The Linux Foundation, in conjunction with the Open Source Security Foundation and Linux Foundation Education, today announced the launch of the Cybersecurity Skills Framework.

It’s a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of information technology job families, extending beyond cybersecurity specialists. The framework has been designed to assist enterprise leaders who are struggling as cybersecurity threats grow in both scale and complexity.

The Linux Foundation argues that despite cybersecurity being one of the top three most in-demand tech roles for enterprises, major talent readiness gaps remain. According to the foundation’s 2024 State of Tech Talent Report, 64% of organizations report candidates lack essential skills and it now takes an average of 10.2 months to hire and onboard new technical staff. Additional research from the Linux Foundation found that 62% of open-source project stewards lacked dedicated personnel for security incident response, despite 74% maintaining formal cybersecurity reporting mechanisms.

The foundation says the trends reflect a broader awareness of cybersecurity needs without the personnel to tackle them, driven by unclear role expectations and fragmented training pathways. The Cybersecurity Skills Framework has been designed to address these issues with a practical, globally relevant onramp that organizations can use to assess and build internal security capabilities.

The framework offers leaders an easy way to understand the cybersecurity skills they need, quickly identify knowledge gaps and incorporate critical skills into all of their IT roles. That prepares everyone who touches a system to take responsibility for security by establishing a shared language for cybersecurity readiness, not just the cybersecurity specialists, according to the foundation.

It also defines practical cybersecurity expectations across foundational, intermediate and advanced proficiency levels while mapping those skills to recognized standards such as the U.S. Department of Defense Directive 8140, the Cybersecurity and Infrastructure Security Agency’s National Initiative for Cybersecurity Education Framework and the Information and Communication Technology European e-Competence Framework. The framework has been designed to be easily adaptable across industries, regions and organizational sizes through its alignment with widely adopted standards and allowing for customization.

Offered for free, the framework includes an easy-to-use web interface that gives users the ability to select relevant job families, move skills between categories, delete any that don’t apply and add custom items they require.

“Cybersecurity is a shared responsibility and closing the skills gap is essential to building secure systems at scale, said Arun Gupta, vice president of developer programs at Intel Corp. and the governing board chair at OpenSSF and the Cloud Native Computing Foundation. “The OpenSSF Cybersecurity Skills Framework provides a clear, actionable roadmap for equipping technical teams with the right knowledge to protect our digital infrastructure, thus raising the bar for security readiness across the industry.”

Image: SiliconANGLE/Reve