Abstract

Purpose

This study aims to examine the perceptions of cybersecurity professionals in order to extract key recommendations for designing effective and impactful security education, training, and awareness (SETA) programs. These programs are intended to address the diverse needs of learners with non-technical backgrounds, as well as IT professionals pursuing specialized training for re/upskilling.
Design/methodology/approach

A survey-based research approach was applied, including both closed and open-ended questions exploring the perceptions of cybersecurity professionals on important aspects pertinent to the design of cybersecurity awareness-raising and specialized training programs, including key knowledge areas and skills, prominent ENISA European cybersecurity skills framework (ECSF) roles, the importance of cyber ranges and key pedagogical considerations.
Findings

The study results suggest that, to be effective, SETA programs must be audience-centric and that the teams responsible for designing them must combine technical expertise, knowledge and skills such as understanding cyber threats, implementing security technologies and incident management, with transferable skills, including communication and adaptability. These findings highlight that SETA teams must include roles with strong technical competencies and pedagogical understanding alike.
Originality/value

The novelty of this study lies in its focus on differentiating SETA programs based on the unique needs of two diverse learner groups, emphasizing the cybersecurity roles, knowledge, skills and pedagogical factors that are important for redesigning awareness-raising and training programs, ultimately leading to a sustainable cybersecurity culture.