loader image
Top 10 Abilities Logo




a more manageable subset of core abilities for each key profession in the Cyber Security Domain



Cybersecurity Plan
The cybersecurity skills shortage (CSSS) refers to the lack of qualified cybersecurity professionals in the labour market and represents an issue for both economic development and national security, especially in the rapid digitisation of the global economy. CSSS poses threats with a high impact on the data, information technology systems and networks that form the dorsal spine of modern societies.

This shortage can be further analysed into two concurrent issues: a quantitative one and a qualitative one. The CSSS quantitative issue is related to the insufficient supply of cybersecurity professionals to meet the requirements of the job market and the CSSS qualitative one is related to the inadequacy of professional skills to meet the market’s needs.

The cybersecurity education system suffers of the inability to date to attract more students to study cybersecurity and to produce graduates with the right cybersecurity knowledge and skills. No doubt, many of the current issues in cybersecurity education could be ameliorated by redesigning educational and training pathways that define knowledge and skills that students should possess upon graduation and after entering the labour market.

Top 10 Abilities Project aims to offer expert contributions towards such ingenuity

The design of comprehensive cybersecurity beyond policies targeting only the education and training system, needs to factor in and involve employers in developing a cybersecurity workforce that is both employable and sustainable. Some ingenuity is required to create and catalyse a virtuous cycle that guarantees a good match between the supply of workers and the requirements of jobs, taking into account the primary role that employers should have in sustaining the cybersecurity workforce.

Top 10 Abilities Project aims to offer expert contributions towards such ingenuity

Top 10 Abilities


Top 10 Abilities (Top10A) aims to provide a quick win and immediate answers to employers who try to understand if a specific person can do a specific job.

Rather than focusing on the required competencies required for such a job, the emphasis is put on observable abilities which can be assessed through realistic scenarios, which simulate typical job-specific tasks.


  • Define a list of top 10 abilities for different security job roles
  • Define a list of recommended realistic scenarios, which can be used to assess those abilities.
Top 10 Abilities Skills Development

How do we ensure that existing pathways to a career in cyber security are easily accessible for all?

Top 10 Abilities does not aim to replace or undermine the approach of using competency frameworks, some of which also include the concept of abilities as observable skills in the context of a job role. Top 10 Abilities does however introduce a more manageable subset of core abilities for each job role to agree upon on the basis of community and expert feedback, overarching the different competency frameworks initiatives around the world. While competency frameworks continue to provide the granular and fine-grained assessment of specific competencies, Top 10 Abilities shall focus on the top 10 measurable abilities that will give employers a reasonable assurance of the suitability of a person for a specific job role.


  • Engagement with ECSO members and the wider community of security professionals, employers, HR professionals etc. to identify top 10 abilities for each job role. This activity shall be executed through outreach communications, workshops, questionnaires and interviews, case studies, pilots etc
  • Engagement with ECSO members including cyber range vendors, training providers for the definition of real-life scenarios, which can be used to assess the top 10 abilities
  • It is anticipated that Top 10 Abilities will also be able to provide interested Universities with a shared baseline to define and promote a core vocationally-oriented “Cyber Security Education in Europe” curriculum, which ECOS WG5 can work with.


Kindly fill this form in with your details and we shall keep you informed on this project. We may contact you then for your views and inputs to the project development. Your data will be shared among the supporting project member-organisations for the purposes of this project and used for project communications, and research interaction, events.
Once submitted, please check your Inbox (and Spam folder) for our e-mail acknowledgement and confirmation of your registration. Please ensure that all information provided above is valid as it will be used to send you further information and instructions on how to enter the dedicated area on our CYBER RANGES platform.