A shortage of highly skilled talent
The Politburo’s Resolution No. 57-NQ/TW on breakthroughs in science and technology development, innovation, and national digital transformation affirms that safeguarding national sovereignty in cyberspace, cybersecurity, data security, and information safety for organisations and individuals is a consistent requirement that cannot be separated from the overall development process. In that context, training and developing a high-quality workforce in information safety and cybersecurity is identified as a core task, with close ties to strategies for ensuring national security, digital sovereignty, and the development of the knowledge-based economy.
To develop cybersecurity human resources, the government has issued a number of national-level strategies and programmes, such as the National Cyber Safety and Security Strategy, proactively responding to challenges from cyberspace through 2025, with a vision to 2030 under Decision No. 964/QD-TTg dated August 10, 2022, and the project “Training Cybersecurity Human Resources through 2025, with a vision to 2030”, with the aim to build a core workforce network for cyberspace.
In addition, cybersecurity was approved by the Ministry of Education and Training for pilot training programmes from June 2024, alongside strategic sectors in semiconductors and microchips. At the same time, recruitment demand from banks, financial institutions, telecommunications companies, and technology enterprises has risen sharply, opening major opportunities for young people. However, reality shows that human resources remain a major “bottleneck”, particularly the severe shortage of highly skilled personnel in key fields such as cybersecurity, artificial intelligence, cloud computing, and machine learning.
According to statistical data, the world is currently short of around 4.8 million cybersecurity professionals. According to the Viet Nam Cybersecurity Association, the country will need about 700,000 personnel in the coming years, while current capacity meets only about 50% to 60% of that figure. In 2025, Viet Nam had around 11 institutions providing cybersecurity-related training under information security specialisations, but none were offering a full, formal degree programme in cybersecurity.
Notably, professional competence among the domestic cybersecurity workforce remains largely theory-oriented, lacking practical skills and incident-response experience.
Dr Doan Trung Son, Director of the Information Security Training Programme at Phenikaa University, said many agencies and businesses either do not have a dedicated unit or have very limited staff — sometimes with no cybersecurity expertise at all. Newer skill areas such as cloud security, AI, DevSecOps, and Zero Trust remain weak, while foreign-language ability and soft skills — decisive factors — are also limited.
Domestic training programmes are expanding but still lag behind real-world requirements. The workforce is not only short in number; its quality often falls short of increasingly demanding practical needs. Hands-on skills, incident-response capacity, and the ability to master new technologies remain limited; meanwhile, foreign languages, soft skills, and legal knowledge have not kept pace with the demands of a professional, integrated working environment. In addition, uneven remuneration and limited competitiveness also contribute to a growing “brain drain” abroad.
Sharing the same view, Dr Tran Giang Son, Head of the Faculty of Information Technology and Communication at the University of Science and Technology of Ha Noi under the Viet Nam Academy of Science and Technology, said Viet Nam still lacks lecturers with deep expertise and real-world experience in cybersecurity. Next is the constraint in facilities: labs and practical equipment remain limited, failing to meet the “learning goes with practice” requirement. In some places, training curricula have not been updated to keep pace with emerging trends such as secure AI, cloud computing, or blockchain, which means the number of students choosing cybersecurity remains modest relative to social demand. Therefore, synchronised coordination is needed among the state, businesses, and training institutions — investing in infrastructure, supporting lecturer development, and strengthening outreach to attract learners. From there, a sustainable cybersecurity talent ecosystem for Viet Nam can be formed.
Narrowing the gap between training and practice
In reality, the rapid pace of technological development is driving cyberattacks that are increasingly sophisticated and complex. Without a well-structured and effective training strategy, risks such as asset losses, large-scale data leaks, operational disruptions, and reputational damage are real. Crucially, the human factor remains the most easily exploited “weak link” in cybersecurity, potentially leading to severe losses that can be difficult to remedy. This creates an urgent need to invest strongly in training to raise awareness and deepen specialised skills, while building tight governance and incident-response procedures.
To develop a high-quality workforce in this field, a comprehensive and synchronised strategy is needed. On training reform, universities should update curricula in line with international standards, linking theory with practice and business realities. Students need early access to tools and simulated attack–defence scenarios, and to participate in real projects while still studying.
In addition, interdisciplinary training should be expanded to combine cybersecurity with AI, big data, and cloud computing, given how closely these technologies are increasingly intertwined.
The state should consider scholarship mechanisms, research support, and attractive remuneration policies to encourage top students to pursue the field and to retain highly qualified lecturers and experts.
Businesses should also take part in training by sponsoring labs, supporting internships, and recruiting promising students early. Students must learn through real problems and real scenarios, thereby building practical problem-solving capacity. Research centres and enterprises should serve as “launchpads” so that ideas, models, and research products developed in universities can be applied immediately in the security operations of agencies and businesses.
“If modern training, sound policies, broad cooperation, and practical application are implemented in a synchronised manner, we can build a highly capable cybersecurity expert force that meets the requirements of protecting the national cyberspace in the digital era,” Dr Tran Giang Son said.
On solutions, some experts also believe training should shift decisively from theory to practice, through models such as CTF competitions, attack–defence simulations, and Security Operations Centres (SOC), while closely aligning with real business needs. Alongside this, competitive remuneration mechanisms — income, welfare, and career progression — are needed to retain and attract talent, especially in the public sector. Strengthening links with international organisations, universities, and major technology groups for expert exchanges, technology transfer, and skills standardisation to international benchmarks is also an important direction.
For universities, to narrow the gap between training and practice, institutions should enhance enterprise collaboration, enable students to participate in real cybersecurity projects, build attack–defence simulation laboratories, and organise CTF competitions and information security drills. This approach helps learners not only master foundational knowledge but also develop professional skills, ready to meet job requirements immediately after graduation.
Regarding “brain drain”, many experts believe this is a difficult trend to avoid as high-quality talent seeks international environments with better income and working conditions. However, if Viet Nam can build an attractive enough cybersecurity ecosystem, define the field as a globally significant spearhead area, and pair that with competitive remuneration, R&D opportunities, and clear promotion pathways, many talents will choose to stay or return to make contributions.
