About

What does CYRUS stand for?

CYRUS: A personalised, customised, work-based training framework for enhanced CYbeRsecurity skills across indUstrial Sectors

CYRUS aims to design and implement cybersecurity training courses to improve the cybersecurity skills of all-level employees and give them the means to identify and mitigate cyber threats.

Since we are aware that different personnel in different organisations, sectors and countries have different levels of digital expertise, our training strategy will be highly customised to the user’s skills, know-how and needs. Based on the different needs, training will include theoretical contents, practical exercises, presentations, gaming and role-plays, case studies for working groups, on-the-job and work-based formats, etc. This will encourage the trainees to exercise with co-workers and continuously learn on the job collaboratively.

The courses will be focused on:

  • cybersecurity technical skills;
  • cybersecurity methodological and organisational aspects;
  • practical exercises;
  • on-the-job simulations in a cyber-range environment for the different industrial sectors.

CYRUS-cybersecurity-training-structure

Main outcomes

The Cybersecurity Competence Framework will facilitate transitions from education to work, match people’s skills with the labour market trends and demands, inform people about available jobs and career pathways and identify current and future employability skills.

It will include:

  • a mapping of the changes in key skills, knowledge and competencies needed in the current and future scenarios,
  • a description of workforce profiles based on the trends analysis and future scenarios,
  • different career/study pathways that will show the possible options for advancement and growth.

In the CYRUS project, we will design and implement cybersecurity training courses for skills development, upskilling and reskilling. These courses will be aligned with the emerging cyber threats and the identified application scenarios in the transport and manufacturing domains.

We will develop a set of specific short-term cybersecurity training courses for different roles across organisations in the transport and manufacturing sectors. We will pay special attention to the needs of SMEs and start-ups.

The training package will be focused on cybersecurity methodological and organisational aspects, including:

  • human and organisational vulnerability assessment,
  • integrated cybersecurity risk assessment,
  • continuous integrated cybersecurity monitoring in organisations,
  • cybersecurity KPI definition and assessment,
  • incident handling and post-incident communication and management,
  • intangible assets,
  • impact assessment and protection,
  • human factors and UX for cybersecurity and
  • participatory approaches to build a cybersecurity culture.

The training assessment tools will illustrate the connection between the learning outcomes and the increasing level of autonomy of the learner. They will facilitate transitions from education to work, matching people’s skills with the main labour market trends and demands.

Based on a skill progression model, the portfolio will include tools for ongoing assessment of participant progression and learning during and after the training. These will be developed to understand the difference between initial skill level and trainees’ performance at other times and be able to adjust training levels and work-based activities according to the needs of individuals.

Concept & Methodology

To deliver a personalised, customised, work-based training framework for enhanced cybersecurity skills, we will adopt a three-step approach.

1) Analyse cybersecurity skills, competencies, training needs and skill gaps

We will research cyber threat scenarios and workforce profiles to understand key technological transformations and cyber risks that will affect the transportation and manufacturing sectors. We will map the required changes in key cybersecurity skills, knowledge and competencies and, on this basis, develop the Cybersecurity Competence Framework.

2) Design and development of short-term training courses

We will review and select training methodologies for training delivery and iteratively design the modules for different user groups. The result will be tailored and ready-to-use training courses that include theoretical and practical learning, supported by interconnected work activities for workers in the transport and manufacturing sectors. The main training modules will be implemented in a cyber-range environment.

3) Validate the short-term training courses

The short-term training courses will be iteratively validated, involving SMEs, professional associations and training providers to collect feedback from the stakeholders and support the fine-tuning of the courses. The pilot delivery will enhance the effectiveness of the final version of the training, which will be delivered towards the end of the project.

CYRUS-concept-and-methodology

Consortium

With eleven partners from nine EU countries, we cover a broad range of interests and ensure a rounder approach to the problems that different companies in different European countries meet.