ENISA's cybersecurity profiles use cases
The effectiveness in protecting a country depends largely on the capabilities of its population, and estimates in this regard are that by 2022, Spain could reach a cybersecurity workforce of around 122,284 workers with an estimated talent gap of 24,119. Identifying, attracting, developing and retaining talent in the various fields of cybersecurity has therefore become a top priority for the administration.
Proof of this commitment, is the 2019 National Cybersecurity Strategy of the Spanish Government aims to boost the cybersecurity industry. This recognises its key role in increasing national competitiveness, and highlights in objective 4, action line 5, the importance of boosting the Spanish cybersecurity industry through the generation and retention of talent for the strengthening of digital autonomy.
For its part, the 2026 Digital Spain Plan in its measure 10 'boosting the business ecosystem of the cybersecurity sector', recognizes the key role played by talent as a driver of the sector, incorporating among the lines of action, the Talent Hacker Program from INCIBE, which aims to attract, train and employ workers in the cybersecurity sector
This initiative is aimed at generating a suitable scenario that favours research, innovation and involves the most relevant agents in the value chain, such as educational institutions and organisations, so that they are aware of the benefits of managing the knowledge, capabilities and technological experiences that respond to the great challenges that the country faces in terms of cybersecurity.
That is why INCIBE's mission incorporates the identification, generation and attraction of talent to the cybersecurity industry, which is a cornerstone of its actions.
In order to provide a clear vision, INCIBE published in March 2022 the results of an analysis and diagnosis of cybersecurity talent at the national level, obtaining a clear map of the situation and establishing the basis for the challenges and recommendations that form the starting point for ensuring a robust and profitable cybersecurity industry that is characterised by putting human talent at the heart of initiatives.
In this context, national policies are being promoted, coordinated by the administration, which focus on strengthening and promoting initiatives to make cybersecurity a strategic priority in organisations.
Thus, a series of recommendations are established for these types of agents to implement in order to increase cybersecurity talent in Spain, and which mark the starting point for resolving the challenges that lie ahead in this regard.
European Cybersecurity Skills Framework
One of these relevant factors in the European Union that impacts the cybersecurity industry and consequently, the talent shortage, the gaps and the overall mismatch between supply and demand is the lack of standardisation of the definition of cybersecurity roles and the skills associated with these roles.
Therefore, providing a basis for communication between the different stakeholders will lay the foundation for a more competent and complete workforce at European level and will address many of the challenges and recommendations identified also at national level.
Initiatives at national level
In the context presented, there are two initiatives at national level that will add value to the ECSF developed by ENISA and incorporate it as a homogeneous framework for the definition of cybersecurity profiles, which will allow Spain to achieve its talent objectives and align with the rest of the countries at European level.