First Open Pilots Workshop: Post-event report



The first Open Pilots Workshop took place in Pisa on November 5 and attracted representatives from 12 organisations interested in testing the platform and presenting their individual training requirements to the expert panel comprising both project partners and invited guests from the four European Competence Centre Pilot Projects.


Podium Presentations

First on the agenda were two podium presentations, one from Gianluca Dini of the University of Pisa on the topic Cybersecurity and skills gap in Europe: Facts & figures, and the other from Gonçalo Santos Martins of Energias de Portugal, entitled Filling the cybersecurity skills gap: Why training matters for your business.

In company with Ferrovie dello Stato Italiane, both UniPi and EDI are full-scale pilot sites for the project. Together, these three large organisations provide investigators with access to a broad range of users facing a variety of threats across a multi-faceted technology landscape. The purpose of the open pilots is to further enrich the investigators’ purview as the platform continues to take shape over the course of the project.


Presentations from the European Competence Centre Pilot Projects

An important aspect of the workshop was the presence of representatives from the European Competence Centre Pilot Projects, recently established with EU funding to prepare the European Cybersecurity Competence Network. In a panel session during the second half of the morning, workshops delegates were introduced to each of the four projects - CONCORDIA, Cybersec4Europe, ECHO ,and SPARTA – and to their individual and shared goals and objectives. The session was moderated by coordinator Nicholas Ferguson of Trust-IT Services and attracted a lively discussion from the floor.

A brief summary of the presentations and discussions follows.

CONCORDIA (Cyber security cOmpeteNCe fOr Research anD InnovAtion)

Speaker Claudio Agostino Ardagna from the Università degli Studi di Milano defined the objective of the 55 CONCORDIA project partners as being to develop a Europe-wide educational ecosystem for cybersecurity by identifying and mapping leading research, technology, industrial and public competences already being used in cybersecurity education, and also by developing further, next generation solutions using AGILE methodologies. In boosting cybersecurity competencies, he said, CONCORDIA aimed to strengthen European industrial competitiveness and enhance economic growth.

Cybersec4Europe (Cybersecurity for Europe)

Speaker David Goodman of Cybersec4Europe project partner organisation Trust in Digital Life, Belgium explained that the goal of the predominantly research-based Cybersec4Europe consortium is to develop a cybersecurity skills framework model for both education providers and employers. He said the partners would work across four different but inter-related areas with a strong focus on openness and citizen-centricity in order to ensure the adequacy and availability of cybersecurity education and training as well as common open standards. In the process they will design, test and demonstrate potential governance structures for the network of competence centres, develop software recommendations, and build communities.

ECHO (European network of Cybersecurity centres and competence Hub for innovation and Operations)

Speaker Matteo Merialdo of RHEA, Belgium, the coordination partner for ECHO, said that creating a federated cyber range and an early warning system were key areas of focus within the ECHO project. Highlighting the multi-sector approach which distinguishes ECHO, he explained that multiple cyber ranges would be leveraged by the creation of a shared marketplace where content providers can upload contents/scenarios for general use, thus widening the pool of scenarios available to single organisations. He also clarified that the ECHO Early Warning System will be an operations support tool enabling members to coordinate and share incident reports and other cybersecurity-relevant information in near-real-time

SPARTA (Strategic Programs for Advanced Research and Technology in Europe)

Speaker Fabio Martinelli of CNR, Italy characterised the main purpose of SPARTA as being to contribute to European strategic autonomy in cybersecurity. As such, he said, SPARTA will design a long-term roadmap for building competence centre networks using a community-based approach to map local training, certification and industry networks with a view to standardisation.


Introducing the Open Pilots

Each of the open pilot candidates was given the opportunity to take the podium and describe their organisation and the particular cybersecurity training needs that had brought them to the event in search of assistance. Demonstration and Interactive Session

In the final session before lunch, delegates were introduced to the main elements of the platform via a demonstration and walk through of the Workspace. The learning path was also presented alongside the advanced tools which are incorporated in the platform, and the cyber range itself.

This session was presided over by project partners Niccolò Zazzeri, Trust-IT, Italy, Anže Žitnik, XLAB, Slovenia; Gencer Erdogan, SINTEF, Norway, and Matteo Merialdo, RHEA, Belgium, and was followed by a working lunch during which delegates were able to test the platform in person.

A brief summary of the presentation follows.

  • Learning path
    Designed in line with ISO 27005 requirements, the learning path offers both theoretical and experiential material and is spread over the four levels Primer, Basic, Intermediate, and Advanced. Each level builds on the preceding one so that together they encompass the full knowledge landscape. This arrangement offers learners complete flexibility to slot in at their individual level of need, allowing for a high degree of customisation.
    In increasing order of complexity, the learning phases are: Cybersecurity and risk awareness; context establishment, Cyber risk assessment; Cyber risk treatment and cost/benefit analysis.
  • Technical assets and tools
    To serve the requirements of each phase, specific technical assets and tools are being developed within the project. These are detailed within the presentation and include amongst others a graphical dashboard for scenario design and configuration, a digital library, an economic risk evaluator with appropriate risk models, attack and countermeasures simulators, an anomaly detection reasoner, and vulnerability assessment tools.


The Open Pilot Opportunity

In bringing the full-day event to a close, Antonio Alvarez Romero from coordination partner ATOS, Spain, gave a presentation entitled Building the cybersecurity workforce of tomorrow -Implement your own Open Pilot with in which he described the open pilot opportunity and the procedure to be followed by candidate organisations. A brief summary of the presentation follows.

  • The open pilot concept enables organisations to test the platform at no cost for a three-to-six-month period via training customised to their specific requirements. Organisations accepted for the first tranche will commence training some time between December 2019 and March 2020.
  • To enrol, candidate organisations must specify their requirements using the appropriate form, and identify the trainees to be included in the pilot so it can be planned and then scheduled.
  • After completion of the training, advanced users will be inserted in the Cybersecurity Professional Register (CyPR) which is currently under development.


Workshop Outcomes

The day was an undisputed success, not least because all the candidate organisations present signed up as pilot users and arrangements are already underway to table their requirements and schedule the training.

In addition, video interviews conducted during the day with both speakers and delegates attest to their having found the workshop educational and useful. The following are some examples:

Hani Banayoti, Director at CyberSolace, UK

“This workshop has been valuable in investigating and exploring new tools that would help companies exercise and rehearse the cyber threats they may be facing. The workshop has been a really interesting collaboration across the teams and participants, including the discussions on developing the tool and its value for diverse organisations, including governments and at the micro level. Our company has come away with a rich experience on this flexible and versatile tool for customers to tackle their cyber threats.

Calisto Calisti, CIO and CISO at Ingegneria Dei Sistemi SpA

“The workshop has been very important and interesting for sharing information on training requirements and the cyber range platform. This gives a new opportunity to combat new threats on information security.”

David Goodman - Trust in Digital Life, Belgium and Cybersec4Europe

“It has been really important to come to the Open Pilot Workshop from a Cybersec4Europe perspective. I've discovered that there are a lot of synergies for training, education, skills and awareness, as well as for reaching out to SMEs and citizens in particular. It will be vital to leverage all this work aimed towards creating greater awareness. We look forward to the coming months and years to drive the synergies that exist between us and

”One of the other benefits of this workshop is the panel with the other competence network pilots: Cybersec4Europe, SPARTA, ECHO and CONCORDIA in the context of and giving us a platform to set out our plans for work togethering and finding the right partners within the four networks.”

Matteo Merialdo, Manager, Security R&D Projects at RHEA and representing ECHO

“From an ECHO perspective, we have particularly appreciated the workshop discussions as an opportunity to take forward a liaison with as complementary Horizon 2020 project on cyber ranges.”

Nicholas Ferguson, Trust-IT and Coordinator

“The workshop was an excellent opportunity to get first-hand feedback from SMEs and academia on cybersecurity skills. It was also an important opportunity to bring together the four competence pilots, understand how they aim to create better facilities and competences across Europe and how other EU initiatives, like and, can contribute to a building strong cybersecurity in the European Union.”                                                                    

To request an Open Pilot consultation for your organisation, click here.