UPDATED 09:00 EDT / MAY 14 2025

SECURITY

Linux Foundation debuts Cybersecurity Skills Framework to address enterprise talent gaps

The Linux Foundation, in conjunction with the Open Source Security Foundation and Linux Foundation Education, today announced the launch of the Cybersecurity Skills Framework.

It’s a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of information technology job families, extending beyond cybersecurity specialists. The framework has been designed to assist enterprise leaders who are struggling as cybersecurity threats grow in both scale and complexity.

The Linux Foundation argues that despite cybersecurity being one of the top three most in-demand tech roles for enterprises, major talent readiness gaps remain. According to the foundation’s 2024 State of Tech Talent Report, 64% of organizations report candidates lack essential skills and it now takes an average of 10.2 months to hire and onboard new technical staff. Additional research from the Linux Foundation found that 62% of open-source project stewards lacked dedicated personnel for security incident response, despite 74% maintaining formal cybersecurity reporting mechanisms.

The foundation says the trends reflect a broader awareness of cybersecurity needs without the personnel to tackle them, driven by unclear role expectations and fragmented training pathways. The Cybersecurity Skills Framework has been designed to address these issues with a practical, globally relevant onramp that organizations can use to assess and build internal security capabilities.

The framework offers leaders an easy way to understand the cybersecurity skills they need, quickly identify knowledge gaps and incorporate critical skills into all of their IT roles. That prepares everyone who touches a system to take responsibility for security by establishing a shared language for cybersecurity readiness, not just the cybersecurity specialists, according to the foundation.

It also defines practical cybersecurity expectations across foundational, intermediate and advanced proficiency levels while mapping those skills to recognized standards such as the U.S. Department of Defense Directive 8140, the Cybersecurity and Infrastructure Security Agency’s National Initiative for Cybersecurity Education Framework and the Information and Communication Technology European e-Competence Framework. The framework has been designed to be easily adaptable across industries, regions and organizational sizes through its alignment with widely adopted standards and allowing for customization.

Offered for free, the framework includes an easy-to-use web interface that gives users the ability to select relevant job families, move skills between categories, delete any that don’t apply and add custom items they require.

“Cybersecurity is a shared responsibility and closing the skills gap is essential to building secure systems at scale, said Arun Gupta, vice president of developer programs at Intel Corp. and the governing board chair at OpenSSF and the Cloud Native Computing Foundation. “The OpenSSF Cybersecurity Skills Framework provides a clear, actionable roadmap for equipping technical teams with the right knowledge to protect our digital infrastructure, thus raising the bar for security readiness across the industry.”

Image: SiliconANGLE/Reve

A message from John Furrier, co-founder of SiliconANGLE:

Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.

  • 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
  • 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.