European Cybersecurity Skills Framework (ECSF)

The European Cybersecurity Skills Framework (ECSF) is the result of the joint effort of ENISA and the ENISA Ad-hoc working group on Cybersecurity Skills Framework

The aim of the ECSF is to create a common understanding of the relevant roles, competencies, skills and knowledge required; to facilitate recognition of cybersecurity skills; and to support the design of cybersecurity-related training programmes. It summarises all cybersecurity-related roles into 12 profiles, which are individually analysed into the details of their corresponding responsibilities, skills, synergies and interdependencies.  

The framework is complemented by a user manual, which constitutes a practical guide to its utilisation, based on examples and use cases. The manual includes three examples for private organisations that need to hire, upskill and/or reskill their personnel in cybersecurity, along with use cases, which represents the experience of seven organisations using the ECSF in different contexts.  

A draft version of the framework was presented to the public in April 2022 via a webinar. On 20th and 21st September, the final version of the ECSF and its user manual was presented during the ENISA cybersecurity skills conference.  

ECSF Goals in Brief

  1. Use of the ECSF ensures a common terminology and shared understanding between the demand (workplace, recruitment) and supply (qualification, training) of cybersecurity professionals across the EU.  
  2. The ECSF supports the identification of critical skills sets required from a workforce perspective. It enables providers of learning programmes to support the development of this critical set of skills and helps policy-makers to support targeted initiatives to mitigate the gaps identified in skills.  
  3. The framework facilitates an understanding of leading cybersecurity professional roles and the essential skills they require, including soft skills, and also the legislative aspects (if any). In particular, it enables non-experts and HR departments to understand the requirements for resource planning, recruitment and career planning in supporting cybersecurity. 
  4. The framework promotes harmonisation in cybersecurity education, training, and workforce development. At the same time, this common European language in the context of cybersecurity skills and roles connects well with the entire ICT professional domain.  
  5. The ECSF contributes to achieving enhanced shielding against cyberattacks and to ensuring secure IT systems in society. It provides a standard structure and advice on how to implement capacity building within the European cybersecurity workforce. 

Like it! Share this post on social media.

You might also enjoy

Women4Cyber Registry

Cybersecurity ATLAS together with the Women4Cyber initiative from the European Cybersecurity Organisation (ECSO) have committed last year to create a registry of European women in cybersecurity.


* indicates required