Human-centric practical cybersecurity training based on public-private partnerships

EU Higher Education Institutions (HEIs) have more than 128 cybersecurity programs (undergraduate,  graduate and professional) as demonstrated by information in various databases, mappings and frameworks (e.g., ENISA/CyberHEAD, JRC/Atlas,  Sparta, CyberSec4Europe, ECHO and other EU projects). In spite of this, the cybersecurity skills gap is increasing; the number of unfilled cybersecurity jobs grew by 350% in the past eight years and the (ISC) Cybersecurity Workforce Study for 2021 estimates that an additional 2.7 million cybersecurity professionals are needed, where the  World Economic Forum Future of jobs report  indicates that 50% of all employees will need cybersecurity  reskilling by 2025.

As recommended by ENISA and other studies further collaboration among HEIs and the private sector is needed to address the cybersecurity market challenges and industrial demands. The existing programs are part of the academic rigid, static programs that cannot properly address hands-on dynamic capabilities and emerging cybersecurity skills needed in the market. Upskilling of the existing workforce and developing the new one capable to promptly respond to future challenges in specialised industrial security domains and knowledge areas has become an urgent need.

Fostering collaboration of the universities with the private sector will provide the necessary boost to sustainable and effective practical cybersecurity training programs. This should be based on state-of-the art technological training tools (e.g., simulation platforms, cyber ranges, cloud capabilities, computing power), real-life based training material and digital-driven pedagogical approaches.

trustilio was the main pen holder of the CyberSecPro proposal submitted in the DEP program where in collaboration with seventeen where (17) Higher Education Institutions (HEIs)  and thirteen (13) security companies, including trustilio, from sixteen (16) Member States proposed the agile CyberSecPro professional cybersecurity practical and hands-on training program that will complement, support and advance the existing academic programs by linking innovation, research, industry, academia and SME support.

 trustilio emphasised the importance in covering human factors in the proposed CyberSecPro cybersecurity trainings and embed human security as part of the curricula. In particular trustilio proposed that trainees need to learn how to Identify and address ethical, security, social, behavioural, economic aspects impacting security operations, practices and developments as well as to assess and estimate the impact of security controls on users’ behaviours. Knowledge of behavioural traits and profiles of attackers will provide more cybersecurity intelligence in order to manage effectively any security incident or attack (including phishing, malware supply chains, attack vectors, and money transfers). Embed human centric values and principles in the life cycle of the software and system developments will lead to more user-friendly products. Analysis of human errors, awareness levels and cyber analytics behaviour will contribute to resilient critical information infrastructures, services, and practices.