Report: 1st REWIRE online event on Cybersecurity Skills Gap & Education

On September 19, 2022, the REWIRE partners held their first online event on Cybersecurity Skills Gap & Education where they had the opportunity to present the first deliverables of the WP5 Blueprint Toolbox – Tools connected to the promotion, connection and guidance to several stakeholders, in particular the REWIRE Fiche I and REWIRE Policy Recommendation I.

The webinar was moderated by Regina Valutytë, Vice Rector for Academic Affairs at the Mykolas Romeris University, who welcomed the participants and presented the aim of the event, which was to bring to the attention of the participants the cybersecurity skills gap and shortage which is a reality in Europe and need to be tackled: this is a starting point for the REWIRE partnership.

Following the introduction of the project by the REWIRE Project Coordinator Andrius Bambalas from Mykolas Romeris University, Ainhoa Segurola, Project and Membership Assistant at EfVET, the task leader of REWIRE Fiches and Policy Recommendations, continued with her intervention describing the objectives of the two documents.

The REWIRE Fiches aim to underpin and illustrate the REWIRE strategy by identifying, documenting, and promoting concrete best and good practices at national and regional level, all aiming at addressing the skills shortages and mismatches between cybersecurity education and the industry requirements, as well as fostering multi-stakeholder partnerships.

The REWIRE Policy Recommendations, composed of different Policy Briefs presented every six months, will aim at conveying the implications of project outputs for policy and practice. The content of the different Policy Briefs will cover the main areas that need to be addressed in the future, such as the European Cybersecurity Skills Framework, the lack of cooperation among stakeholders or the lack of awareness of cybersecurity risks.

The first of the REWIRE Fiches has been carried out after reviewing the cybersecurity strategies of multiple European countries, from which different initiatives and actions have been identified and collected. Pending a more comprehensive analysis in the lifetime of the REWIRE project, the REWIRE Fiche I highlights two aspects above all others: the categories created to group the initiatives selected, and the example of one of the initiatives that could later be classified as a concrete good practice. Regarding how the document was developed, Ainhoa briefly explained the methodology followed to develop the first of the Fiches, focused on categorising the initiatives selected, and highlighted that the REWIRE consortium is working on a comprehensive analysis of the initiatives collected in the lifetime of the project.

The presentation of the REWIRE Fiche I and Policy Recommendation I continued with the intervention of Argyro Chatzopoulou from ApiroPlus Solutions, who presented some of the initial conclusions that have been reached. For example, she pointed out that among the different countries’ cybersecurity strategies analysed, all of them include at least one milestone or objective related to cybersecurity education, awareness and training. However, there is a scarcity of public information regarding the performance of the actions implemented by the different countries, which makes it difficult to have all the information needed, at least considering the objective is to identify best practices, and not just initiatives.

The first REWIRE Policy Brief aimed at pointing out a series of aspects: the context and relevance of having a uniform European Cybersecurity Skills Framework; the description and presentation of the skills frameworks in other countries; and remark the importance of addressing cybersecurity education at all levels, as it embodies a considerable challenge not only for actors such as governments or companies, but also for citizens. In this regard, Argyro Chatzopoulou briefly explained the results of analysing the different existing Cybersecurity Skills Frameworks in other countries (Australia, Singapore, USA, Canada, UK and The Netherlands) and the comparison between them. For this purpose, Argyro explained which aspects were considered when doing the analysis, such as the role profiles, career paths, structure, levels of maturity (for the role profiles) and the possible focus on SMEs.

The event held afterwards a moderated discussion between Professor Nineta Polemi at the University of Piraeus & Co-Founder/CTO of trustilio, Professor Christos Douligeris at the University of Piraeus, and Ioannis Agrafiotis, Network Security Officer at the European Union Agency for Network and Information Security (ENISA).

The guest speakers were invited to provide a feedback on the two presented documents. Prof. Polemi, in her brief intervention at the beginning of the event, gave positive feedback on the first REWIRE policy recommendation and highlighted REWIRE’s potential in the implementation of the Cybersecurity Skills Framework. She demonstrated the EU’s efforts in homogenizing Cybersecurity Education (with the Centres of excellence being a highlight) since 2017 and addressed the Cybersecurity Skills Framework as the next important EU initiative. Prof. Douligeris also gave a very warm feedback on the two documents and emphasized the importance of the project sustainability as well as connecting REWIRE to the Centres of Excellence. He mentioned country particularities (i.e. low security education in VET and high schools in Greece) and the importance of the CS career path. Mr. Agrafiotis, echoing the two previous speakers, mentioned that REWIRE results help a lot in mapping siloed efforts in the area and he then suggested that the mapping exercise could also include the measures that MS take to align with the strategy and HEI initiatives.

The next round of questions coming from the moderator and the audience focused on the ways to promote cybersecurity skills and cybersecurity in general, the need to have a minimum understanding of cybersecurity at every level of education, the biggest challenges for the Cybersecurity Skills Framework and the future of Cybersecurity Education. Prof. Douligeris pointed out  that cybersecurity is a relatively new topic. He added that recent cyberattacks could push more people to work in the area. However, in terms of promoting a common understanding at various levels of cybersecurity education, he supported that this would be easier for technical professions. A participant from the audience suggested that it is a matter of raising awareness and ringing the bell of the skills gap through other means (educational system, contests, talks, seminars etc). Mr Agrafiotis mentioned that there is a need for a closer cooperation in the area which could be achieved by abandoning the approach of reinventing the wheel at national levels. He, also, highlighted the importance of the European Cybersecurity Skills Framework as it would be a more simplified version compared to other existing versions and echoed the call for promoting cybersecurity as an attractive career path.