Case Study
USING THE ECSF FOR YOUR CAREER PATH
21 July 2022The European Cybersecurity Skills Framework (ECSF) can be used to see what challenges and tasks match to which cybersecurity roles; the ECSF can also help individuals identify which competencies are needed to move from one role to another. Follow the story of a new cybersecurity professional's career path in this case study as she works from being a cyber incident responder towards her goal of becoming a Chief Information Security Officer (CISO).
DOWNLOAD NOW
ISACA has studied the European Cybersecurity Skills Framework and has mapped it to ISACA credentials for assisting cybersecurity career paths in Europe. The credentials referenced below can be combined with ISACA® Certified in Emerging Technology™ (CET) Certification to provide vertical expertise in any of the professional titles on AI, Blockchain, Cloud and IoT.
| ECSF Profile | ISACA Cert | Notes |
|---|---|---|
| Chief Information Security Officer (CISO) | Certified Information Security Manager (CISM) |
CISM indicates expertise in information security governance, program development and management, incident management and risk management. |
| Cyber Incident Responder | CSX Cybersecurity Practitioner (CSX-P) |
CSX-P is the only comprehensive performance certification that tests and affirms an individual’s ability to perform globally validated cybersecurity skills spanning five key security functions. |
| Cyber Legal, Policy & Compliance Officer | Certified Data Privacy Solutions Engineer (CDPSE). |
CDPSE focuses on validating the technical skills and knowledge it takes to assess, build, and implement a comprehensive privacy solution. |
| and/or | ||
Certified Information Security Manager (CISM) |
CISM indicates expertise in information security governance, program development and management, incident management and risk management. | |
| Cyber Threat Intelligence Specialist | CSX Cybersecurity Practitioner (CSX-P) |
CSX-P is the only comprehensive performance certification that tests and affirms an individual’s ability to perform globally validated cybersecurity skills spanning five key security functions. |
| and/or | ||
Certified in Information System Risk and Control (CRISC) |
CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize, and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders. | |
| and/or | ||
IT Risk Fundamentals Certificate |
IT Risk Fundamentals Certificate and related training is ideal for professionals who wish to learn about risk and information and technology (I&T)-related risk, who currently interact with risk professionals, or are new to risk and interested in working as a risk or IT Risk professional. | |
| Cybersecurity Architect | Information Technology Certified Associate (ITCA) |
If you are a student or new to the profession, build your IT working knowledge and skills with the ITCA certificate and become a cybersecurity architect. |
| and/or | ||
Cybersecurity Fundamentals Certificate |
Cybersecurity Fundamentals include threat landscape, securing assets, information security fundamentals, and security operations and response. | |
| and | ||
Certified Data Privacy Solutions Engineer (CDPSE). |
CDPSE focuses on validating the technical skills and knowledge it takes to assess, build, and implement a comprehensive privacy solution. | |
| Cybersecurity Auditor | Certified Information Systems Auditor (CISA) |
CISA is world-renowned as the standard of achievement for those who audit, control, monitor and assess an organization’s information technology and business systems. |
| and/or | ||
| Cybersecurity Audit Certificate | ISACA’s Cybersecurity Audit Certificate Program provides audit/assurance professionals with the knowledge needed to excel in cybersecurity audits, and IT risk professionals with an understanding of cyber-related risk and mitigating controls. | |
| and/or and for more specialization on the Cloud | ||
Certificate in Cloud Auditing Knowledge (CCAK) |
CCAK prepares IT professionals to address the unique challenges of auditing the cloud, ensuring the right controls for confidentiality, integrity and accessibility and mitigating risks and costs of audit management and non-compliance. | |
| Cybersecurity Educator | Cybersecurity Fundamentals Certificate |
Cybersecurity Fundamentals include threat landscape, securing assets, information security fundamentals, and security operations and response. |
| and/or (for more in-depth expertise) | ||
Certified Information Security Manager (CISM) |
CISM indicates expertise in information security governance, program development and management, incident management and risk management. | |
| Cybersecurity Implementor | Cybersecurity Fundamentals Certificate |
Cybersecurity Fundamentals include threat landscape, securing assets, information security fundamentals, and security operations and response. |
| and/or | ||
Certified Information Security Manager (CISM) |
CISM indicates expertise in information security governance, program development and management, incident management and risk management. | |
| Cybersecurity Researcher | CSX Cybersecurity Practitioner (CSX-P) |
CSX-P is the only comprehensive performance certification that tests and affirms an individual’s ability to perform globally validated cybersecurity skills spanning five key security functions. |
| and/or | ||
|
Certified Information Security Manager (CISM) |
CISM indicates expertise in information security governance, program development and management, incident management and risk management. | |
| Cybersecurity Risk Manager | Certified in Information System Risk and Control (CRISC) |
CRISC validates your experience in building a well-defined, agile risk-management program, based on best practices to identify, analyze, evaluate, assess, prioritize and respond to risks. This enhances benefits realization and delivers optimal value to stakeholders. |
| Digital Forensics Investigator | CSX Cybersecurity Practitioner (CSX-P) |
CSX-P is the only comprehensive performance certification that tests and affirms an individual’s ability to perform globally validated cybersecurity skills spanning five key security functions. |
| Penetration Tester | CSX Cybersecurity Practitioner (CSX-P) |
CSX-P is the only comprehensive performance certification that tests and affirms an individual’s ability to perform globally validated cybersecurity skills spanning five key security functions. |
Infographic
Which Certification is Right for You?
12 July 2023
So many different ISACA® certifications! All good choices, but which one makes most sense for you? What should you pursue right now, for where you are in your career and where you want to go? To help you understand your options, we’ve put together the key facts and figures in one place. Now, you can digest all of ISACA’s career-boosting certifications and decide which one—or ones—are best for your advancement, goals and interests.
Download NowSpecial thanks to Dr. Vladlena Benson, CDPSE, Professor of Cybersecurity Management and Director at Cyber Security Innovation Centre for her work with ENISA and in developing this resource.