European Cybersecurity Skills Framework (ECSF)

The ECSF serves as an open European tool to establish a common understanding of cybersecurity professional role profiles, along with clear mappings to the relevant skills and competences required

The European Cybersecurity Skills Framework (ECSF) is a practical tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. It is the EU reference point for defining and assessing relevant skills, as defined in the Cybersecurity Skills Academy.

The ECSF summarises the cybersecurity-related roles into 12 profiles, which are individually analysed into the details of their corresponding responsibilities, skills, synergies and interdependenciesIt provides a common understanding of the relevant roles, competencies, skills and knowledge mostly required in cybersecurity, facilitates recognition of cybersecurity skills, and supports the design of cybersecurity-related training programmes.

The framework and the corresponding user manual were presented during the 1st ENISA cybersecurity skills conference, in September 2022.

Within this context, in April 2023, the Commission adopted the Communication on a Cybersecurity Skills Academy, a policy initiative which aims to bring together existing initiatives on cyber skills and improve their coordination, with a view to bridging the cybersecurity talent gap and boosting competitiveness, growth and resilience in the EU. The ECSF constitutes the basis on which the Academy will define and assess relevant skills, monitor the evolution of the skill gaps and provide indications on the new needs.

The impact and the future of the ECSF, as well as its role in the Academy, were elaborated in the 2nd edition of the ENISA Cybersecurity Skills Conference, which took place in September 2023, in Segovia, Spain.

Remarks of the 2nd ENISA conference on skills were delivered by Despina Spanou, who was Head of Cabinet for European Commission Vice-President Margaritis Schinas, who stated: " Addressing the cybersecurity skills gap in the European Union is urgent. We are already missing hundreds of thousands of jobs in this field and it is important that we find the way to address the gap before even more EU legislation enters into force. The European Cybersecurity Skills Framework developed by ENISA can be key in unlocking the potential of initiatives that will help us reskill professionals, skill more experts, and bring more professionals into both the public and private sectors so that we can have the workforce that we need in the European Union market."

The 3rd Skills Conference, hosted with the Hungarian EU Council Presidency, confirmed the ECSF’s maturity and versatility. It demonstrated how the framework supports workforce planning aligned with NIS2, adapts seamlessly to the AI domain, and enables skills attestation to ensure high competence in cybersecurity professionals.

More information about the ECSF

The Video Hub offers a step-by-step exploration of the ECSF through short videos, webinars, and multilingual resources, guiding stakeholders from a high-level overview to a deeper understanding.

The framework is presented in detail in the two documents : 

  • The ECSF Role Profiles document – Listing the 12 typical cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge, competences.
  • The ECSF User Manual document – Providing guidance and practical examples on how to leverage the framework and benefit from it as an organisation, provider of learning programmes or individual.

Please also find the xlsx format  and the json file of the ECSF.

OTHER RESOURCES:

 

ECSF Goals in Brief

  • The use of the ECSF ensures a common terminology and shared understanding between the demand (workplace, recruitment) and supply (qualification, training) of cybersecurity professionals across the EU.
  • The ECSF supports the identification of critical skill sets required from a workforce perspective. It enables learning providers to design programmes that develop these essential skills and helps policy-makers implement targeted initiatives to address skills gaps.
  • The ECSF facilitates an understanding of key cybersecurity professional roles and the essential skills they require, including soft skills and any relevant legislative aspects. In particular, it enables non-experts and HR departments to understand the requirements for resource planning, recruitment, and career development in support of cybersecurity needs.
  • The ESCF promotes harmonisation in cybersecurity education, training, and workforce development. At the same time, this common European language for cybersecurity skills and roles aligns well with the broader ICT professional domain.
  • Finally, the ECSF contributes to the cyber resilience of organisations and society. It provides a standard structure and guidance for building cybersecurity capacity within the European workforce.
Image
Skills conference 2.png

How ENISA will support the governance, implementation and evolution of the ECSF

With the support of a dedicated Ad hoc Working Group, ENISA will continue to work on the implementation and evolution of the ECSF, towards its overall goal to work with EU communities and develop cybersecurity competencies aligned with the ECSF for cybersecurity professionals. 

The mapping of CyberHEAD’s programmes with the ECSF role profiles is helping students to make guided learning choices and understand potential career paths.

Numerous professional certifications bodies have aligned their credentials to the ECSF, effectively bridging the gap between professional workplaces and learning environments.

For any questions or further enquiries on the ECSF or CyberHEAD please contact us at euskills(a)enisa.europa.eu.