The cybersecurity workforce shortage and skills gap is a major concern for both economic development and national security. By looking into the problem, ENISA identified Europe’s need for a comprehensive approach to define a set of cybersecurity roles and skills that could be leveraged to reduce the shortage and the skills gap. ENISA has worked on the development of such a framework and presents the European Cybersecurity Skills Framework (ECSF), which is intended to strengthen European cybersecurity culture by providing a common European language across communities, taking an essential step forward towards Europe’s digital future.
The ECSF provides a practical tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. The main purpose of the framework is to create a common understanding between individuals, employers and providers of learning programmes across EU Member States, making it a valuable tool to bridge the gap between the cybersecurity professional workplace and learning environments.
The framework describes the most important requirements of a professional cybersecurity workplace by defining a set of 12 typical cybersecurity professional role profiles. These profiles provide a common understanding of the main cybersecurity missions, tasks and skills needed in a professional cybersecurity context, making it the perfect reference for profiling skills and knowledge needed by cybersecurity professionals. The framework was designed to be easily understood and comprehensive enough to provide appropriate in-depth cybersecurity insights as well as flexible enough to allow customisation based on each user’s needs. By incorporating all stakeholder perspectives, the framework is applicable to all types of organisations and supports the development of all cybersecurity professions. The ECSF is the result of work conducted by ENISA’s Ad-Hoc Working Group on the European Cybersecurity Skills Framework1 formed by experts representing various views. The developed framework is based on an analysis of existing frameworks, the results and findings from research on market needs and agreement among experts. User case studies and indicative examples, inspired by various workplace and learning environments, demonstrate the practical implementation of this framework and support this work.
The main benefits of using the ECSF were found to be:
• ensuring a common terminology and shared understanding regarding cybersecurity
professionals across the EU;
• identifying the critical skills-set required from the perspective of the cybersecurity
workforce to support its further development and enhancement;
• promoting harmonisation in cybersecurity education, training and workforce
This ECSF User Manual provides a comprehensive overview of the ECSF’s main scope,
framework principles and application opportunities. The primary purpose of the manual is to
make the ECSF easily accessible by, understandable for, and usable by all stakeholders with
an active role or a need for appropriately skilled cybersecurity professionals