The ECSF provides an open European tool to build a common understanding of the cybersecurity professional role profiles and common mappings with the appropriate skills and competences required.

European Cybersecurity Skills Framework (ECSF)

The European Cybersecurity Skills Framework (ECSF) is the result of the joint effort of ENISA and the ENISA Ad-hoc working group on Cybersecurity Skills Framework

The aim of the ECSF is to create a common understanding of the relevant roles, competencies, skills and knowledge required; to facilitate recognition of cybersecurity skills; and to support the design of cybersecurity-related training programmes. It summarises all cybersecurity-related roles into 12 profiles, which are individually analysed into the details of their corresponding responsibilities, skills, synergies and interdependencies.  

The framework is complemented by a user manual, which constitutes a practical guide to its utilisation, based on examples and use cases. The manual includes three examples for private organisations that need to hire, upskill and/or reskill their personnel in cybersecurity, along with use cases, which represents the experience of seven organisations using the ECSF in different contexts.  

A draft version of the framework was presented to the public in April 2022 via a webinar. On 20th and 21st September, the final version of the ECSF and its user manual was presented during the ENISA cybersecurity skills conference 

Closing remarks of the conference were delivered by Despina Spanou, Head of Cabinet for European Commission Vice-President Margaritis Schinas, who stated: " We now need to make sure that we address what could become our biggest challenge: how to have the right people with the right skills to shield our citizens and our economies from ever more pervasive cyberattacks across all critical sectors. On the eve of 2023 European Year of Skills, the European Cybersecurity Skills Framework will be a tangible tool to help identifying the profiles of jobs that are the most necessary in the field. It can become an enabler of a common European language on cybersecurity skills across the whole European cyber ecosystem and a building block for the Commission’s work on a genuine Cybersecurity Skills Academy"

ECSF Goals in Brief

  1. Use of the ECSF ensures a common terminology and shared understanding between the demand (workplace, recruitment) and supply (qualification, training) of cybersecurity professionals across the EU.  
  2. The ECSF supports the identification of critical skills sets required from a workforce perspective. It enables providers of learning programmes to support the development of this critical set of skills and helps policy-makers to support targeted initiatives to mitigate the gaps identified in skills.  
  3. The framework facilitates an understanding of leading cybersecurity professional roles and the essential skills they require, including soft skills, and also the legislative aspects (if any). In particular, it enables non-experts and HR departments to understand the requirements for resource planning, recruitment and career planning in supporting cybersecurity. 
  4. The framework promotes harmonisation in cybersecurity education, training, and workforce development. At the same time, this common European language in the context of cybersecurity skills and roles connects well with the entire ICT professional domain.  
  5. The ECSF contributes to achieving enhanced shielding against cyberattacks and to ensuring secure IT systems in society. It provides a standard structure and advice on how to implement capacity building within the European cybersecurity workforce. 

More information about the ECSF

The shortages of and gaps in skill in the cybersecurity workforce are a major concern for both economic development and national security, especially when considering the rapid digitisation of the global economy. Thus, the development of a European Cybersecurity Skills Framework that takes into account the needs of the EU and each one of its Member States was an essential step towards Europe’s digital future. 

The framework provides a practical tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. The main purpose of the framework is to create a common understanding between individuals, employers and providers of learning programmes across EU Member States, making it a valuable tool to bridge the gap between the professional cybersecurity workplace and learning environments.  

Skills conference 2.png

The Framework will strengthen European cybersecurity culture, by providing a common European language across communities, thus making an essential step forward towards Europe’s digital future.

The 12 cybersecurity role profiles defined by the framework provide a common understanding of the main cybersecurity missions, tasks and skills needed in a professional cybersecurity context, making it the perfect reference for profiling the skills and knowledge needed by cybersecurity professionals. The framework was designed to be easily understood and comprehensive enough to provide appropriate in-depth cybersecurity insights as well as flexible enough to allow customisation based on each user’s needs. By incorporating all stakeholder perspectives, the framework is applicable to all types of organisations and supports the development of all cybersecurity professions. 

The framework consists of two documents: 

  • The ECSF Role Profiles document – Listing the 12 typical cybersecurity professional role profiles along with their identified titles, missions, tasks, skills, knowledge, competences.
  • The ECSF User Manual document – Providing guidance and practical examples on how to leverage the framework and benefit from it as an organisation, provider of learning programmes or individual.

Cyber Higher Education Database (CyberHEAD)

CyberHEAD lists the academic programmes available in cybersecurity in Europe. The tool offers search possibilities and many filters to help students find the programme that suits their interest.

The role profiles described in European Cybersecurity Skills Framework is going to be used to develop a comprehensive and flexible curricula guidance for academic institutions. This will help students to make sensible learning choices and to understand the possible career paths,  and so bridge the gap between the professional workplace and learning environments.

For any questions or further enquiries on the ECSF or CyberHEAD please contact us at

Browse the Topics

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information