Dedicated implementation teams, or Thematic Working Groups, will be formed for each strategic pillar. These teams will be responsible for the day-to-day execution of the action plan, data collection, and reporting to the NC3.
7.2 Detailed Roadmap for Implementation
To operationalize the strategy effectively, the following phased roadmap with clear next steps is proposed:
1
Phase 1: Foundation and Mobilization (Months 1-6)
  1. Adopt and Launch the Strategy: Secure formal endorsement of the strategy by the Government of Sierra Leone and launch a high-profile national awareness campaign.
  1. Establish Governance Structures: Formally establish the National Cybersecurity Skills Council and the Pillar Implementation Teams.
  1. Develop Detailed Implementation Plans: Prepare granular annual work plans and budgets for each strategic pillar.
  1. Operationalize M&E Systems: Finalize the M&E framework, conduct baseline assessments, and develop the public reporting dashboard.
2
Phase 2: Priority Program Rollout (Months 7-24)
  1. Initiate High-Impact Programs: Fast-track the rollout of priority initiatives, such as curriculum integration, the "Train-the-Trainer" program, and the public sector certification drive.
  1. Secure Key Partnerships: Formalize MoUs and partnership agreements with key academic, private sector, and international partners.
  1. Launch National Awareness Campaign: Roll out the first annual multimedia public awareness campaign.
3
Phase 3: Scaling and Deepening Impact (Years 3-5)
  1. Conduct Mid-Term Review: Undertake an independent mid-term review to assess progress, capture lessons learned, and make necessary strategic adjustments.
  1. Scale Successful Initiatives: Scale up successful pilot programs, such as the startup incubator and regional training centers.
  1. Plan for Sustainability: Develop a long-term sustainability plan to ensure the continuation of key initiatives beyond the initial five-year strategy period.
8. Stakeholder Roles and Responsibilities
The success of this strategy hinges on a collaborative, multi-stakeholder approach where each partner understands and fulfills their unique role. This ecosystem of shared responsibility is critical for building a sustainable national cybersecurity capacity.
Government Ministries (MBSSE, MTHE, MoCTI, Finance)
Government ministries are the primary drivers of policy and regulation. Their role is to mainstream cybersecurity into national planning, allocate necessary budget, and create the enabling legal environment. The education ministries (MBSSE, MTHE) are directly responsible for curriculum reform and teacher training, while MoCTI provides the overarching technology policy direction.
National Cybersecurity Coordination Centre (NC3)
As the lead coordinating body, the NC3 is the central hub for implementation. Its responsibilities include managing day-to-day activities, monitoring progress against KPIs, reporting to the Steering Committee, facilitating partnerships, and serving as the primary point of contact for all strategy-related matters.
Academia and Educational Institutions (Universities, TVETs)
Academic institutions are the engine of talent creation. Their role is to develop and deliver high-quality degree and certificate programs, conduct cutting-edge research, host innovation hubs, and collaborate with industry to ensure curricula remain relevant to market demands. They are also key partners in the "Train-the-Trainer" initiatives.
Private Sector (Telecoms, Banks, Tech Hubs, SMEs)
The private sector is both a key beneficiary and a critical partner. Its roles include providing industry expertise for curriculum development, offering internships and apprenticeships, co-funding training programs, sponsoring innovation challenges, and adopting best practices to secure their own operations. Industry leaders are expected to champion the strategy and serve on the National Cybersecurity Skills Council.
Civil Society, Media, and Development Partners
Civil society organizations and the media are essential for grassroots awareness and accountability. They will help disseminate information in local languages, advocate for inclusive policies (especially for gender, youth, and disability), and provide independent monitoring. International development partners like the World Bank provide crucial financial resources, technical expertise, and access to global best practices.