CompTIA and ECSF: Setting the Standard for Cybersecurity Roles and Skills

The European Cybersecurity Skills Framework (ECSF) is a tool to support the identification and articulation of tasks, competences, skills and knowledge associated with the roles of European cybersecurity professionals. The ECSF summarises all cybersecurity-related roles into 12 profiles. It provides a common understanding of the relevant roles, competencies, skills and knowledge required, facilitates recognition of cybersecurity skills, and supports the design of cybersecurity-related training programmes.

With CompTIA certifications, cybersecurity professionals can verify their cyber knowledge and skills and also fulfil their skills requirements for global directives such as NIS2, SFIA, UK GSP, NIST NICE, and the DoD 8570/8140.

See how CompTIA certifications map to the ECSF roles - explore the interactive chart below.

Summary Mapping Download.

Chief Information Security Officer (CISO)

The chief information security officer, or CISO, is the executive responsible for an organisation’s data and cybersecurity needs.

Key Skills
  • Define and Assess and enhance an organisation’s cybersecurity posture
  • Analyse and comply with cybersecurity-related laws, regulations and legislations
  • Manage cybersecurity resources
  • Influence an organisation’s cybersecurity culture
  • Review and enhance security documents, reports, SLAs and ensure the security objectives
  • Establish a cybersecurity plan
  • Communicate, coordinate and cooperate with internal and external stakeholders
  • Anticipate required changes to the organisation’s information security strategy and formulate new plans
  • Analyse and implement cybersecurity policies, certifications, standards, methodologies and frameworks
  • Implement cybersecurity recommendations and best practices
  • Develop, champion, and lead the execution of a cybersecurity strategy
  • Design, apply, monitor and review Information Security Management System (ISMS) either directly or by leading its outsourcing
  • Identify and solve cybersecurity-related issues
  • Apply maturity models for cybersecurity management
  • Anticipate cybersecurity threats, needs and upcoming challenges
  • Motivate and encourage people
Recommended Certifications

Cyber Incident Responder

Incident Responder protect the security of an organisation's information systems and data by following defined procedures to analyse and respond to cybersecurity breaches.

Key Skills
  • Practice all technical, functional and operational aspects of cybersecurity incident handling and response
  • Work on operating systems, servers, clouds and relevant infrastructures
  • Collect, analyse and correlate cyber threat information originating from multiple sources
  • Work under pressure
  • Communicate, present and report to relevant stakeholders
  • Manage and analyse log files
Recommended Certifications

Cyber Legal, Policy and Compliance Officer

These individuals evaluate whether an organisation's policies and procedures meet the applicable laws and regulations related to cybersecurity, enhancing its level of protection against cyberattacks.

Key Skills
  • Comprehensive understanding of the business strategy, models and products and ability to factor into legal, regulatory and standards’ requirements
  • Lead the development of appropriate cyber and privacy policies and procedures that complement the business needs and legal requirements; further ensure its acceptance, comprehension and implementation and communicate it between the involved parties
  • Understand legal framework modifications implications to the organisation’s cyber and data protection strategy and policies
  • Carry out working-life practices of the data protection and privacy issues involved in the implementation of the organizational processes, finance and business strategy
  • Explain and communicate data protection and privacy topics to stakeholders and users
  • Understand, practice and adhere to ethical requirements and standards
  • Collaborate with other team members and colleagues
Recommended Certifications

Cyber Threat Intelligence Specialist

Assess and validate information from several sources on current and potential cyber and information security threats to the business, analysing trends and highlighting Information Security issues relevant to the organisation, including security analytics for big data.

Key Skills
  • Collaborate with other team members and colleagues
  • Identify threat actors TTPs and campaigns
  • Automate threat intelligence management procedures
  • Identify non-cyber events with implications on cyber-related activities
  • Collect, analyse and correlate cyber threat information originating from multiple sources
  • Conduct technical analysis and reporting
  • Model threats, actors and TTPs
  • Communicate, coordinate and cooperate with internal and external stakeholders
Recommended Certifications

Cybersecurity Architect

Security architects collaborate with business leaders, engineers, developers and more to protect an organisation from cyber threats.

Key Skills
  • Conduct user and business security requirements analysis
  • Decompose and analyse systems to develop security and privacy requirements and identify effective solutions
  • Propose cybersecurity architectures based on stakeholder’s needs and budget
  • Select appropriate specifications, procedures and controls
  • Coordinate the integration of security solutions
  • Draw cybersecurity architectural and functional specifications
  • Design systems and architectures based on security and privacy by design and by defaults cybersecurity principles
  • Communicate, present and report to relevant stakeholders
  • Guide and communicate with implementers and IT/OT personnel
  • Build resilience against points of failure across the architecture
Recommended Certifications

Cybersecurity Auditor

Security auditors assess the safety and efficacy of computer systems. They help companies assess and improve their security practices.

Key Skills
  • Organise and work in a systematic and deterministic way based on evidence
  • Apply auditing tools and techniques
  • Decompose and analyse systems to identify weaknesses and ineffective controls
  • Collect, evaluate, maintain and protect auditing information
  • Follow and practice auditing frameworks, standards and methodologies
  • Analyse business processes, assess and review software or hardware security, as well as technical and organisational controls
  • Communicate, explain and adapt legal and regulatory requirements and business needs
  • Audit with integrity, being impartial and independent
Recommended Certifications

Cybersecurity Educator

Cyber educators can provide your organisation with valuable cybersecurity training for staff on mitigation, impacts of data loss, and other risk factors to be aware of.

Key Skills
  • Identify needs in cybersecurity awareness, training and education
  • Develop cybersecurity exercises including simulations using cyber range environments
  • Utilise existing cybersecurity-related training resources
  • Communicate, present and report to relevant stakeholders
  • Motivate and encourage people
  • Design, develop and deliver learning programmes to cover cybersecurity needs
  • Provide training towards cybersecurity and data protection professional certifications
  • Develop evaluation programs for the awareness, training and education activities
  • Identify and select appropriate pedagogical approaches for the intended audience
Recommended Certifications

Cybersecurity Implementer

Cyber implementers provide guidance and leadership on cybersecurity policy while collaborating with business leaders, developers, engineers and more to identify the organisation’s business needs and make a plan for implementation.

Key Skills
  • Communicate, present and report to relevant stakeholders
  • Configure solutions according to the organisation’s security policy
  • Identify and solve cybersecurity-related issues
  • Integrate cybersecurity solutions to the organisation’s infrastructure
  • Assess the security and performance of solutions
  • Develop code, scripts and programmes
  • Collaborate with other team members and colleagues
Recommended Certifications

Cybersecurity Researcher

Security researchers study malicious programmes such as malware and the processes they use to exploit systems, and then use that insight to address and eliminate vulnerabilities.

Key Skills
  • Generate new ideas and transfer theory into practice
  • Decompose and analyse systems to develop security and privacy requirements and identify effective solutions
  • Communicate, present and report to relevant stakeholders
  • Decompose and analyse systems to identify weaknesses and ineffective controls
  • Monitor new advancements in cybersecurity-related technologies
  • Identify and solve cybersecurity-related issues
  • Collaborate with other team members and colleagues
Recommended Certifications

Cybersecurity Risk Manager

Cyber risk managers prepare their organisations for evolving vulnerabilities and threats through risk assessment and management techniques.

Key Skills
  • Implement cybersecurity risk management frameworks, methodologies and guidelines and ensure compliance with regulations and standards
  • Build a cybersecurity risk-aware environment
  • Propose and manage risk-sharing options
  • Analyze and consolidate organization's quality and risk management practices
  • Enable business assets owners, executives and other stakeholders to make risk- informed decisions to manage and mitigate risks
  • Communicate, present and report to relevant stakeholder
Recommended Certifications

Digital Forensics Investigator

Digital forensics investigators help retrieve information from computers and other digital storage devices. The retrieved data can then be used in criminal investigations or as evidence in cases of cyber crimes.

Key Skills
  • Work ethically and independently; not influenced and biased by internal or external actors
  • Explain and present digital evidence in a simple, straightforward and easy to understand way
  • Collect information while preserving its integrity
  • Identify, analyze and correlate cybersecurity events
  • Develop and communicate, detailed and reasoned investigation reports
Recommended Certifications

Penetration Tester

A pen tester’s end goal is to help organizations improve their security practices to prevent theft and damage. Pen testers target traditional operating systems and devices as well as emerging technology, including Internet of Things (IoT) devices, mobile devices, embedded systems and more.

Key Skills
  • Develop codes, scripts and programmes
  • Identify and exploit vulnerabilities
  • Identify and solve cybersecurity-related issues
  • Use penetration testing tools effectively
  • Conduct technical analysis and reporting
  • Review codes assess their security
  • Perform social engineering
  • Conduct ethical hacking
  • Think creatively and outside the box
  • Communicate, present and report to relevant stakeholders
  • Decompose and analyze systems to identify weaknesses and ineffective controls
Recommended Certifications

Download the Full Mapping

Fill out the form for access to the detailed mapping that was carried out by identifying key words and phrases (KWoPs) within the ECSF profiles for knowledge and skills.