cybersecurity exercises

Research, Analysis and Strategy Institute is looking for experts interested and project-based opportunity to work for ENISA

Support preparation and conduct of cybersecurity exercises:

• In the execution of different type of exercises (including tabletop, operational, technical and

awareness raising), both onsite and online, using the aforementioned customised/localised kits.

• In customising and localising of exercise material (e.g., scenarios, documentation,

presentations), based on ENISA-provided exercise kits.

• In the deployment of digital tools and/or infrastructures for conducting exercises. Depending the

type of the exercise these might include messaging and collaboration platforms, as well as

platforms to support the planning, scheduling and conduct of exercises.

• In assessing the exercise's impact by evaluating the preparedness and maturity level of the

beneficiary before and after the exercise.

• Following an evidence-based approach to exercise delivery and assessment, providing ENISA

with proof of exercise completion, assessment results, and other relevant data as required for

compliance and reporting purposes.

Support delivery of bespoke cybersecurity trainings:

The contractor must be able to support ENISA:

• In delivering trainings both on-site and online

11 Cybersecurity Awareness Raising: The ENISA-Do-It-Yourself Toolbox, 

raising-in-a-box

o on a wide range of cybersecurity topics, including but not limited to, NIS2 compliance,

governance, risk management, incident response, technical security measures, and

security awareness.

o tailored to the specific needs and maturity levels of the targeted NIS2 entities.

o tailored to various audiences within an organization, from C-level executives and

management bodies to technical teams and a general employee population.

• In developing and customizing training material (e.g. presentations, exercises, case studies)

based on ENISA-provided content and best practices, as well as the specific operational context

of the beneficiary entities. This includes localizing content where necessary to ensure relevance

and effectiveness. Training material should be reusable.

• In assessing training impact by evaluating the knowledge and skills of the beneficiary before

and after the training. This may involve pre- and post-training assessments, quizzes, or other

evaluation mechanisms to demonstrate the effectiveness of the training and identify areas for

further improvement.

• Following an evidence-based approach to training delivery and assessment, providing ENISA

with proof of training completion, assessment results, and other relevant data as required for

compliance and reporting purposes.

Requirements:

The 
Senior Expert
shall have:

• Completed university studies (Bachelor's Degree/Level 6 of the European Qualifications

Framework (EQF)) attested by a diploma in Computer Science, Computer Engineering or

equivalent;

• A minimum of five (5) years of relevant professional experience and expertise in delivering

cybersecurity exercises, crisis management exercises, preparedness testing, and\or

cybersecurity trainings as outlined in Section 2, "
Description of Services to be Provided
," with a

specific focus on the areas detailed in subsection 2.2. This includes experience in:

o Customizing, and localizing exercise & training material (e.g. scenarios, injects,

presentations) for various audiences and exercise types (e.g. tabletop, operational,

technical, awareness raising);

o Selecting and deploying digital tools and platforms to support exercise execution

(collaboration, planning, scheduling).

• Strong understanding of cybersecurity concepts, threats, and best practices;

• In-depth knowledge of exercise methodologies (discussion-based, operational, technical) and

their application in various scenarios (cross-sectorial, national, cross-border);

• Excellent project management skills, including planning, execution, monitoring, and quality

assurance.

• Very good and clear writing and speaking communication skills;

• Excellent command of the English language (at least level C1 according to the Common

European Framework of Reference for Languages (CEFR));

• If required for a specific Member State, knowledge of the official language(s) of the Member

State;

Advantageous
:

• Relevant professional certifications;

• National security17 clearance with minimum required level: 'Confidential'. A statement by a

competent authority of a Member State indicating that the process for obtaining the clearance is

ongoing, as well as a self-declaration from the contractor indicating the ability to acquire the

clearance, will also be accepted.

• Experience leading and facilitating cybersecurity or crisis management exercises.

• Working knowledge of relevant standards (e.g., ISO

Please send CVs to:

Deadline 17 October