Expression of Interest (EOI) for Consultancy for Design and Implementation of Cyber Hub Essential Skills Program.

Expression of Interest (EOI)

CONSULTANCY FOR DESIGN AND IMPLEMENTATION OF CYBER HUB ESSENTIAL SKILLS PROGRAM.

Reference Number: 83477832

Publication date: 13.11.2024

Introduction

 The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a federally owned international cooperation enterprise for sustainable development with worldwide operations. The GIZ Office in Kigali covers GIZ’s portfolio in Rwanda and Burundi. GIZ Rwanda/Burundi implements projects on behalf of the German Federal Ministry for Economic Cooperation and Development, the European Union and other commissioning authorities in the following priority areas: Sustainable Economic Development; Good Governance; Climate, Energy and Sustainable Urban Development; Digitalization and Digital Economy; and regional projects in the Great Lakes Region.

GIZ Deutsche Gesellschaft für Internationale Zusammenarbeit

MINICT Ministry of ICT and Innovation

NCSA National Cyber Security Authority

ICT Information Communication and Technology

ToRs Terms of reference

DigiCenter	Digital Transformation center

1. Context

About the GIZ Digital Transformation Center Rwanda 

The Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) GmbH is a federally owned international cooperation enterprise for sustainable development with worldwide operations. GIZ has worked in Rwanda for over 30 years. The primary objectives between the Government of Rwanda and the Federal Republic of Germany are poverty reduction and promotion of sustainable development. To achieve these objectives, GIZ Rwanda is active in the sectors of Decentralization and Good Governance, Economic Development and Employment Promotion, Energy, and ICT (Information and Communications Technology).

The DigiCenter is a newly created Digital4Rwanda project unit dedicated at delivering impact driven digital solutions, developing the capacities of the local innovation ecosystem, and replicating/scaling-up digital solutions at regional and continental level. The government of Rwanda understands there are significant digital upskilling needs in the public and private sector. Among the activities proposed in this project are to support the Digital Skills Council, the initiative from MINICT. One of the projects under the Digital skills Council is cyber security hub.

Rwanda has made significant progress in its journey towards becoming a digital economy, driven by a variety of initiatives. As the country expands its ICT infrastructure and connectivity, it has increasingly exposed itself to potential cyber threats and attacks. The CYBER HUB is an initiative aiming to develop talent, provide practical training, and enhance professional skills in cybersecurity and data protection in Rwanda and the region. It envisions a vibrant ecosystem where talent, technology, and collaboration converge. Partnerships between the National Cyber Security Authority, GIZ other stakeholders will be established to operationalize the academy which will significantly impact the cyber security landscape. The rapid digitalization underscores the urgent need to develop a skilled workforce in cybersecurity. By investing in education and training programs, Rwanda seeks to build local talent with employable skills, capable of safeguarding its digital landscape, ensuring that the nation can fully realize its ambitions while protecting its citizens and businesses from the evolving risks of the cyber threat landscape. The Cyber Security Essentials Skills Program is a first step to producing local talent with a strong foundation in cyber security technical and organisational skills.

Program rationale:

This program aims to equip participants with foundational cybersecurity knowledge while also evaluating their skills and potential for specialised training tracks.

Objectives:  

• Equip participants with a strong foundation in technical and organisational cybersecurity skills.
• Foster participants’ interest in cybersecurity and assess their suitability for advanced training programs.
• Enhancing the number of Rwandan professionals equipped with fundamental cybersecurity skills within the ecosystem.

Training target group and participants’ profiles:

50 graduands /graduates from a variety of universities in Rwanda

• Graduates in IT, information systems, computer science, networks and communications, software engineering or related fields
• Possess a solid foundation in IT concepts, programming languages and systems administration
• Applicants must be residing in Rwanda
• Proficiency in business English is crucial, encompassing skills in reading, writing, and comprehension

Training basic structure:

• Presentations from trainers: Trainers will lead and conduct sessions that cover content on planned topics.
• Hands-On Labs and Simulations:Participants engage in practical exercises and simulations that replicate real-world scenarios, including configuring security devices, conducting vulnerability assessments, and responding to simulated cyber incidents.
• Scenario-Based Training:Participants analyze case studies and security challenges that reflect authentic industry environments, enhancing their ability to identify and mitigate cybersecurity threats effectively.
• Self-Study:Beyond class hours and lab work, learners are expected to dedicate additional time to self-study, researching and reinforcing the concepts covered during sessions. 50 participants will learn using two groups (A & B) with one being a morning group and another being an afternoon group.
• Assessments and Examinations: Participants will undergo assessments provided by the trainers to assess comprehension of core concepts and skills. Assessments should also provide insights into participants’ readiness for advanced cyber security tracks. This will be reviewed and approved by the National Cyber Security Authority.

2. Tasks to be performed by the contractor:

The bidder will be responsible for training up to 50 individuals in essential cybersecurity skills. This includes evaluating participants’ current skill levels, developing a comprehensive training curriculum, delivering the training, and creating a methodology to assess and report the training’s effectiveness.

Work package 1: Training design and preparation

Before training begins, the contractor should develop the necessary curriculum and training framework. Both the curriculum and framework will need to be approved by the GIZ team and its partners before starting the training. The following elements should be included:

• A description of the training’s target group
• Training objectives
• Training session plan (schedule or timing for each training session)
• Training curriculum, including content to be covered in each session considering the list of training topics listed below.
• Any additional training materials and exercises for the trainees.
• Inbound assessment to assess current participants’ levels.
• Post training assessment plan to assess the training effectiveness

The training curriculum and content should establish a foundation in the following list of essential topics:

• Introduction to cyber security (include possible cyber security tracks and certifications)
• Cyber security technologies
• Cyber security architecture
• Network and System security
• Secure coding practices
• Vulnerability assessment
• Cyber incident response
• Cyber risk management
• SOC operations
• Cyber security laws and regulations
• Cyber governance and policies
• Cyber security ethics.

Work package 2: Training delivery

• Training sessions: For 20 days, the contractor is responsible for delivering physical training sessions that cover the above list of training topics. Training sessions will be delivered at a physical site in Kigali that will be communicated by GIZ and the National Cyber Security Authority. For an additional 3 days, the contractor will prepare and deliver a final assessment to the trainees from the delivered training content.
• Coordination of the training: The contractor will oversee and ensure the training program runs smoothly (on time agreed with GIZ and its partner NCSA). The contractor will also provide progress reports as required by GIZ and its partners.
• Management of participants:The contractor is responsible for any communication with participants during and after the training. However, the contractor can involve GIZ and NCSA whenever is necessary. The contractor should also track the attendance of participants during every training session.
• Providing training content and materials: The contractor is responsible for developing and providing training content and materials such as training modules/content or books, access to online resources, access to training exercises, presentations, handouts, lab guides, and other materials to enhance participants’ learning experience.

Work package 3: Training evaluation and participants’ assessment

• Participants’ assessment: The chosen contractor will assess learners (pre assessment and post-assessment) according to the curriculum delivered, providing insights on the effectiveness and impact of the training. Additionally, the post assessment should show learners’ readiness to pursue advanced cybersecurity pathways.
• Certificate of completion: The contractor proposes a design for the certificate of completion, tailored to reflect the program’s successful completion and the trainee’s performance level. This design will be subject to review and approval by NCSA.
• Final report: The contractor will provide a final report upon completion of the evaluation process. The report should summarize the training outcomes, including participant feedback and recommendations for future training.

3. Specification of Inputs

Fee days	Number of experts	Number of days per expert	Total	Comments
Team leader	1	27	27	27 days for team leader distributed through different activities as shown in section 4.
Expert	1	42	42	42 days for one expert distributed through different activities as shown in section 4.
Other costs	Number	Price	Total	comments
Printing participants’ certificates	50	30000	1500000	A budget of up to 1,500,000 RWF (approximately 1,000 Euros) for printing 50 participants’ certificates. Note: this is against evidence (printed certificates and payment proof).

4. Milestones

Milestone/Services	Deliverables	Deadline	Exert Days/place/Responsible Person
Project kick off	N/A	1 day after contract signing	1 expert day/Kigali/Team leader & Expert
Training framework developed	Training framework	2 weeks after contract starts	3 expert days/Kigali/ Expert
Training curriculum	Detailed training curriculum and content, including order of sessions, training materials, etc	2 weeks after contract starts	12 expert days/Kigali/Expert
Inbound assessment completed	Inbound assessment report	3 weeks after contract starts	2 expert days/Kigali/ Team leader & Expert
Training implementation	N/A	1.5 months after contract starts	20 expert days/Kigali/ Team leader & Expert
Training evaluation and assessment	Post training assessment	2 months after contract starts	3 expert days/Kigali/ Team leader & Expert
Final report	Final report	2 months after contract starts	1 expert day/Kigali/Team leader & expert
Total number of expert days			Team leader: 27 days Expert: 42 days Total: 69 days

 Period of assignment: 2 months (from 01/12/2024 to 31/01/2025 latest.

5. Concept

In the bid, the bidder is required to show how the objectives defined in Chapter 2 are to be achieved, if applicable under consideration of further specific method-related requirements (technical-methodological concept). In addition, the bidder must describe the project management system for this assignment.

Technical-methodological concept

Strategy: The bidder is required to consider the tasks to be performed with reference to the objectives of the services put out to tender (see Chapter 2). Following this, the bidder presents and justifies the strategy with which it intends to provide the services for which it is responsible (see Chapter 2).

The bidder is required to present the actors relevant for the services for which it is responsible and describe the cooperation with them.

• The bidder is required to present and explain its approach to steeringthe measures with the project partners.

The bidder is required to describe the key processes for the services for which it is responsible and create a schedule (project plan) that describes how the services according to Chapter 2 are to be provided. In particular, the bidder is required to describe the necessary work steps and, if applicable, take account of the milestones and contributions of other actors in accordance with Chapter 2.

The bidder is required to describe its contribution to knowledge management for the partner and GIZ and promote scaling-up effects (learning and innovation).

Project management of the contractor

The bidder is required to explain its approach for coordination with the GIZ project.

• The contractor makes available equipment and supplies (consumables) and assumes the associated operating and administrative costs whenever necessary.
• The contractor manages costs and expenditures, accounting processes and invoicing in line with the requirements of GIZ.

The contractor reports regularly to GIZ following the milestones.

In addition to the reports required by GIZ, the contractor submits the following reports:

• Final report after the cohort’s training is concluded.
• Attendance list of the participants.

Other specific requirements

The bidder is required to briefly describe:

• Assignment implementation plan detailing approach, methodology and the tools to be used, the proposed work plan and the implementation timeline scheduling of the assignment.
• Contractor’s backstopping strategy focusing on performance monitoring of relevant contributing actors and knowledge management.

The bidder is requested to describe any existing working relationships with relevant institution or organization in the domain of ICT. Such working relationships are a plus.

6. Personnel concept

The bidder is required to provide skills suited to deliver the tasks described below, based on his/her CVs, showing the range of tasks involved and the required qualifications. The assignment is designed for individual consultants/firms that together cover the qualifications specified below to perform the assigned task and all associated tasks. The specified qualifications represent the ideal profiles to reach the maximum number of points in the evaluation of the bid. The qualifications do not constitute minimum requirements. Bidders who do not meet all requirements are still eligible to apply and be evaluated.

Team leader

Tasks of the team leader:

• Overall responsibility for the advisory packages of the contractor (quality and deadlines)
• Coordinating and ensuring communication with GIZ, partners and others involved in the project.
• Personnel management, in particular identifying the need for short-term assignments within the available budget, as well as planning and steering assignments and supporting local and international short-term experts.
• Regular reporting in accordance with deadlines
• Controlling training and closing projects of varying types and sizes.

Qualification of team leader:

• Education/training (2.1.1): Master’s degree in one of the following fields: ICT, Project Management, or ICT Education. A degree or certifications in Cybersecurity is an added advantage.
• Language (2.1.2): Excellent business language skills in English; Language skills in Kinyarwanda would be an additional asset.
• General professional experience (2.1.3): 8 years of professional experience, especially in training or teaching adults
• Specific professional experience (2.1.4): 5 years of experience in cyber security trainings and/or related tasks
• Leadership/management experience (2.1.5): 5 years of experience leading and managing similar projects.

Tasks of the expert:

• Prepare training framework and conduct training sessions in cyber security essential skills
• Provide participants with the necessary training materials, including case studies, scenarios and practical exercises to be used
• Perform training evaluation and assessments

Qualification of Expert:

• Education/training (2.1.1): Bachelor’s degree in cyber security, IT, Computer Science or in a related field. Proof is required
• Language (2.1.2): Excellent business language skills in English; Language skills in Kinyarwanda would be an additional asset.
• General professional experience (2.1.3): 5 years of professional experience in training or teaching adults
• Specific professional experience (2.1.4): 3 years of experience in cyber security trainings and/or related tasks
• At least two recommendation letters/certificates of good completion from the previous similar assignment (training in cyber security).
• Recognized and professional certifications (CISSP, CISM, CEH, CCNA, CompTIA Security+, etc.) and accreditations in cybersecurity solutions and consultancy services provision is a plus.
• Excellent communication and presentation skills.
• Proven experience and extensive knowledge with digital forensics, incident response, malware analysis risk assessment and management practices.

7. Travel

The assignment is taking place in Kigali, Rwanda. Should the bidder not be based in Kigali, the bidder is required to calculate the travel based on the places of performance stipulated in Chapter 2 and list the expenses separately by daily allowance, accommodation expenses and other travel expenses.

8. Inputs of GIZ or other actors

GIZ and/or other actors are expected to make the following available:

• A training venue equipped with computers, internet access, and essential items like chairs, desks, and projectors.
• List of the trainees (up to 50 participants)

9. Requirements on the bids

Format

The structure of the bid must correspond to the structure of the ToRs. In particular, the detailed structure of the concept is to be organized in accordance with the positively weighted criteria in the assessment grid (not with zero). It must be legible (font size 11 or larger) and clearly formulated. The bid is drawn up in English.

The complete bid shall not exceed 10 pages (excluding CVs).

The CVs of the consultant proposed in accordance with this ToRs must be submitted using the format specified in the terms and conditions for application. The CVs shall not exceed 4 pages. The CVs must clearly show the position and job the proposed person held in the reference project and for how long. The CVs are submitted in English.

If one of the maximum page lengths is exceeded, the content appearing after the cut-off point will not be included in the assessment.

Please calculate your price bid based exactly on the costing requirements. In the contract, the contractor has no claim to fully exhaust the days/travel/workshops/ budgets. The number of days/travel/workshops and the budget amount shall be agreed in the contract as ‘up to’ amounts. The specifications for pricing are defined in the price schedule.

Submission of offer: The Expression of Interest should contain the following:

Technical Proposal:

• A cover letter expressing your interest in this assignment
• Technical Proposal (attached template for technical proposal MUST be used)
• Company registration certificate (RDB)
• VAT-Registration Certificate
• Latest tax clearance certificate
• Up to date CVs of proposed experts
• Self-declaration of eligibility

Financial Proposal: Financial offer indicates the all-inclusive total contract price, supported by a breakdown of all costs as described in the specification of inputs.

Your EoI has to be submitted in 2 separated emails to RW_Quotation@giz.de until 28/11/2024

The technical offer has to be submitted in PDF format and as attachment to the email with the subject: Technical offer 83477832

The financial offer has to be submitted in PDF format and the price must be in Rwandan Francs and VAT excluded (if applicable) and as attachment to the email with the subject: Financial offer 83477832

If the emails exceed the default email size of 30MB, offers can be exceptionally submitted through https://filetransfer.giz.de/ 

Offers submitted through any other sharing platform, as google documents or similar will not be considered.

Offers submitted in hard copy will not be considered.

GIZ reserves all rights.

Annex:

• Technical Proposal template
• Technical assessment grid
• Self-declaration of eligibility