Analysis of Cyber Security in Bangladesh:

Knowledge Gaps and Skill Gaps

Md. Arafat Khan
Department of Computer Science and Engineering
Dhaka University of Engineering & Technology, Gazipur
ID: 204119, 3rd year 1st semester
arafatkhan.7232@gmail.com

I. A BSTRACT
In response to the escalating number of cyber incidents and the pressing shortage of skilled professionals
in the field, there is a compelling need to assess the disparity between the education provided in cyber
security and the actual requirements in the industry. Consequently, the primary aim of this study was to
pinpoint the knowledge gaps present in recent cyber security graduates as they enter the workforce. To
achieve this, I devised and executed an opinion survey based on the Cyber Security Knowledge Areas. Our
data was collected from practitioners employed in various cyber security organizations. To evaluate the
knowledge gap, we treated the data as nominal and applied the chi-squared test to enhance its accuracy.
The analysis revealed a noticeable knowledge gap that could be leveraged to enhance the quality of cyber
security education. The final results indicated that three specific Knowledge Areas (KAs) exhibited the most
significant knowledge gaps: Web and Mobile Security, Security Operations, and Incident Management.
Furthermore, we observed that Cyber-Physical Systems (CPS), Software Life Cycles, and Vulnerabilities
exhibited the most substantial disparities in perceived importance between less experienced and more
seasoned personnel. In response to these findings, I propose several recommendations for refining the
cyber security curriculum to bridge these knowledge gaps effectively. It is imperative that higher education
institutions provide top-notch cyber security education to elevate the qualifications of future professionals.
The competence and readiness of the national cyber security workforce hold paramount importance for
both nations and security organizations. This encompasses a diverse array of skills, encompassing technical
prowess, implementation abilities, managerial competencies, and soft skills, which must be instilled in
recent cyber security graduates. This groundbreaking study marks the inaugural exploration of this subject
matter, and it is anticipated that this research will serve as a source of inspiration for further investigations
in the field.
Index Terms
Cyber Security · Data Analysis · Education · Knowledge Gaps · Skill Gaps · Survey

II. I NTRODUCTION
Cyber security professionals play a pivotal role in ensuring the safety of institutions and nations. The
greater the experience, productivity, and education of these professionals, the more effective they become.
It is essential for academia to recognize the key disparities between what is taught at universities and the
expectations of the industry.
Highly skilled cyber security experts significantly outperform their less proficient counterparts, enabling
nations to effectively address cyber security challenges in a timely manner. Consequently, countries are
actively working to bridge the skills gap in cyber security through collaborations between industry and
government entities and educational institutions. An illustrative example is the Cyber Security Challenge
UK, a non-profit organization that has orchestrated multiple security competitions to address the shortage
of skilled cyber security professionals in the UK and enhance their capacity [1].
The Center for Strategic and International Studies (CSIS) conducted a comprehensive survey on cyber
security skills in eight countries in 2016. The findings revealed that 82 percent of employers acknowledged
a shortage of cyber security skills, with 71 percent stating that this gap had detrimental effects on
their organizations [2]. The CSIS study also highlighted that skills related to cyber security operations,
particularly intrusion detection and secure software development, were the most challenging to find [2].
While the workforce shortage applies to virtually all positions in cyber security, the demand for highly
skilled technical expertise is particularly acute [1]. Similar shortages of these skills have been reported
in the field of software engineering. To address these gaps in new hires, companies invest resources in
training [2]. Like software engineering, the cyber security field faces a parallel challenge of aligning the
knowledge imparted in universities with the actual needs of the industry.
My contributions to this study are listed as follows:
• As far as I am aware, this study is the first study in Bangladesh about the knowledge gaps and skill
gaps among cyber security professionals.
• Instead of concentrating on software engineering, I used the necessary statistical analysis techniques
and focused on cyber security.
This research can be performed in different countries with similar experiments and protocols to improve
the cyber security education.

III. L ITERATURE R EVIEW

Ahmed and Roussev stated that the peer education model as a well- defned teaching protocol is a good
tool that can be used to perform cyber security education efectively[1]. Rashid and Awais mentioned that
cyber security has become an important element in the curricu- lum of all education levels. They stated
that the basic information on which cyber security is developed is fragmented [2]. Cagatay, Catal and
Alper Ozcan’s study identify the knowledge gaps in cyber security graduates who join the cyber security
workforce. According to acquired final results, three key knowledge area with the highest knowledge gap
are Web and Mobile Security, Security Operations and Incident Management. They also found Cyber-
Physical Systems (CPS), Software Life cycles, and Vulnerabilities are the knowledge areas with largest
difference in perception of importance between less and more experienced personnel[3].
IV. O BJECTIVE
• To reduce the skill gaps and knowledge gaps for the graduates and local people to enhance cyber
security in Bangladesh.
• To enhance the qualifications of the future workforce and address knowledge and skill gaps for both
recent graduates and individuals without a technical background.
V. O UTCOMES
• Improved Knowledge: It will be easier to identify the knowledge gap between industrial needs and
cyber security education.
• Course Planning: Courses for the graduates in the universities of Bangladesh, can be arranged more
accurately.
• Threats of Cyber Attack: In Bangladeshi universities, graduate-level courses can be scheduled more
precisely.
• Skill Gaps: Recent graduates and individuals without a technical background can gain a clearer un-
derstanding of skill gaps, and the approach to developing skilled individuals can be better understood.
 VI. M ETHODOLOGY
Research questions, survey design, the execution of survey, and the data analysis method are presented
in this section.
A. Research Questions (RQs):
The objective of this research is to analyze the knowledge gaps between the Cyber Security (CS)
education and industry demands by using the Goal, Question, Measure (GQM) [2] approach. The following
research questions were defined according to the overall objective:

• RQ 1: What are the most significant aspects of Cyber Security? This RQ has been divided into the
following two sub questions:
– RQ 1.1: What are the key points of Cyber Security?
– RQ 1.2: How do experienced practitioners and recent graduates understand the importance of
knowledge areas differently?
• RQ 2: What is the importance of Cyber Security perceived in the workplace compared with the
knowledge acquired at institutions?
• RQ 3: What knowledge areas of Cyber Security are mostly adopted by experts and what areas have
the largest gaps?
B. Survey design
[3] developed an online survey to get the opinions of practitioners. The questionnaire starts with several
number of demographic questions, comprising degrees, roles, and graduation year. Participants have been
asked what they obtained during their university education on the 19 knowledge areas. An overview of
the 19 knowledge areas provided in Fig. 2.

Fig. 1. Knowledge Areas (adopted from [3]).

C. Data Analysis
The survey comprises sequential (i.e., ordinal) data for significance of knowledge and subjects instructed
in the university. The sequential data can be utilized as nominal data. The graduation degree acquired by
students (e.g., BSc, MSc, PhD) can be an instance of the nominal data. The no of 60 student responded
the survey given in the Table - I and also no of 60 cyber security expertise responded in this survey which
is shown in Table - II.
 Fig. 2. Knowledge Areas (adopted from [3]).

TABLE I
ACADEMIC DEGREES OF RESPONDENTS (N=60) [3]

Degree # of respondents % of respondents

BSc 26 43.2
MSc 23 38.3
PhD 11 18.3

TABLE II
C YBER S ECURITY E XPERTISE RESPONDENTS (N=60) [3]

Cyber Security Expertise # of respondents % of respondents

Yes 51 85
NO 9 15

VII. R ESULT
Cyber security programs must be enhanced based on the needs in cyber security industry and this kind
of research is one of feasible approaches to determine the potential problems in the education system.

Fig. 3. Knowledge Gaps Statistics (adopted from [3]).

 The largest knowledge gaps appear in knowledge areas, Web and Mobile Security and Security Opera-
tions and Incident Management. These knowledge areas find themselves in the top four positions in both
analysis.

Fig. 4. Knowledge Gaps Percentage (adopted from [3]).

VIII. C ONCLUSION
We were able to find appropriate participants in this research, however, it would be better if we could
increase the number of participants in further research. Further there is a need for more education,
researches, training programs and responsibility when it comes to safeguarding Bangladesh’s cyber space.
The following recommendations are provided for educators:

Recommendation-1: I suggest educators to design new courses on web and mobile security, security
operations and cyber security systems.

Recommendation-2: Practical sessions led by industry experts are also suggested to train the students.

Recommendation-3: To arrange short-term and long-term internship opportunities for the students/graduates
on the topic of Cyber Security
R EFERENCES
[1] Ahmed, Irfan, and Vassil Roussev. ”Peer instruction teaching methodology for cybersecurity education.” IEEE Security & Privacy 16.4
(2018): 88-91.
[2] Rashid, Awais, et al. ”Scoping the cyber security body of knowledge.” IEEE Security & Privacy 16.3 (2018): 96-102.
[3] Catal, Cagatay, et al. ”Analysis of cyber security knowledge gaps based on cyber security body of knowledge.” Education and Information
Technologies 28.2 (2023): 1809-1831.