In response to the growing shortage of cybersecurity professionals across Europe, Solvay Lifelong Learning (SLL) is proud to be a member of the CyberHubs project, a three-year initiative aimed at strengthening the cybersecurity professional skills ecosystem across Europe.
Led by DIGITALEUROPE and funded by the Erasmus+ programme, the initiative brings together a consortium of 21 full partners from 11 EU Member States and three associated partners. Over the next three years, CyberHubs will establish seven Cybersecurity Skills Hubs (CyberHubs) in Belgium, Estonia, Greece, Hungary, Lithuania, Slovenia, and Spain. These hubs are the foundation of a long-term strategy to ensure Europe can train, hire, and retain the experts it fervently needs.
Our research team, affiliated with the Digital Governance activity at Solvay Lifelong Learning, has actively contributed to the development of the “Cybersecurity Skills Needs Analysis report Belgium”, which you can read in full here.
This report provides a clear picture of what employers actually look for—a roadmap for anyone looking to enter or advance in the field. I discuss the main points below and encourage you to read the full report as well.
The analysis shows that a successful cybersecurity career requires a blend of deep technical knowledge, strong organisational aptitude, and crucial soft skills.
When a breach happens, the ability to manage the crisis is paramount. That's why Incident management is the most sought-after technical skill. But prevention is just as critical, highlighting the need for expertise in:
Access controls and identity management: The fundamentals of who gets to see what.
Information systems and network security: Protecting the infrastructure itself.
Data security and cryptography: Keeping sensitive information locked down.
Threat analysis: Understanding and predicting future attacks.
Cybersecurity is no longer confined to the IT department; it has become a strategic business concern. Professionals must be able to manage security initiatives in the same manner as any other business project.
While job vacancy data shows a high demand for Project management skills, the top priority for most organisations is Risk management—the ability to assess, prioritise, and mitigate potential harm. Other crucial strategic skills include policy development, process control, strategic planning, and ensuring business continuity in the event of a crisis.
Every cybersecurity role sits atop a foundational layer of IT knowledge. Professionals need to be proficient in the platforms they are tasked with defending. This includes:
Network management
Enterprise architecture & infrastructure design
System administration and integration
Operating systems
Data analysis (crucial for finding security patterns)
Perhaps the most surprising—and essential—finding is the value placed on soft skills. Being a security expert means communicating complex risks to non-technical stakeholders, from executives to end-users. Unsurprisingly, Communication is ranked as the most vital skill here and is only expected to grow in importance. The other top-ranking human skills are:
Problem solving
Teamwork
Leadership
Analytical thinking
Faced with a persistent talent gap, organisations are keenly focused on practical training to cultivate the necessary skills in their current and future employees. The survey data reveal a clear preference for learning that is experiential and internal.
The single most valued strategy is 'On the job coaching and training,' with almost 90% of respondents ranking it as 'Very important' or 'Important.' This preference highlights the conviction that the most valuable cybersecurity skills are developed through hands-on experience and mentorship within a real-world operational environment.
Two other highly-rated strategies follow this practical approach:
Upskill own ICT personnel (82%): Organisations are committed to converting their existing IT staff into cybersecurity experts, leveraging their foundational knowledge and familiarity with the company’s systems.
Hire people and train them (75%): This strategy involves bringing in new, high-potential talent and providing them with the necessary specialised training from day one.
Interestingly, the least relevant training strategy was found to be 'Reskill own non-ICT personnel,' with 41% of respondents finding it 'not relevant' or only of 'some importance.' However, the report suggests that, given the severe shortage of cybersecurity experts, this approach—which involves converting staff from areas such as banking or manufacturing—is a pathway worth exploring to tap into unique domain expertise.
Beyond the specific skills analysis, the CyberHubs project aims to create a lasting impact on the European cybersecurity landscape. By mapping existing education and training providers, developing national cybersecurity skills strategies, and fostering collaboration between academia and industry, the project aims to close the persistent skills gap. The ultimate goal is to build a more secure and competitive digital Europe, one where a skilled and adaptable workforce is equipped to face the ever-evolving threat landscape.