Researching Graduated Cyber Security Students – Reflecting Employment and Job Responsibilities through NICE framework


  • Karo Saharinen JAMK University of Applied Sciences
  • Jarmo Viinikanoja JAMK University of Applied Sciences
  • Jouni Huotari JAMK University of Applied Sciences



Cyber Security, Degree Programme, Cybersecurity skills


Most research and development on Cyber Security education is currently focusing on what should be taught, how much, and where within the degree programmes. Different Cyber Security frameworks are currently evolving to include Cyber Security education parallel to older paradigms of Computing Education, existing alongside with such as “Information Technology” and “Software Engineering”. Different Cyber Security specialisations or even whole degree programmes have started within universities before the frameworks have been defined into standardised degree structures. This is mainly the result of a dire industry need of well-educated cyber security personnel, a phenomenon affecting the industry globally.

Our research concentrates on Finnish alumni students who have already graduated from a bachelor’s degree programme in Information Technology with a specialisation in Cyber Security in Finland. Within our gathered research data, we analysed what is the industry sector where their current job resides, and what are the cyber security responsibilities in their current work. The questionnaire also contained an after-reflection section where the graduated students could choose what they would study were they about to start and plan their studies again.

The results verify that Cyber Security is still the most favoured specialisation within the former Cyber Security alumni students. Slight variation is evident from the data, which in the authors’ perspective, verifies the multifaceted nature of Cyber Security. When analysing alumni students’ job responsibilities, the main category of work resides in the “Protect and Defend” category of the NICE Framework, which in the terms of the conference, relates to Critical Infrastructure Protection being the main subject of employment for fresh graduates.

These results give insight to other education organisations on how to develop their curricula to further emphasise the employment of students or to offer modules which are of interest for newly employed Cyber Security professionals. In addition, it gives an insight of industry demand for freshly graduated students within the target group.