Information & Security: An International Journal, Volume 53, Issue 2, p.177-190 (2022)
competencies, cybersecurity skills, design, framework, training program
The paper leverages the training and education-related research outputs developed under the ECHO project. They are compared to the progress of the workgroups in ENISA (European Union Agency for Cybersecurity) and ECSO (European Cybersecurity Organization) that classify, structure and define the competencies, skills, and knowledge and risk factors. The approach digested by the ECHO project explores the methods for achieving a more vital balance between the market demands and talent supply. The scope of the research activities covers four main and interconnected components – i) Contextualization; ii) Competences; iii) Generic Curriculum; iv) Assessment methodology. The proposed approach explores and gradually builds upon the generic definitions of the skills and knowledge toward specific requirements on what an ICT or cybersecurity professional must know and be able to do in order to implement initial and further cyber-incident response actions. The paper considers mainly the design methods for building cybersecurity training programs for professionals. Still, it could be applied in academic settings as well, enriching the academic programs with practical learning experiences. Several examples are provided to demonstrate the relevance and applicability of the proposed methods.