The new framework aims to address security skill gaps in IT profiles.
The Linux Foundation, together with the Open Source Security Foundation and Linux Foundation Education, has introduced the Cybersecurity Skills Framework. This global reference guide helps organizations recognize and build essential cybersecurity skills, even beyond specialized security roles.
Knowledge Gap
According to the State of Tech Talent report from 2024, 64 percent of companies struggle to find suitable candidates: applicants often lack basic skills, and it takes an average of 10.2 months to fully onboard new IT staff. In open-source projects, 62 percent say they don’t have a dedicated team for security incidents, despite existing reporting procedures.
According to the report, this is due to unclear job profiles and fragmented training paths. The new framework aims to change this by offering a standardized way to name, assess, and develop security skills.
Common Use
The Cybersecurity Skills Framework provides a common language for security competencies at basic, intermediate, and expert levels. It is aligned with international standards such as the US DoD Directive 8140, CISA’s NICE Framework, and the European e-Competence Framework. The platform is flexibly deployable, regardless of sector or region.
The tool is freely available via a web interface that allows companies to view, adjust, or supplement competencies per job profile.
SiliconANGLE writes that Arun Gupta, vice president of developer programs at Intel and board member at OpenSSF, considers cybersecurity a shared responsibility. He continues: “This framework provides a concrete roadmap to better prepare technical teams for securing our digital infrastructure.”