A framework for designing and certifying ECSF-aligned cybersecurity training through cyber ranges and virtual learning environments

This paper presents the REWIRE Courses and Certification Framework, a methodological approach for designing, developing, and validating cybersecurity training aligned with the European Cybersecurity Skills Framework (ECSF). The framework combines instructional design principles based on the ADDIE mo...

ver descrição completa

Detalhes bibliográficos
Autores: Sánchez, Julia, Briones, Alan, Ricci, Sara, Cegan, Jakub, Chatzopoulou, Argyro, Danidou, Yianna, Menegatos, Andreas, Corral Torruella, Guiomar
Formato: artículo
Fecha de publicación:2025
País:España
Recursos:Universitat Ramon Llull (URL)
Repositorio:DAU Arxiu Digital de la Universitat Ramon Llull
OAI Identifier:oai:dau.url.edu:20.500.14342/5965
Acesso em linha:http://hdl.handle.net/20.500.14342/5965
https://doi.org/10.1007/s10207-025-01202-0
Access Level:acceso abierto
Palavra-chave:Cybersecurity education
Cybersecurity training
Cyber range training
European cybersecurity skills framework (ECSF)
Upskilling and reskilling
Certification framework
Instructional design
004
62
Descrição
Resumo:This paper presents the REWIRE Courses and Certification Framework, a methodological approach for designing, developing, and validating cybersecurity training aligned with the European Cybersecurity Skills Framework (ECSF). The framework combines instructional design principles based on the ADDIE model with certification mechanisms structured around ISO/IEC 17024:2012 standards. It provides a replicable model that guides training providers from learning outcome definition to course implementation and evaluation, ensuring full alignment with ECSF occupational profiles. The proposed framework integrates theoretical, practical, and evaluative components that can be delivered through Vocational Open Online Courses (VOOCs) within Virtual Learning Environments (VLEs) and by incorporating Cyber Range exercises. The methodology has been validated through its implementation in the European-funded REWIRE project, which served as a practical testbed for its application and refinement, and was later applied in the NG-SOC project. It supports both upskilling and reskilling pathways and enables transparent mapping between competences, roles, and certification levels. In general, this approach bridges the gap between cybersecurity education and the European labor market, promoting quality assurance, interoperability, and recognition of cybersecurity competences across EU Member States.