The purpose of this exercise was to showcase and discuss how EU-cofunded projects and initiatives contribute to closing the cybersecurity skills gap, in alignment with the European Cybersecurity Skills Framework (ECSF).
Each breakout session focused on one thematic area:
- Designing and Delivering Training Activities for Specific Workforce Sectors
Moderated by Jetzabel SERNA & Alina TARALUNGA - Designing and Delivering Horizontal Training and Education Initiatives
Moderated by Nineta POLEMI, Eleni SERALIDOU & Antonio NEVADO - Analysis of Cyber Skills Gaps in the Workforce
Moderated by Jutta BREYER & Aleksandra MALECKA - Types of Cyber Skills Certificates
Moderated by Chatzopoulou ARGYRO & Paolo ATZENI
Below a summary of key findings, challenges encountered in achieving the objectives, and recommendations for future action for the 4 breakout sessions:
Thematic Area 1: Designing and Delivering Training Activities for Specific Workforce Sectors
Moderated by Jetzabel Serna & Alina Taralunga
Summary of Key Findings
The objective of this breakout session was to explore how EU-cofunded projects are upskilling professionals across targeted sectors, including Transport, Finance, Health, Public Administration, Energy, Defence, and other sectors. The discussion focused on identifying projects that are already delivering or planning to deliver sector-specific training, quantifying the number of individuals trained, and collecting lessons learned, challenges, and recommendations.
Most participating projects are currently in the early stages of implementation, with the exception of CybersecPro and Nero, which have already delivered training activities. As a result, the quantification of trained individuals remains limited at this stage, with most projects expecting to reach their training targets after more than 12 months of implementation.
Given the early project maturity, measurable impact is currently limited. However, early observations indicate increased upskilling of SMEs, suggesting strong uptake by smaller organisations. Targeting IT professionals has proven effective, as they already possess foundational knowledge that enables more efficient cybersecurity training. Additionally, high levels of user satisfaction were reported among training participants.
Challenges Encountered in Achieving the Objectives
Several common challenges were identified across sectors. Projects reported a general lack of cybersecurity awareness, with organisations often demonstrating limited understanding of cybersecurity risks, which complicates initial onboarding. Another challenge relates to insufficient foundational IT skills, particularly when training for specialised roles such as incident responders, requiring additional training on basic IT concepts.
The heterogeneity of learner profiles posed challenges during training needs analysis and curriculum design, as different sectors and organisations exhibit varying levels of cybersecurity maturity. Learner overload and the absence of clear learning pathways were also highlighted, with trainees finding the volume of available courses overwhelming and lacking guidance on where to start.
Although sectoral requirements were assessed, training was often not fully tailored to sector-specific needs, resulting in a sector-specificity gap. Additional challenges were identified in operational technology (OT) environments, where low cybersecurity awareness, legacy systems, outdated workflows, and limited capacity to adopt modern cybersecurity practices persist.
Recommendations for Future Action
Recommendations included embedding cybersecurity into engineering and non-cyber curricula to strengthen systemic resilience. Participants also emphasised the need to establish clear and structured learning paths, providing step-by-step progression and transparent mapping between courses and skills or competences. Finally, increased engagement with authorities and industry bodies was recommended to improve sector alignment and enhance training adoption.
Thematic Area 2: Designing and Delivering Horizontal Training and Education Initiatives
Moderated by Nineta Polemi, Eleni Seralidou & Antonio Nevado
Summary of Key Findings
This thematic area examined EU-funded projects designing and delivering horizontal cybersecurity training and education initiatives aimed at enhancing skills across sectors. These initiatives are aligned with roles, skills and competences defined in the European Cybersecurity Skills Framework (ECSF). The findings presented here are based on an interactive group exercise that assessed project contributions to ECSF skills and roles, the tools and methods employed, and the quality assurance practices in place.
A large proportion of participating projects are still in the early stages of implementation, focusing on developing cross-sectoral learning content, platforms, and tools. Pilot activities are planned for the coming year or beyond a 12-month horizon.
Collectively, the projects address a broad range of ECSF professional role profiles, including Chief Information Security Officer (CISO), Cyber Incident Responder, Cybersecurity Architect, Educator, Implementer, and Penetration Tester. Training delivery relies on a wide set of tools, including commercial and open-source solutions for network analysis, virtualisation, and penetration testing, alongside collaborative platforms such as Moodle, Webex, and Zoom. Many projects also use Cyber Ranges to support hands-on learning.
Across the projects, the majority of training activities contribute directly to the skills required for most ECSF professional role profiles. Three projects have completed their training programmes, five expect completion within the next 12 months, and three anticipate completion after more than 12 months. In total, 704 individuals were trained in 2025, with an estimated 5,830 additional trainees expected during 2026–2027.
Quality assurance approaches vary considerably due to the absence of a standardised methodology. Projects currently apply internal reviews, advisory boards, external expert assessments, and structured questionnaires.
Challenges Encountered in Achieving the Objectives
Key challenges include ensuring training relevance across diverse industry sectors and effectively engaging stakeholders throughout the training lifecycle. Interoperability and quality assurance were also highlighted as critical issues to maintain the value and consistency of training offerings.
Projects identified the absence of an EU-wide certification scheme for ECSF-aligned cybersecurity professional programmes and the lack of a harmonised credit system, leading projects to develop their own certification and credit mechanisms. Additional challenges include the practical application of the ECSF for personalised learning pathways, the need for structured and continuous collaboration with other Digital Europe Programme (DEP) projects, long-term sustainability of platforms and marketplaces, and ensuring continuous updating of training materials.
Recommendations for Future Action
Participants recommended the establishment of an EU-wide certification scheme fully aligned with the European Cybersecurity Skills Framework (ECSF) and supported by a harmonised credit system. To ensure consistent implementation and oversight, a dedicated EU authority should be created to certify ECSF-based professional training programmes. Additionally, the Cybersecurity Skills Academy should be positioned as a central umbrella organisation, serving as a hub for hosting, coordinating, and sustaining training resources across Europe.
Thematic Area 3: Analysis of Cyber Skills Gaps in the Workforce
Moderated by Jutta Breyer & Aleksandra Malecka
Summary of Key Findings
This interactive exercise focused on how EU-funded projects analyse cybersecurity workforce demand and cyber skills gaps in the labour market at both European and country-specific levels, with particular attention to the scope, methods, and quantitative dimensions of the needs analyses carried out. Following an exchange on the challenges encountered, the discussion was further expanded to explore, from a broader perspective, the motivation, needs, and practical ideas of participants for increased collaboration and synergies across project activities, with the aim of envisioning and achieving a new level of a European value chain to tackle the cybersecurity skills gap.
A major finding was that almost all projects reported active engagement in analysing the cyber skills gaps they aim to address. These activities were carried out at different levels of intensity, methodological depth, and geographical reach, but projects often pursued similar objectives and encountered comparable challenges. This prompted reflection on the value of increasing synergies and more systematic collaboration between initiatives, with many practical ideas collected during the final part of the session.
With regard to the needs analysis scope, projects collectively covered the full spectrum of cybersecurity skills levels, ranging from in-depth cybersecurity professional expertise and critical ICT professionals to transversal workforce capacity and cybersecurity awareness for all citizens. A large number of projects focused on cybersecurity core professionals, as defined by the European Cybersecurity Skills Framework (ECSF). Several projects focused, either in addition or exclusively, on the cybersecurity capacity of critical ICT professionals “acting on the source”, including roles such as Data Administrators, Developers, Systems Administrators, Enterprise Architects, and Network Specialists, which have a critical impact on the security of technology infrastructures and digital services. Other projects addressed cybersecurity transversal capacity across the professional workforce, while further initiatives focused on cybersecurity awareness for all citizens.
Dedicated and comprehensive EU-level frameworks were consistently identified as playing a vital role in supporting this work by providing a common terminology. The ECSF was the most frequently used framework to underpin the cybersecurity profession and was often complemented by EN16234-1 e-CF and CWA 16458 ICT Profiles, particularly when extending analysis to the broader ICT professional domain. This use of common language was, a.o., a key ingredient to Needs Analysis methodology of two projects with Needs Analysis results achieved on a larger scale (in particular, CyberHubs with an extensive Needs Analysis performed in 7 countries and CADMUS systematically processing results from CyberHubs and other EU projects on a next level).
In terms of needs analysis methods, projects applied multiple approaches at different levels of intensity, most frequently including job postings analysis, questionnaires and surveys, expert interviews, expert meetings, and desk research, such as labour market reports and studies. To gather cybersecurity expert opinions, projects consulted a wide range of stakeholders, including public and private workplace representatives (SMEs and large organisations), managers, professionals, HR representatives, learning providers, policymakers, and associations.
Significantly less activity was reported in relation to understanding the cyber skills supply. Two projects indicated concrete actions in this area, such as mapping existing qualification and training offers against ECSF role profiles and identified demand. In addition, two project partnerships reported work on forecasting models to anticipate cybersecurity professional roles and skills demand more systematically in the mid- and long-term.
Challenges Encountered in Achieving the Objectives
Despite differences in project design, resources, and geographical scope, projects reported largely similar challenges. These included the need to adapt common analytical approaches to different national and regional labour market realities, including local languages, difficulties in achieving meaningful response rates to questionnaires and surveys, and challenges linked to vaguely formulated and skills-overloaded job postings, which complicate systematic analysis.
A notable positive conclusion was drawn when reflecting on a major challenge reported by projects in previous years: the lack of a common terminology to define cybersecurity professions in depth. This challenge has been effectively overcome since the publication of the ECSF in 2022, providing a shared language across projects, stakeholder perspectives, and national borders. This development was highlighted as an excellent example of how joint EU-level efforts accelerate efficiency and effectiveness, and it enabled the discussion to move beyond fragmented needs analysis approaches.
Recommendations for Future Action
The first recommendation is to continue and accelerate the adoption and systematic use of common language and terminology, notably the ECSF for cybersecurity professionals, complemented by related components such as EN16234 e-CF, EQF, CWA 16458 EU ICT Professional Role Profiles and ESCO, to provide a shared basis for coordinated action in the short, medium, and long term.
The second recommendation is to enhance the environment for collaboration and ensure easy access to results across cybersecurity projects, allowing initiatives to join forces, create synergies, and optimise processes and outputs at a new level across the cybersecurity professional skills ecosystem. This includes strengthening personal collaboration mechanisms such as workshops, bilateral contacts, National Cybersecurity Competence Centers (NCCs), project clusters, working groups, and support from initiatives such as AKADIMOS; establishing collaboration platforms or online communities, including chat and matching tools; ensuring the availability of platforms or EU-level marketplaces providing access to skills gap analysis results, best practices (including content indexing and AI-supported approaches), tools, and training offers; promoting larger international projects with direct EU funding and shared KPIs; organising project roadshows; and creating dedicated funding for open-source solutions, including Minimum Viable Products (MVPs) and pilot projects.
In terms of practical cooperation, participants highlighted the importance of sharing resources, mapping skills and competences, strengthening collaboration at national and EU levels, continuous monitoring of labour market needs and education and training offers, leveraging needs analysis results across other project activities, and conducting meta-analyses or systematic analyses. The AKADIMOS project offered to support aggregation and cooperation efforts, with other projects invited to contribute data and engage.
Thematic Area 4: Types of Cyber Skills Certificates
Moderated by Chatzopoulou Argyro & Paolo Atzeni
Summary of Key Findings
This breakout session aimed to gain insights, discuss challenges, and formulate recommendations on different types of cybersecurity skills certificates and skills assessment. The discussion was conducted in two alternating groups and involved seven EU-funded projects, two national authorities, and representatives from the European Commission. The session addressed what happens after course completion, the information included in skills certificates, and the assessment methods used.
All participating projects declared that a certificate is provided upon completion of a training course. In half of the projects, certificates are issued upon course completion without a formal assessment, while two out of seven projects reported that participants undergo a procedure, exam, or exercise to assess their skills before being awarded a certificate. Projects offering Master’s programmes lead to formally recognised diplomas, accredited in at least one country, which are more formalised than professional education.
Most projects (five out of seven) expressed the intention to provide microcredentials in line with EU recommendations. Most of the certificate fields discussed during the exercise are already used by the projects or are planned to be used. Training courses across the projects often make reference to the European Cybersecurity Skills Framework (ECSF), although in most cases this reference remains generic. Similar practices were observed in the wider market, where courses claim coverage of entire ECSF profiles but provide limited information on the specific skills, knowledge, proficiency levels, or degree of coverage.
A variety of assessment methods were reported, including case studies, hands-on exercises, Capture the Flag contests, quizzes, multiple-choice questions, project assignments, and portfolios. Not all methods are suitable within the boundaries of professional training outside an organisational context. There was general agreement that quizzes and multiple-choice questions represent a weak form of assessment and may be appropriate mainly for basic or awareness-level training. Most projects considered that reliable assessment requires assignments, with document-based assignments suited to policy-oriented courses and lab-based activities suited to technical training.
Challenges Encountered in Achieving the Objectives
Several challenges were identified. The extraction and presentation of microcredentials are not standardised, and most projects indicated that this area is still under development. No concrete approaches were presented, making it currently impossible to address mutual recognition or interoperability of microcredentials.
Another challenge concerns the generic use of ECSF references in training courses, with insufficient detail on the skills, knowledge, proficiency levels, and degree of coverage achieved. In addition, there is limited information on the suitability and effectiveness of different assessment methods for specific roles, skills, knowledge areas, and proficiency levels.
Finally, despite the large number of certificates available on the market, comparing and recognising these certificates remains difficult, particularly when compared with accredited university diplomas. This creates challenges for recruiters, employers, and certificate holders.
Recommendations for Future Action
Several recommendations were formulated. First, a standardised method for microcredentials should be developed, enabling interested parties to easily identify whether a credential was obtained following an assessment and to understand the type of assessment used. Additional certificate fields were proposed, including references to the e-CF, ECSF, proficiency levels, EQF alignment, workload (hours or ECTS), level (e.g. beginner, advanced, expert), period of validity or expiration date, and mode of participation (classroom, online, or hybrid).
Further recommendations highlighted the need for an EU-level standard for skills assessment, which could serve as a baseline for comparison across certificates. This standard could take the form of a Book of Knowledge, containing analytical descriptions of required skills and knowledge per subject and role, expanded across proficiency levels, with reference examples such as German contractual frameworks. For each type of skill, knowledge area, level, and possibly role, suitable assessment methods should be defined. Certificates should clearly reflect the skills, knowledge, and levels demonstrated by the holder, and continuous education should be incorporated into certification schemes.
Finally, it was recommended that cybersecurity skills assessment place greater emphasis on practical approaches, including hands-on activities, task implementation, and gamification, rather than primarily theoretical methods.