The difficulty companies have in finding IT skills is a widespread problem, a problem that is even more pronounced in the narrower (but constantly expanding) cybersecurity field. Help comes from the European Union: a new framework has been available since last September: the European Cybersecurity Skills Framework (ECSF) established by the European Union Agency for Cyber Security (ENISA) to define a set of cybersecurity roles and skills. This is an increasingly urgent need, after the Italian government allocated 420 Mln€ in two Funds from 2023 to 2025 to support the National Cybersecurity Strategy. It is essential to be able to count on a set of professionals to implement these measures and achieve an effective response capability to increasingly advanced cyber-attacks.
The aim of the framework is to create a specific culture on the subject and to lay the foundations for the training and recognition of 12 different cybersecurity professionals. A list of professional roles to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. The main purpose of the framework is to create a common understanding and initiate collaborations between individuals, employers and university providers of learning programmes in the EU Member States.
The foreseen figures are:
- the Chief Information Security Officer (CISO) or Information Security Manager
- the Cyber Incident Responder or Incident Manager
- the Cyber Legal, Policy and Compliance Officer
- the Cyber Threat Intelligence Specialist
- the Cybersecurity Architect
- the Cybersecurity Auditor or Compliance Specialist
- the Cybersecurity Educator and also cyber awareness
- the Cybersecurity Implementer or Cybersecurity Technician
- the Cybersecurity Researcher
- the Cybersecurity Risk Manager
- the Digital Forensics Investigator
the Penetration Tester