Cybersecurity Skills
Certification Scheme
General information
The Cyber Security Certification Programme for Individuals includes a cross-section of certification paths (profiles) grouped according to their primary focus. We are among the first to implement the European Cybersecurity Skills Framework (ECSF) developed by the European Union Agency for Cybersecurity (ENISA) – paths that comply with the ECSF profiles are marked with *.
The certification programme meets the requirements of EN ISO/IEC 17024:2012 Conformity assessment – General requirements for bodies operating certification of persons.
Certification paths
(black indicates pathways that will be available in the future)
Cyber resilience
Cyber Resilience Leadership
The certificate obtained in this path confirms the cyber resilience competencies of the managers of the National Cybersecurity System (KSC) entities. These include:
- taking into account national and European legislation in the field of cybersecurity;
- overseeing, coordinating and executing tasks in the area of ICT infrastructure security;
- identifying and responding to cybersecurity threats to KSC entities;
- organising incident reporting processes;
- ensuring business continuity of networks and information and communication systems;
- managing information security;
- developing a crisis communication strategy;
- identifying anerifying cybersecurity risk information;
- applying methods and techniques related to risk estimation.
More information can be found here: Cyber Resilience Leadership.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cybersecurity in general
Chief Information Security Officer (CISO)*
The certification obtained in this path confirms cybersecurity competencies related to information security. These include:
- managing the organisation’s cybersecurity strategy;
- ensuring that the organisation’s systems, services and digital assets are adequately secured and protected;
- defining and maintaining cybersecurity strategies, policies and procedures;
- managing the implementation of the cybersecurity policy across the organisation;
- ensuring information is shared with external bodies and professional organisations.
* These are competencies inspired by and in line with the profile: CHIEF INFORMATION SECURITY OFFICER (CISO) in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cybersecurity Architect*
The certification obtained in this path confirms competencies related to cybersecurity design. These include:
- planning and designing cybersecurity solutions;
- planning and designing cybersecurity controls;
- developing appropriate documentation and specifications, including the production of cybersecurity requirements reports;
- coordinating the secure development, integration and maintenance of cybersecurity components by standards and other related requirements;
- creating cybersecurity structure diagrams.
* These are competencies inspired by and in line with the profile: CYBERSECURITY ARCHITECT in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cybersecurity Implementer*
The certification obtained in this path confirms the competencies related to implementing cybersecurity. These include:
- developing, implementing and operating cybersecurity solutions (systems, resources, software, controls and services) in infrastructure and products;
- testing, maintaining, monitoring and supporting cybersecurity solutions;
- ensuring compliance with specifications and requirements;
- resolving technical issues related to the organisation’s cybersecurity, infrastructure and products.
* These are competencies inspired by and in line with the profile: CYBERSECURITY IMPLEMENTER in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Penetration Tester*
The certification obtained in this path confirms competencies related to cybersecurity testing. These include:
- assessing the effectiveness of security controls, including drawing up attack scenarios and reporting on the results of vulnerability assessments;
- identifying cybersecurity vulnerabilities and assessing their criticality;
- planning, designing, implementing and executing penetration testing activities;
- producing penetration testing reports.
* These are competencies inspired by and in line with the profile: PENETRATION TESTER in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cyber policies
Cyber Legal, Policy & Compliance Officer*
The certification obtained in this path confirms cybersecurity-related cyber law competence. These include:
- managing compliance with standards, legal and regulatory frameworks related to cybersecurity based on the organisation’s strategy and legal requirements;
- providing legal advice on the development of the organisation’s cybersecurity management processes and recommended remedial solutions to ensure compliance;
- preparing the compliance manual and compliance reports;
- performing data protection and privacy tasks related to implementing organisational, financial processes and business strategy.
* These are competencies inspired by and in line with the profile: CYBER LEGAL, POLICY & COMPLIANCE OFFICER in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cybercrimes
Digital Forensics Investigator*
The certification obtained in this path confirms the cybersecurity competencies associated with cybercrime investigations. These include:
- identifying all digital evidence necessary to prove malicious activity;
- identifying perpetrators of unauthorised or illegal activity by linking artefacts to individuals;
- capturing, recovering, identifying and preserving data, including any signs of actions performed;
- conducting analysis, reconstruction and interpretation of digital evidence based on qualitative opinions;
- providing unbiased views on quality without interpreting the results obtained.
* These are competencies inspired by and in line with the profile: DIGITAL FORENSICS INVESTIGATOR in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cyber threats
Cyber Threat Intelligence Specialist*
The certification obtained in this path confirms cybersecurity competencies related to cyber threats. These include:
- collecting, processing, and analysing data and information to produce useful cyber threat reports and disseminating them to target stakeholders;
- manage cyber threat information;
- identifying and monitoring tactics, trends, techniques and procedures used for cyber attacks;
- tracking activities of threat actors;
- identifying linkages between unrelated and cyber-related activities and determining the relevance of these linkages;
- preparing a cyber threat analysis manual.
* These are competencies inspired by and in line with the profile: CYBER THREAT INTELLIGENCE SPECIALIST in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cyber Incident Responder*
The certification obtained in this path confirms competencies related to cybersecurity incident response. These include:
- monitoring and assessing the cybersecurity status of an organisation;
- handling cyber incidents, including analysis, assessment and mitigation;
- ensuring business continuity of ICT systems;
- identifying root causes of cyber incidents;
- documenting actions taken, including preparing cyber ideveloping cyber incident response plansncident reports;
- developing cyber incident response plans.
* These are competencies inspired by and in line with the profile: CYBER INCIDENT RESPONDER in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Cybersecurity Risk Manager*
The certification obtained in this path confirms competencies related to cybersecurity risk management. These include:
- manage the organisation’s cybersecurity risks in line with the organisation’s strategy;
- developing and maintaining cybersecurity risk management processes;
- producing cybersecurity risk assessment reports;
- establishing a cybersecurity risk management strategy;
- ensuring that risks remain acceptable to the organisation by planning and controlling risk mitigation activities.
* These are competencies inspired by and in line with the profile: CYBERSECURITY RISK MANAGER in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Audits
Cybersecurity Auditor*
The certification obtained in this path confirms competencies related to cybersecurity auditing. These include:
- conducting cybersecurity audits, including preparing an audit plan and producing an audit report;
- ensuring compliance with statutory, regulatory, policy information, security requirements, industry standards and best practice;
- conducting independent reviews to assess the effectiveness of processes and controls and overall compliance with the policies of the organisation’s legal and regulatory framework;
- evaluating, testing and verifying cybersecurity products (system, hardware, software and services) and functions and policies to ensure compliance with guidelines, standards and regulations.
* These are competencies inspired by and in line with the profile: CYBERSECURITY AUDITOR in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Education and training
Cybersecurity Educator*
The certification obtained in this path confirms the competencies associated with cybersecurity training. These include:
- enhancing the knowledge, skills and competencies of cybersecurity trainees;
- designing, developing and conducting awareness, training and education programmes on cybersecurity and data protection;
- using appropriate teaching and training methods, techniques and instruments to communicate and reinforce the culture;
- promoting the importance of cybersecurity and strengthening it within the organisation;
- preparing training materials on cybersecurity.
* These are competencies inspired by and in line with the profile: CYBERSECURITY EDUCATOR in ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Science and research
Cybersecurity Researcher*
The certification obtained in this path confirms competencies related to cybersecurity research and development. These include:
- conducting cybersecurity research, the results of which are used to develop the best cybersecurity solutions;
- collaborating with stakeholders to develop innovations in the field of cybersecurity;
- analysing trends and scientific findings in the field of cybersecurity;
- publishing articles in the area of cybersecurity.
* These are competencies inspired by and in line with the profile: CYBERSECURITY RESEARCHER in the ECSF.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.
Personal data
Data Protection Officer
The certification obtained in this path confirms the cybersecurity competencies related to data protection and the Data Protection Officer. These include:
- monitoring compliance with data protection legislation;
- advising the data controller and staff on their data protection obligations;
- providing training to staff on data protection principles and best practices;
- acting as a point of contact for the data protection supervisory authority and data subjects;
- assessing risks and data protection breaches;
- maintaining a register of personal data processing activities and preparing reports on data protection status in the organisation.
Please complete the form below if you are interested in this certification path. Completing it is voluntary and does not oblige you to participate in the programme.