ECHO cybersecurity skills Framework

Written by team by Pavel Varbanov and Christina Todorova, European Software Institute – Center Eastern Europe

Many ongoing initiatives and efforts propose cybersecurity solutions to protect critical assets and a variety of infrastructures. Nevertheless, one issue still commonly remains – this variety is often rendered useless without professionals with adequate knowledge, skills, and abilities to implement these security solutions and the confidence to make the necessary decisions.

The ECHO Cybersecurity Skills Framework aims to bridge these fragmented efforts by providing organizations from various sectors and knowledge domains, with a set of methods and tools to identify and apply the security controls and solutions. Through the E-CSF, we provide organizations with a framework and an ontology tool to explore, analyze, and connect cybersecurity concepts that are relevant to their context.

The ECHO Cybersecurity Skills Framework (E-CSF) is a methodological set of tools and methods for the design and development of cybersecurity training programs. The E-CSF is built around the principle of allowing more people of various backgrounds to enter relevant cyber-protection functions within their organizations by providing them with relevant training activities. Through the E-CSF, our goal is to empower organizations from industry, academia, and government to include more people within their cyber-defense, by providing them with a tool to identify the people, suitable for these tasks and target gaps in skills, knowledge, and abilities. Last but not least, with the ECHO Cybersecurity Skills Framework we raise the added value of the ECHO Competence Centers Network, thus making it more relevant and more targeted towards the needs of its stakeholders.

With the E-CSF, we combine and summarize attributes of cybersecurity skills, knowledge, and abilities, from ECHO research and already existing frameworks alike, to drive value to the industry, academia, and research-related organizations, with practical tools for design and development of learning outcome-based training programs and align capabilities to sector-specific use cases, assets, attacks, and organizational objectives.

The ECHO Cyber skills framework presents the ECHO approach for contextualization of the otherwise generically defined concepts and categories in the domain of cybersecurity and information security training and education. The ECHO consortium maps and compares the existing achievements in skill and knowledge modeling with real-world scenarios and use cases aiming to open the access of the professionals responsible for protecting the organizational assets to training and education and shortening their training pathways to more effective knowledge and skill acquisition.