A framework for designing and certifying ECSF-aligned cybersecurity training through cyber ranges and virtual learning environments

This paper presents the REWIRE Courses and Certification Framework, a methodological approach for designing, developing, and validating cybersecurity training aligned with the European Cybersecurity Skills Framework (ECSF). The framework combines instructional design principles based on the ADDIE mo...

Descripción completa

Detalles Bibliográficos
Autores: Sánchez, Julia, Briones, Alan, Ricci, Sara, Cegan, Jakub, Chatzopoulou, Argyro, Danidou, Yianna, Menegatos, Andreas, Corral Torruella, Guiomar
Tipo de recurso: artículo
Fecha de publicación:2026
País:España
Institución:Varias* (Consorci de Biblioteques Universitáries de Catalunya, Centre de Serveis Científics i Acadèmics de Catalunya)
Repositorio:Recercat. Dipósit de la Recerca de Catalunya
OAI Identifier:oai:recercat.cat:20.500.14342/5965
Acceso en línea:http://hdl.handle.net/20.500.14342/5965
https://doi.org/10.1007/s10207-025-01202-0
Access Level:acceso abierto
Palabra clave:Cybersecurity education
Cybersecurity training
Cyber range training
European cybersecurity skills framework (ECSF)
Upskilling and reskilling
Certification framework
Instructional design
004
62
Descripción
Sumario:This paper presents the REWIRE Courses and Certification Framework, a methodological approach for designing, developing, and validating cybersecurity training aligned with the European Cybersecurity Skills Framework (ECSF). The framework combines instructional design principles based on the ADDIE model with certification mechanisms structured around ISO/IEC 17024:2012 standards. It provides a replicable model that guides training providers from learning outcome definition to course implementation and evaluation, ensuring full alignment with ECSF occupational profiles. The proposed framework integrates theoretical, practical, and evaluative components that can be delivered through Vocational Open Online Courses (VOOCs) within Virtual Learning Environments (VLEs) and by incorporating Cyber Range exercises. The methodology has been validated through its implementation in the European-funded REWIRE project, which served as a practical testbed for its application and refinement, and was later applied in the NG-SOC project. It supports both upskilling and reskilling pathways and enables transparent mapping between competences, roles, and certification levels. In general, this approach bridges the gap between cybersecurity education and the European labor market, promoting quality assurance, interoperability, and recognition of cybersecurity competences across EU Member States.