About

What does CYRUS stand for?

CYRUS: A personalised, customised, work-based training framework for enhanced CYbeRsecurity skills across indUstrial Sectors

We design and implement cybersecurity training courses to improve the cybersecurity skills of all-level employees and give them the means to identify and mitigate cyber threats.

Since we are aware that different personnel in different organisations, sectors and countries have different levels of digital expertise, we aim to customise our training strategy to the user’s skills, know-how and needs. Based on the different needs, training include theoretical contents, practical exercises, presentations, gaming and role-plays, case studies for working groups, on-the-job and work-based formats, etc. This encourages the trainees to exercise with co-workers and continuously learn on the job collaboratively.

The courses are focused on:

  • cybersecurity technical skills;
  • cybersecurity methodological and organisational aspects;
  • practical exercises;
  • on-the-job simulations in a cyber-range environment for the different industrial sectors.

CYRUS-cybersecurity-training-structure

Main outcomes

The Cybersecurity Competence Framework facilitates transitions from education to work, matches people’s skills with the labour market trends and demands, informs people about available jobs and career pathways and identifies current and future employability skills.

It includes:

  • a mapping of the changes in key skills, knowledge and competencies needed in the current and future scenarios,
  • a description of workforce profiles based on the trends analysis and future scenarios,
  • different career/study pathways that will show the possible options for advancement and growth.

More information can be found here: https://cyrus-project.eu/cybersecurity-competence-framework/

In the CYRUS project, we design and implement cybersecurity training courses for skills development, upskilling and reskilling. These courses are aligned with the emerging cyber threats and the identified application scenarios in the transport and manufacturing domains.

We develop a set of specific short-term cybersecurity training courses for different roles across organisations in the transport and manufacturing sectors. Thereby, we payed special attention to the needs of SMEs and start-ups.

The training package focus on cybersecurity methodological and organisational aspects, including:

  • human and organisational vulnerability assessment,
  • integrated cybersecurity risk assessment,
  • continuous integrated cybersecurity monitoring in organisations,
  • cybersecurity KPI definition and assessment,
  • incident handling and post-incident communication and management,
  • intangible assets,
  • impact assessment and protection,
  • human factors and UX for cybersecurity and
  • participatory approaches to build a cybersecurity culture.

The training assessment tools illustrate the connection between the learning outcomes and the increasing level of autonomy of the learner. They facilitate transitions from education to work, matching people’s skills with the main labour market trends and demands.

Based on a skill progression model, the portfolio includes tools for ongoing assessment of participant progression and learning during and after the training. These were developed to understand the difference between initial skill level and trainees’ performance at other times and be able to adjust training levels and work-based activities according to the needs of individuals.

Concept & methodology

To deliver a personalised, customised, work-based training framework for enhanced cybersecurity skills, we will adopt a three-step approach.

1) Analyse cybersecurity skills, competencies, training needs and skill gaps

In the first year of the project, we conducted research on cyber threat scenarios and workforce profiles to understand key technological transformations and cyber risks that will affect the transportation and manufacturing sectors. We mapped the required changes in key cybersecurity skills, knowledge and competencies and, on this basis, developed the Cybersecurity Competence Framework.

2) Design and development of short-term training courses

Following the analysis, we reviewed and selected training methodologies for training delivery and iteratively designed the modules for different user groups. The result are tailored and ready-to-use training courses that include theoretical and practical learning, supported by interconnected work activities for workers in the transport and manufacturing sectors. The main training modules are implemented in a cyber-range environment.

3) Validate the short-term training courses

The short-term training courses are iteratively validated, involving SMEs, professional associations and training providers to collect feedback from the stakeholders and support the fine-tuning of the courses. The pilot delivery enhances the effectiveness of the final version of the training, which will be delivered towards the end of the project.

Project partners

With eleven partners from nine EU countries, we cover a broad range of interests and ensure a rounder approach to the problems that different companies in different European countries meet.