DEVOPSdigest

The Linux Foundation, the nonprofit organization enabling mass innovation through open source, announced the launch of the Cybersecurity Skills Framework, a global reference guide that helps organizations identify and address critical cybersecurity competencies across a broad range of IT job families; extending beyond cybersecurity specialists.

Produced in collaboration with the Open Source Security Foundation (OpenSSF) and Linux Foundation Education, the framework delivers actionable guidance to enterprise leaders looking to systematically reduce cyber risk.

The Cybersecurity Skills Framework provides a practical, globally relevant onramp that organizations can use to assess and build internal security capabilities. The framework provides leaders with an easy way to understand the cybersecurity skills needed, quickly identify knowledge gaps, and incorporate critical skills into all of their IT roles. By establishing a shared language for cybersecurity readiness, the framework prepares everyone who touches a system to take responsibility for security, not just the cybersecurity specialists: from app developers to web developers, network engineers to database engineers, solutions architects to enterprise architects.

The framework defines practical cybersecurity expectations across foundational, intermediate, and advanced proficiency levels, while mapping those skills to recognized standards such as the DoD 8140, CISA NICE Framework, and the ICT e-CF. By aligning with widely adopted standards and allowing for customization, the framework can be easily adopted across industries, regions, and organizational sizes. The framework is available in a free, easy to use web interface which allows users to select relevant job families, move skills between categories, delete any that don't apply and add custom items they require.

The framework was produced as a result of a global research effort, with contributions and feedback from cybersecurity educators, government advisors, framework stewards, and technical training experts, who together brought comprehensive expertise in workforce development, national defense, professional certification, and open source security.

"Cybersecurity is now a leadership issue, not just a technical one," said Steve Fernandez, General Manager at OpenSSF. "Our framework gives organizations a straightforward way to identify gaps and prioritize the security skills that matter most, based on role and responsibility—not just checklists. It's about building real-world resilience."

The Cybersecurity Skills Framework provides guidance for key roles, including web and software developers, DevOps engineers, IT project managers, platform architects, GRC managers and more. Each job role is defined by its primary cybersecurity responsibilities and aligned with practical skills in areas like secure design, compliance, vulnerability management, and incident response.

"This framework is a valuable tool for CIOs, CISOs, and enterprise learning teams," said Clyde Seepersad, SVP and General Manager of Linux Foundation Education. "In an era of accelerating threats, leaders need clear pathways for strengthening security culture across technical teams. This resource helps organizations take a proactive approach to employee development and risk reduction."

The Linux Foundation and OpenSSF will update the framework annually and welcome community feedback from adopters. Organizations are encouraged to adapt and extend the model to align with their specific needs, security posture, and product portfolios.