Cybersecurity Skills Framework
Roles and Responsibilities
IT roles require cybersecurity knowledge and expertise
The Linux Foundation has developed a global reference framework that identifies 14 cybersecurity-related job families with three tiers of baseline skills required for all proficiency. This framework is a starting point, not a prescription. Organizations should tailor these requirements to fit their unique security posture and industry-specific requirements. The free tool provided below makes this very simple.
Shared skills across all Cybersecurity roles
security best practices
Adhere to security guidelines and frameworks (eg: OWASP, ISO 27001)
compliance & regulations
Knowledge of relevant regulations like GDPR, HIPAA
incident response
Ability to respond to and manage security incidents
security tools & techniques
Proficient in using security tools (eg: SIEM, SAST/DAST tools) and methodologies
risk management
Understand and mitigate risk through risk and threat modeling
Build your own Cybersecurity Skills Framework
Step 1 - Select Job Families:
Review the job family list and select the options that best fit your organization. Each job family description includes example job titles, job descriptions, responsibilities and skills.
Step 2 - Adjust Skills:
Upon selection, proceed to the second step where you are able to drag/drop skills between each of the three skill categories (basic, intermediate and advanced). You are also able to remove skills, add new skills, and show/hide categories entirely.
Step 3 - Confirm + Export:
When you have finished adjusting your list of job families and
corresponding skills, you can proceed to step 3 where you will be
able to change the name of any job families to align with your
internal naming conventions, and select those you wish to export
as a *.csv or *.json file.