Cybersecurity Skills Framework

Roles and Responsibilities

openSSF partnered with Linux Foundation Education

IT roles require cybersecurity knowledge and expertise

The Linux Foundation has developed a global reference framework that identifies 14 cybersecurity-related job families with three tiers of baseline skills required for all proficiency. This framework is a starting point, not a prescription. Organizations should tailor these requirements to fit their unique security posture and industry-specific requirements. The free tool provided below makes this very simple.

Shared skills across all Cybersecurity roles

security best practices

Adhere to security guidelines and frameworks (eg: OWASP, ISO 27001)

compliance & regulations

Knowledge of relevant regulations like GDPR, HIPAA

incident response

Ability to respond to and manage security incidents

security tools & techniques

Proficient in using security tools (eg: SIEM, SAST/DAST tools) and methodologies

risk management

Understand and mitigate risk through risk and threat modeling

Build your own Cybersecurity Skills Framework

Step 1 - Select Job Families:

Review the job family list and select the options that best fit your organization. Each job family description includes example job titles, job descriptions, responsibilities and skills.

Step 2 - Adjust Skills:

Upon selection, proceed to the second step where you are able to drag/drop skills between each of the three skill categories (basic, intermediate and advanced). You are also able to remove skills, add new skills, and show/hide categories entirely.

Step 3 - Confirm + Export:

When you have finished adjusting your list of job families and corresponding skills, you can proceed to step 3 where you will be able to change the name of any job families to align with your internal naming conventions, and select those you wish to export as a *.csv or *.json file.

Cybersecurity Skills Framework

Roles and Responsibilities

IT roles require cybersecurity knowledge and expertise