Deliverables

Find all Deliverables produced by CyberSecPro here

Deliverables

Work Package 2

Deliverable 2.1

Cybersecurity Practical Skills Gaps in Europe: Market Demand and Analyses

The CybeSecPro Deliverable D2.1 report investigates the cybersecurity practical skills gaps in Europe and analyses the market demand for these skills. The report acknowledges that a complete list of cybersecurity practical skills can be complex and interpreted differently by EU nations and organisations. For that reason, the report combines them into a list of cybersecurity practical knowledge areas and highly essential practical skills. The deliverable also aims at the market driven and practitioner’s approach, therefore, adopted development methodology combines the practical and applied research, including an integrated research model. This deliverable captures the cybersecurity skill sets needed by the markets, the practical skills offered in the EU academic programmes and the gaps between demand and supply of practical skills. Special attention will be given to the three industrial sectors: health, energy and maritime. The deliverable reflects the outcomes of tasks T2.1 and T2.2.

Deliverable 2.2

Blended CyberSecPro technological training interactive technologies and academic practice

CyberSecPro (D2.1) undertook a market-driven investigation to identify EU cybersecurity industry knowledge and skills. This analysis (D2.2) of CSP partner courses and tools provided significant insights. Out of 81 courses assessed, 52% were undergraduate, 20% graduate, 9% summer school, and 19% professional training. Based on CSP partner offerings and market demand, these courses were divided into in-demand and high-demand knowledge domains. In addition, 64 CSP partner cybersecurity products were evaluated for applicability to different knowledge areas. To determine ENISA role alignment, CSP partner courses were compared to the European Cybersecurity Framework (ECSF). CSP classes covered certain responsibilities effectively, but others poorly. However, several ECSF courses covered numerous knowledge areas, satisfying market demand and frameworks. Recommendations include expanding course variety, promote networking and collaboration between students and cybersecurity professionals. It is also necessary to standardize certifications for courses and tools, and align CyberSecPro program with ECSF to prepare students for ENISA-specified professional careers. Also, the integration of technical and human aspects of cybersecurity with interdisciplinary approaches, ensuring material accessibility, and providing students with easy access to textbooks, research articles, and information-sharing platforms will be needed. Another recommendation for the CyberSecPro program will be a need to update course material and resources often to reflect industry developments and developing technologies, and create a feedback loop with program participants, CSP partners, and industry experts to analyse and implement user software improvement proposals. Meeting these recommendations will make CyberSecPro a diverse and adaptable resource for cybersecurity education for the EU, and meet the everchanging industry standards.

Deliverable 2.3

CyberSecPro Programme Specifications

This deliverable outlines the structure, requirements, and specifications of the CyberSecPro
education and training programme. The main findings of this deliverable are as follows:

By following four selection criteria (namely market demand, relevance to the European
Cybersecurity Skills Framework (ECSF), availability of education and training
resources, as well as importance to the effective protection of European cyber
infrastructure and systems) ten knowledge areas have been identified that will set the
scope of the CyberSecPro education and training programme. By the careful analysis
and selection of these knowledge areas, the general structure of the programme is
established and direction to the CyberSecPro partners in the continuation of the project
provided.
The existing education and training offerings by CyberSecPro partners have been
mapped to the identified knowledge areas, and relevant training modules have been
selected. This ensures that the programme is built upon established resources and
expertise.
The constraints and requirements for the adoption of the CyberSecPro programme have
been analysed, encompassing business, technical, legal, social, and financial barriers.
Solutions to overcome these barriers have been presented, emphasising the need for
strategic planning, effective communication, and persistent efforts. These findings help
anticipate and address potential blockages in the programme’s implementation,
achievement, and validation.
A total of 68 user stories and 461 requirements for the implementation of the dynamic
curriculum management (DCM) system have been developed. These requirements
have been categorised into functional, non-functional, constraint, and supplemental
requirements, with different levels of priority. They will serve as the foundation for the
subsequent stages of development and implementation of the DCM system.
Assessment criteria for the selection of a DCM system have been established, and
available systems on the market have been evaluated accordingly. Moodle has been
identified as the chosen system. An analysis was conducted mapping the previously
identified requirements to Moodle to uncover areas where the system already meets the
requirements and areas where modifications or adaptations need to be made. This
ensures that the chosen system is able to meet the specific needs of the CyberSecPro
education and training programme.

By addressing these key findings, the CyberSecPro education and training programme can be
designed and implemented effectively, providing a comprehensive and relevant training
experience for participants while overcoming any potential challenges

Work Package 3

Deliverable 3.1

CyberSecPro Programme Main Components and Procedures

This deliverable outlines the main components and procedures of the CyberSecPro (CSP) programme. This document presents the CSP programme’s general-purpose or model syllabi with its training modules and the Dynamic Curriculum Management (DCM) system. This deliverable reflects the outcomes of tasks T3.1 and T3.2. It focuses on the CSP training modules, model syllabi, templates, and key elements of the individual training modules specifically tailored to the health, energy, and maritime sectors. The online DCM portfolio encompasses various training modules, including general academic courses, online courses, training, workshops, cyber exercise sessions, sector-specific seminars, hackathons, and interactive cybersecurity labs. The outcomes are a model syllabus for CSP’s main 12 generic training modules.

Deliverable 3.2

CyberSecPro Cybersecurity Certification Schema Proposal

The CyberSecPro cybersecurity certification schema proposal acknowledges the
certification scheme unavailability of professional cybersecurity trainings, as well as the absence of a
European Authority for approving both the trainings and the organisations which perform them. On
these grounds, the manuscript sheds light on the certification landscape regarding relevant organisations
and bodies in international and European level. Then, the standards, the criteria, and the processes
regarding professional certifications are thoroughly discussed and assessed. The manuscript concludes
with a proposal of three schemes which namely are:

Scheme A: Sector-agnostic scheme for a professional cybersecurity programme,
Scheme B: Descriptions of the 12 training modules,
Scheme C: Syllabi of the 12 training modules.

The deliverable reflects the Task 3.3 outcomes.

Deliverable 3.3

CyberSecPro Portfolio of Cybersecurity Curricula Targeted to Health

The CyberSecPro (CSP) portfolio of cybersecurity curricula and detailed syllabi targeted the critical sector of healthcare. The report is a collection of CSP training courses designed to enhance the skills of healthcare professionals in the realm of cybersecurity. The content of the syllabi combines CSP generic and sector specific aspects to provide holistic CSP module training for the critical health sector. The deliverable reflects the outcomes of Task 3.4.

Deliverable 3.4

CyberSecPro Bundle of Cybersecurity Curricula for Energy Sector

The CyberSecPro (CSP) Deliverable D3.4 corresponds to the outcomes of T3.5 regarding the “Energy Specific Curricula” with deadline for Month 18. The proposal of this deliverable is to provide a comprehensive cybersecurity programme portfolio targeted to the energy sector and focused on intensifying knowledge and practical skills in line with the current security challenges facing the sector.
Likewise, this deliverable also exposes the methodological process carried out in T3.5. It deals with aligning the syllabi of the 12 CPS generic training modules defined in D3.1 to the particularities of the energy scenarios, adapting and parametrising relevant inputs contemplated in the D3.1 templates to specific use cases and applications. The resulting parametrisation is widely outlined throughout this document, where the Cyber Security Body of Knowledge (CyBoK) framework has continued to be a
reference for the process of integration and adaptation of topics, facilitating the completeness of content.
Additionally, this process is also attributed to the intensive collaboration of the CSP partners who have demonstrated expertise and competencies in the fields of cybersecurity, energy and education. All of this experience, combined with a methodology for aligning with previous works, have certainly helped
to establish the 12 CPS sector-specific training modules in the form of courses, seminars, practical exercises, workshops, summer schools, etc. with the final proposal to showcase its value proposition for the operational phase.

Deliverable 3.5

CyberSecPro Portfolio of Cybersecurity Curricula Targeted to Maritime

Maritime stakeholders are relying on specific systems, namely VMS (vessel monitoring systems), AIS (Automatic Identification Systems) and GNSS (Global Navigations by Satellite Systems) to ensure their movements at sea. They use specific professional tools as port control (PCS) and cargo controls (CCS) systems to monitor their activity and are largely integrated in the overall supply chains with highly interconnected systems that are as many potential sources as possible for threats. The education of maritime stakeholders is broad in addition to the specialists that are operating directly the incident event management and incident response, mostly in close coordination with national administrations (customs, border security forces and port authorities). From the crew of a ship to the CIS information security officer of a company or a harbour, a broad area of training is needed adapted to their needs and skills. Crews of ships must be trained on their specific systems to maintain an ad-hoc security level of their navigation. Shipping companies must ensure that their systems are operating, avoiding major shutdowns as the ones observed on MAERSK in 2017 and CMA CGMin 2021 (the attacks on these companies impacted them with losses estimated at more than 100M€ for each). At least, the security of ships and their navigations systems are crucial to the security of crews that are navigating on them. The following modules described hereafter are proposing seminars, courses and workshop aiming at developing a cybersecurity culture to maritime stakeholders, developing skills to avoid incidents and attacks and reducing risks for the sector. The deliverable reflects the Task 3.6 outcomes.

Work Package 4

Deliverable 4.1

CyberSecPro Training Operational Plan

The CyberSecPro Deliverable D4.1 deliverable reflects the outcomes of tasks T4.1 and T4.2 till Month 11. Therefore it outlines the operational scalable offering for the CyberSecPro training modules, which cover the ten prioritized CyberSecPro knowledge areas. Consequently, this deliverable lists all the training modules that each partner intends to develop and offer. These are then grouped into a list of 12 CyberSecPro modules, with various synergies proposed to assist in crafting their syllabi and facilitating their operation. Evaluation forms for trainers and trainees are provided, as well as a methodology for planning and implementing Massive Open Online Courses (MOOCs). Moreover, the deliverable aims at providing mobilization mechanisms in order to attract and engage internal and external trainees and trainers.

Deliverable 4.2

Reports and Training Material on the Cybersecurity Principles and Management Training Modules

This deliverable presents the outcomes of T4.3 up to the conclusion of CyberSecPro in Month 39 (February 2026). Hence, it comprehensively records all CSP modules corresponding to the capability category Cybersecurity Principle and Management implemented by the end of February 2026. The document presents quantitative information on hosting site, learners enrolled, background of learners, evaluation forms of learners, evaluation forms of trainers, income, scholarship/sponsorships, training levels, delivery formats, and sectoral coverage across energy, health, maritime, and general cybersecurity domains. The deliverable includes descriptive analysis of training deployment, illustrating implementation patterns and participation across different module categories and sectors. Moreover, it describes the context of the documentation task and the documentation methodology including the definition of a record comprising the relevant information per module.

Deliverable 4.3

Reports and Training Material on the Cybersecurity Tools Modules

This deliverable presents the outcomes of Task T4.4 up to the conclusion of CyberSecPro in Month 39 (February 2026). Accordingly, it comprehensively records all CSP modules corresponding to the capability category “Cybersecurity Tools and Technologies” implemented by the end of February 2026. The document provides quantitative information on the hosting site, learner enrolments, learner background, trainee evaluation forms, trainer evaluation forms, income, scholarships/sponsorships, training levels, delivery formats, and sectoral coverage across energy, health, maritime, and general cybersecurity domains. The deliverable includes descriptive analysis of training deployment, illustrating implementation patterns and participation across different module categories and sectors. Finally, it describes the context of the documentation task and the documentation methodology, including the definition of a record comprising the relevant information per module.

Connected! You can switch to your editor

Deliverable 4.4

Reports and Training Material on the Emerging Technologies Modules

This deliverable reports on the implementation of training modules on emerging technologies developed within the CyberSecPro (CSP) project under Task T4.5 about “Operating the training modules on emerging technologies”. It provides a consolidated overview of CSP modules implementation addressing cybersecurity in emerging digital technologies, critical infrastructure security, and software security. The document provides quantitative data on hosting sites, learner enrolment, backgrounds, learners and trainer evaluations, income, scholarships, training levels, delivery methods, and sector coverage in energy, health, maritime, and cybersecurity fields. It offers a comprehensive overview of training program metrics and sectoral focus areas. The deliverable includes an initial descriptive analysis of training deployment, illustrating implementation patterns and participation across different module categories and sectors. Overall, the document serves as evidence of the effective deployment and reach of the CyberSecPro training programme on emerging technologies and supports the assessment of progress toward the project’s capacity-building and skills development objectives.

Deliverable 4.5

Reports and Training Material on Cybersecurity Offensive Practices Modules

This deliverable presents the outcomes of T4.6 up to the conclusion of CyberSecPro in Month 39 (February 2026). Hence, it comprehensively records all CSP modules corresponding to the capability category Cybersecurity Offensive Practices implemented by the end of February 2026. The document presents quantitative information on hosting site, learners enrolled, background of learners, evaluation forms of learners, evaluation forms of trainers, income, scholarship/sponsorships, training levels, delivery formats, and sectoral coverage across energy, health, maritime, and general cybersecurity domains. The deliverable includes an initial descriptive analysis of training deployment, illustrating implementation patterns and participation across different module categories and sectors. Moreover, it describes the context of the documentation task and the documentation methodology including the definition of a record comprising the relevant information per module.

Work Package 5

Deliverable 5.1

Evaluation Methodology

CyberSecPro (D5.1) details the evaluation methodology developed to assess satisfaction levels among trainers and trainees, as well as to evaluate MOOCs and training materials through peer-review processes. Unlike earlier surveys within the project, this approach is purpose-driven and tailored to capture experiential feedback rather than technical competencies. The report outlines the tools and strategies used for collecting and analysing both quantitative and qualitative data, emphasising user satisfaction, content relevance, and perceived effectiveness. By distinguishing its objectives from previous assessments, D5.1 establishes a nuanced framework that supports continuous improvement through stakeholder-driven insights. Recommendations also guide future analysis and data use to ensure CyberSecPro’s training activities remain engaging, relevant, and aligned with participant expectations across the EU cybersecurity education landscape.

Deliverable 5.2

Evaluation and Best Practices

This deliverable reports the results of the evaluation of CyberSecPro’s training modules and the identification of best practices that support effective cybersecurity education across Europe. Building on the evaluation framework established in D5.1, this deliverable assesses learner satisfaction, training effectiveness, practical relevance, and alignment with workforce needs, and synthesises the practices that have proven most successful across consortium training activities.

Deliverable 5.3

CyberSecPro Certification Schema

The CyberSecPro project identified the lack of a unified European certification framework for professional cybersecurity training, resulting in fragmented, non-interoperable programmes with limited mutual recognition. This issue is particularly acute in sector-specific contexts, where rapid digitalisation contrasts with low cybersecurity maturity and inconsistent skill development, restricting cross-sector mobility. The project proposes a structured certification schema comprising modular training aligned with defined competencies and subject to higher-level recognition, such as by the ECCC. The sector-specific professional training scheme integrates theoretical and practical learning, maps micro-credentials to ECTS credits, aligns with ECSF profiles and competences, and offers trainees up to 60 ECTS credits.

Work Package 6

Deliverable 6.1

Dissemination, Communication Plan and Exploitation

This document reports the dissemination, communication and exploitation plan for the CyberSecPro project. The approach is incremental and dynamic and considers the growth of material and experience that the project partners will elaborate. This document also presents the dissemination and communication objectives and approach and lists planned publications and events. It describes the target audience and communication channels we plan to adopt as project. Similarly, the exploitation and innovation approach presented in this document cover business scenarios and models, exploitation approach, knowledge and intellectual property management and protection, and sustainability. Individual dissemination, communication, and exploitation activities from each partner focus on specificities of each partner and how they can contribute to increase the impact of the overall results.

Deliverable 6.2

Report on Dissemination and Communication Activities

This deliverable (D6.2) reports on the dissemination and communication activities implemented within the CyberSecPro project up to Month 38 (M38). It presents the key communication assets (visual identity, templates and marketing materials, and the admin platform), the channels and formats used to reach target audiences, and performance against the Grant Agreement KPIs.

Deliverable 6.3

Overall Exploitation, Sustainability and Business Plans

This deliverable defines the exploitation, sustainability, and business framework for the CyberSecPro project beyond its funded duration under the DIGITAL-2021-SKILLS-01 programme. It consolidates the project’s four Key Exploitable Results (KERs), sector-specific cybersecurity training modules, structured MOOC pathways, the Moodle-based Dynamic Curriculum Management (DCM) platform and a certification-oriented skills validation approach aligned with the European Cybersecurity Skills Framework (ECSF). The document presents a structured exploitation model based on three progressive deployment scenarios. The deliverable integrates market positioning, competitive analysis, business modelling logic, and indicative financial envelopes to define the operational conditions required for sustainable post-project continuation. The financial analysis focuses on minimum operational sustainability thresholds rather than speculative growth projections. Long-term sustainability is framed around institutional adoption, governance clarity, structured content maintenance, and defined operational responsibilities. The document provides a decision-support framework enabling the consortium to determine the most appropriate continuation model after project closure.

Deliverable 6.4

Grouped Exploitation Plans

This deliverable presents the group exploitation plans of the CyberSecPro project, documenting how the consortium translates its key exploitable results (KERs) into coordinated, multi- partner pathways for post-project continuation and impact. Building on a structured methodology from KERs to exploitation pathways to action-oriented plans, the report consolidates group-level exploitation options across education, open access/public impact, industry and professional training, community building, and commercialisation. It then develops detailed group exploitation plans for three priority pathways: (1) development of (joint) master programmes, (2) public availability of training materials as OER, and (3) research & development follow-on activities.

Deliverable 6.5

Individual Exploitation Plans

This deliverable consolidates the individual exploitation plans of CyberSecPro partners, documenting how organisations are integrating and sustaining key exploitable result 1 (KER1; the modular training portfolio) beyond the funding period. It presents a comparable, partner-by-partner view of baseline educational offers and the concrete pathways through which CyberSecPro outputs are being embedded into university curricula and company training catalogues to generate long-term value for learners and labour-market stakeholders.

Collaboration

CyberSecPro and Curium Comparative Analysis

of the Cybersecurity Incident Responder Role Across Frameworks

Cybersecurity Incident Responders play a critical role in defending organizations by handling and mitigating cyber incidents. Multiple national and international skills frameworks define this role, each outlining the Incident Responder’s mission, key tasks, required skills/abilities, and knowledge. In this analysis, we compare how the Incident Responder role is characterized across eight frameworks.