Competency Framework for Cybersecurity professions

From Wiki Campus Cyber

Competency Framework for Cybersecurity professions

Category: Working Group

Status: Done




According to ANSSI studies, there is a real lack of cybersecurity skills and resources for both providers and users. Since 2019 there are more than 15,000 open positions in the cyber job market in France. In reaction to that, the industry anticipates the creation of 35,000 positions by 2030. Despite the growth of the cyber job market and the career opportunities offered, it seems to not attract the desired workforce: training courses are struggling to recruit talents, and the lack of women is shocking. Indeed, according to ISC2 studies, women represent only 11% of the workforce worldwide. This lack of attractiveness is due, among other things, to the stereotypes associated with the cybersecurity professions: specialized jobs and IT skills, etc. Building on the initial work carried out within their "Diversity and Inclusion" working group, Clusif has chosen to join the working group dedicated to Training created in 2021 within the Cyber Campus and co-led by CapGemini. The twenty experts in training and cybersecurity who meet every two weeks have decided to continue along the path already opened up, with the support of ANSSI (which has made it possible, for example, to include the new PRIStype reference systems in the professions). The first objective of this Training Working Group was the creation of a Competency Reference Framework for Cybersecurity professions. This repository will help demystify and publicize the cybersecurity professions and the skills required to occupy the various positions. In the long term, it will also be able to direct the various publics towards the appropriate training courses. This work was designed as a bridge between HR, professions and students to serve as a common reference for the French cybersecurity ecosystem.

This work was based on the ANSSI's “Panorama des Métiers de la Cybersécurité” and the CyberEdu skills framework, but also took into account international standards (ENISA's European Cybersecurity Skills Framework, NIST's National Initiative for Cybersecurity Education) and the Security Skills Matrix produced by AXA. Moreover, it is important to keep in mind that the level of the users of the matrix may be slightly lower than the one displayed.

Moreover, the reference framework is meant to be adjustable, depending on the organizational context of the companies (maturity, stakes...). Indeed, cybersecurity is a constantly evolving field, which requires regular adjustments according to the evolution needs of the sector. The Cybersecurity Competency Framework is intended for a wide audience. It is both a tool to help orientation, integration of young graduates and retraining to and within the cybersecurity professions. The repository could also be useful to the competent departments within human resources, recruitment agencies, training organizations, private or public companies, as well as to individuals. This reference tool is the first deliverable of the Training Working Group. This first part deals with jobs directly related to cybersecurity. In a second phase, the working group will deal with the related jobs that are linked to cybersecurity, to enrich this work.

If you wish to have additional information, do not hesitate to contact the Commons Studio of the Cyber Campus.

The Training Working Group of the Cyber Campus Commons Studio

Download the matrice[edit | edit source]

Competency framework

Leaded by the community of interest

CI Formation (Propose actions to make training opportunities more visible and supply the industry with new recruits at the right skill level.)