CompTIA and ECSF: Setting the Standard for Cybersecurity Roles and Skills

The European Cybersecurity Skills Framework (ECSF) is a tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. The ECSF summarises all cybersecurity-related roles into 12 profiles. It provides a common understanding of the relevant roles, competencies, skills and knowledge required, facilitates recognition of cybersecurity skills, and supports the design of cybersecurity-related training programmes.

With CompTIA certifications, cybersecurity professionals can verify their cyber knowledge and skills and also fulfil their skills requirements for global directives such as NIS2, SFIA, UK GSP, NIST NICE, and the DoD 8570/8140.

See how CompTIA certifications map to the ECSF roles - explore the interactive chart below.

Summary Mapping Download.

Chief Information Security Officer (CISO)

The chief information security officer, or CISO, is the executive responsible for an organisation’s data and cybersecurity needs.

Key Skills

Define and Assess and enhance an organisation’s cybersecurity posture
Analyse and comply with cybersecurity-related laws, regulations and legislations
Manage cybersecurity resources
Influence an organisation’s cybersecurity culture
Review and enhance security documents, reports, SLAs and ensure the security objectives
Establish a cybersecurity plan
Communicate, coordinate and cooperate with internal and external stakeholders
Anticipate required changes to the organisation’s information security strategy and formulate new plans

Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks
Implement cybersecurity recommendations and best practices
Develop, champion, and lead the execution of a cybersecurity strategy
Design, apply, monitor and review Information Security Management System (ISMS) either directly or by leading its outsourcing
Identify and solve cybersecurity-related issues
Apply maturity models for cybersecurity management
Anticipate cybersecurity threats, needs and upcoming challenges
Motivate and encourage people

Recommended Certifications

Cyber Incident Responder

Incident Responder protect the security of an organisation's information systems and data by following defined procedures to analyse and respond to cybersecurity breaches.

Key Skills

Practice all technical, functional and operational aspects of cybersecurity incident handling and response
Work on operating systems, servers, clouds and relevant infrastructures

Collect, analyse and correlate cyber threat information originating from multiple sources
Work under pressure
Communicate, present and report to relevant stakeholders
Manage and analyse log files

Recommended Certifications

Cyber Legal, Policy and Compliance Officer

These individuals evaluate whether an organisation's policies and procedures meet the applicable laws and regulations related to cybersecurity, enhancing its level of protection against cyberattacks.

Key Skills

Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements
Lead the development of appropriate cyber and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties
Understand legal framework modifications implications to the organisation’s cyber and data protection strategy and policies

Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organizational processes, finance and business strategy
Explain and communicate data protection and privacy topics to stakeholders and users
Understand, practice and adhere to ethical requirements and standards
Collaborate with other team members and colleagues

Recommended Certifications

Cyber Threat Intelligence Specialist

Assess and validate information from several sources on current and potential cyber and information security threats to the business, analysing trends and highlighting Information Security issues relevant to the organisation, including security analytics for big data.

Key Skills

Collaborate with other team members and colleagues
Identify threat actors TTPs and campaigns
Automate threat intelligence management procedures
Identify non-cyber events with implications on cyber-related activities

Collect, analyse and correlate cyber threat information originating from multiple sources
Conduct technical analysis and reporting
Model threats, actors and TTPs
Communicate, coordinate and cooperate with internal and external stakeholders

Recommended Certifications

Cybersecurity Architect

Security architects collaborate with business leaders, engineers, developers and more to protect an organisation from cyber threats.

Key Skills

Conduct user and business security requirements analysis
Decompose and analyse systems to develop security and privacy requirements and identify effective solutions
Propose cybersecurity architectures based on stakeholder’s needs and budget
Select appropriate specifications, procedures and controls
Coordinate the integration of security solutions

Draw cybersecurity architectural and functional specifications
Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles
Communicate, present and report to relevant stakeholders
Guide and communicate with implementers and IT/OT personnel
Build resilience against points of failure across the architecture

Recommended Certifications

Cybersecurity Auditor

Security auditors assess the safety and efficacy of computer systems. They help companies assess and improve their security practices.

Key Skills

Organise and work in a systematic and deterministic way based on evidence
Apply auditing tools and techniques
Decompose and analyse systems to identify weaknesses and ineffective controls
Collect, evaluate, maintain and protect auditing information

Follow and practice auditing frameworks, standards and methodologies
Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls
Communicate, explain and adapt legal and regulatory requirements and business needs
Audit with integrity, being impartial and independent

Recommended Certifications

Cybersecurity Educator

Cyber educators can provide your organisation with valuable cybersecurity training for staff on mitigation, impacts of data loss, and other risk factors to be aware of.

Key Skills

Identify needs in cybersecurity awareness, training and education
Develop cybersecurity exercises including simulations using cyber range environments
Utilise existing cybersecurity-related training resources
Communicate, present and report to relevant stakeholders
Motivate and encourage people

Design, develop and deliver learning programmes to cover cybersecurity needs
Provide training towards cybersecurity and data protection professional certifications
Develop evaluation programs for the awareness, training and education activities
Identify and select appropriate pedagogical approaches for the intended audience

Recommended Certifications

Cybersecurity Implementer

Cyber implementers provide guidance and leadership on cybersecurity policy while collaborating with business leaders, developers, engineers and more to identify the organisation’s business needs and make a plan for implementation.

Key Skills

Communicate, present and report to relevant stakeholders
Configure solutions according to the organisation’s security policy
Identify and solve cybersecurity-related issues

Integrate cybersecurity solutions to the organisation’s infrastructure
Assess the security and performance of solutions
Develop code, scripts and programmes
Collaborate with other team members and colleagues

Recommended Certifications

Cybersecurity Researcher

Security researchers study malicious programmes such as malware and the processes they use to exploit systems, and then use that insight to address and eliminate vulnerabilities.

Key Skills

Generate new ideas and transfer theory into practice
Decompose and analyse systems to develop security and privacy requirements and identify effective solutions
Communicate, present and report to relevant stakeholders

Decompose and analyse systems to identify weaknesses and ineffective controls
Monitor new advancements in cybersecurity-related technologies
Identify and solve cybersecurity-related issues
Collaborate with other team members and colleagues

Recommended Certifications

Cybersecurity Risk Manager

Cyber risk managers prepare their organisations for evolving vulnerabilities and threats through risk assessment and management techniques.

Key Skills

Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards
Build a cybersecurity risk-aware environment
Propose and manage risk-sharing options

Analyze and consolidate organization's quality and risk management practices
Enable business assets owners, executives and other stakeholders to make risk- informed decisions to manage and mitigate risks
Communicate, present and report to relevant stakeholder

Recommended Certifications

Digital Forensics Investigator

Digital forensics investigators help retrieve information from computers and other digital storage devices. The retrieved data can then be used in criminal investigations or as evidence in cases of cyber crimes.

Key Skills

Work ethically and independently; not influenced and biased by internal or external actors
Explain and present digital evidence in a simple, straightforward and easy to understand way

Collect information while preserving its integrity
Identify, analyze and correlate cybersecurity events
Develop and communicate, detailed and reasoned investigation reports

Recommended Certifications

Penetration Tester

A pen tester’s end goal is to help organizations improve their security practices to prevent theft and damage. Pen testers target traditional operating systems and devices as well as emerging technology, including Internet of Things (IoT) devices, mobile devices, embedded systems and more.

Key Skills

Develop codes, scripts and programmes
Identify and exploit vulnerabilities
Identify and solve cybersecurity-related issues
Use penetration testing tools effectively
Conduct technical analysis and reporting
Review codes assess their security

Perform social engineering
Conduct ethical hacking
Think creatively and outside the box
Communicate, present and report to relevant stakeholders
Decompose and analyze systems to identify weaknesses and ineffective controls

Recommended Certifications

Download the Full Mapping

Fill out the form for access to the detailed mapping that was carried out by identifying key words and phrases (KWoPs) within the ECSF profiles for knowledge and skills.

I agree to the CompTIA Terms of Use & Privacy Policy

Copyright © CompTIA, Inc. All Rights Reserved
Sitemap
Legal