Vietnam is projected to face a severe shortage of cybersecurity professionals - up to 700,000 personnel - over the next three years, as more than half of organizations in the country lack adequate information security staffing.

This stark warning was delivered by Vu Ngoc Son, Head of Technology and International Cooperation at the National Cybersecurity Association, during the Vietnam Security Summit 2025 held on May 23 in Ho Chi Minh City.

According to Son, Vietnam ranks among the nations most vulnerable to cyberattacks. In 2024 alone, the country recorded over 659,000 cyber incidents, with nearly 46.2% of agencies and enterprises suffering at least one breach.

A major cause of this vulnerability is the acute talent shortage. Currently, about 56% of organizations lack both general IT staff and dedicated cybersecurity teams. For continuous 24/7 security monitoring, at least 8–10 trained personnel are needed per unit - far more than what most organizations can provide.

Why the gap is growing

Son attributes the crisis to several systemic issues: training programs lagging behind real-world demands, limited institutions offering specialized cybersecurity education, and insufficient hands-on training in critical response scenarios. Additionally, a significant number of skilled professionals are opting to work remotely for foreign companies - leading to a brain drain.

Domestic salaries and career incentives also fall short. “Cybersecurity professionals in Vietnam often lack growth opportunities, advanced training, and competitive compensation,” Son explained.

Poor coordination between schools and businesses further exacerbates the issue. Few enterprises engage directly in training, while many academic institutions fail to align curricula with evolving technologies. As a result, fresh graduates lack practical experience in managing large-scale systems.

This talent shortfall is already having consequences: increased cyber threats, slower incident response times, and difficulties in digital transformation efforts for businesses and government agencies.

Proposed solutions: from classrooms to AI

To address this gap, Son emphasized the need to adopt international models. He proposed a “triangle model” connecting research institutes, universities, and enterprises. Students should be involved early in real-world projects, while companies provide scholarships and job guarantees to high-performing candidates.

Training should focus on “combat-ready” skills, including mandatory internships and simulated cyberattack scenarios. Programs must be expanded to high schools and vocational colleges, and platforms like Cyber Range should be used to build realistic cybersecurity training environments.

AI could also play a vital role. By automating parts of system operations, AI can reduce reliance on human resources. However, this requires a new breed of IT professionals trained in AI system design and integration, and retraining current engineers to adapt to AI-driven security operations.

What must be done

Companies are urged to develop competitive compensation packages and clear career paths to attract and retain top talent. They must foster flexible and innovation-driven workplaces and ensure their staff have access to the latest technologies and large-scale projects.

On the government side, Son called for the early issuance of a national cybersecurity job framework, financial aid and tuition subsidies for students in the field, and the creation of standardized national certifications for cybersecurity personnel.

“Cybersecurity is the backbone of digital transformation,” Son stressed. “Human capital is the foundation. Solving this crisis requires a united effort between government, academia, and industry.”

Le My