A proposal for a Cybersecurity Skills Certification Framework

A proposal for a Cybersecurity Skills Certification Framework

How the existence of a Cybersecurity Skills Certification Framework will help the market and what if the connection to the European Cybersecurity Skills Framework?

One of the main directions of the work performed by the CONCORDIA project is cybersecurity related education and training. Other posts such as [[1], [2], [3]] have already explained the process and the different activities already performed by the project on this subject. The purpose of this blog is to present the final results of the activities related to the certification of skills.

In the CONCORDIA Methodology for the creation and deployment of new courses and/or teaching materials for cybersecurity professionals the value and importance of certification of skills has been underlined and described as complimentary and essential to the education process. At the same time, various studies[4],[5] show that skills certifications are important for professionals and organizations alike and as actions to help address the cybersecurity skills gap.

One of the problems brought forth by the feasibility study conducted by the project, was the great number of skills certifications, some of them having almost the same name but offering little assistance in comparing or identifying if they fit the needs and career ambitions of the individuals. To tackle this issue, the project team decided

  1. to implement a cybersecurity skills certification scheme and pilot it, in order to gather best practices and
  2. to present the extracted best practices in a proposal for a Cybersecurity Skills Certification Framework.

For the Role of the Cybersecurity Consultant, the project has already implemented over the last 2 years three iterations of the exams process and is currently preparing for organizing the fourth one. The feedback collected from the participants and the lessons learned helped us finalizing the C3 by CONCORDIA Certification Scheme [link] and fed further the more generic Skills Certification Framework.

The Cybersecurity Skills Certification Framework describes (at a higher level) the adjustments that should be made on an ISO 17024 compliant certification process and resulting certification schemes, to better fit the specificities of cybersecurity skills domain. Specifically, the document includes a number of requirements and information split into the basic certification principles:

  • Impartiality (8 requirements),
  • Responsiveness (5 requirements),
  • Confidentiality (8 requirements),
  • Responsibility (5 requirements) and
  • Competence (18 requirements).

it should be pointed out that one of the first requirements of the proposed Cybersecurity Skills Certification Framework, is the mandate to design Certification Schemes on the basis of established and recognized Role Profiles, with explicit reference to the ones proposed by ENISA[6].

By adopting a common European Cybersecurity Skills Certification Framework, different organizations (certification bodies) realizing Cybersecurity Skills Certification Schemes will share a common baseline of processes and activities, thus producing comparable certificates in the market.

In this way professionals will have a clear understanding on which skills and knowledge are being validated through each certification scheme and to which Role profile these correspond to. The same value can be also identified by HR professionals who need to hire individuals that possess the appropriate skills and knowledge to perform the allocated tasks effectively.

The Cybersecurity Skills Certification Framework can be found at https://www.concordia-h2020.eu/wp-content/uploads/2022/12/CONCORDIA_Certification_Framework_1.0.pdf and we welcome any comments at argyro.chatzopoulou@tuv.at.

[1] https://www.concordia-h2020.eu/wp-content/uploads/2020/06/CONCORDIA-SkillsFeasibilityStudy-forpublication.pdf

[2] https://www.concordia-h2020.eu/wp-content/uploads/2020/07/CONCORDIAWorkshoponEducation2020-forpublication.pdf

[3] https://www.concordia-h2020.eu/wp-content/uploads/2021/07/Pilot_Course_BCSC_Report_Final.pdf

[4] https://www.isaca.org/go/state-of-cybersecurity-2022

[5] https://www.isc2.org/Research/Workforce-Study

[6] https://www.enisa.europa.eu/topics/cybersecurity-education/european-cybersecurity-skills-framework/ecsf-profiles-v-0-5-draft-release.pdf