Skip to main content
Search by keyword
Cybersecurity expert working on several monitors

Cybersecurity is a crucial concern for us all: cyber risks are near the top of the list of global threats worldwide. It is therefore no wonder that the EU invests increasingly substantial amounts into cybersecurity solutions. While we can have many advanced protection systems, they will only work if we have the people who know how to use them. 

As many of us know, there is a large shortage of skilled cybersecurity experts in the EU and in the world. One study estimates that Europe might face a lack of 350,000 cyber professionals by next year. We are doing everything we can to address this. But what is the best way?

Many people take a specialisation in university, and then go on to do a job in this field. In Europe, there are now over 100 cybersecurity masters. We are also pushing for more cybersecurity in ‘regular’ IT studies. 

Universities provide a scientific education. They aim at building strong foundation for a deep understanding of cybersecurity throughout a person’s career. Therefore, they are often interdisciplinary and holistic. That means that they cannot always be fully focused on preparing people completely for the current labour market. 

To work with the latest (vendor-specific) tools, an expert often needs specialised training. One solution would be to have employers provide such training, but they can be reluctant. Cybersecurity workers are in high demand, so some of the hardest to retain. What if a company invests a lot in someone’s cybersecurity education, but then they move to a competitor? 

In the European Commission, we are looking with our partners at creative solutions. Firstly, we address the issue at the level of higher education.  

‘’We aim to strengthen cooperation between universities and businesses, leading to mutual learning and pooling of resources. We support new master programmes in areas where there are not enough yet, such as security-by-design.’’ 

At the level of professional training, the Commission is also active. For instance, we provide financial support for ‘cyber ranges’: practical environments where situations are simulated in a highly realistic way. This allows someone to gain quick hands-on experience and includes support for cyber ranges for crucial areas, such as energy grids and aviation. 

Finally, it is not always feasible for every organisation to hire a cybersecurity expert. Some small companies only have IT generalists. These people still need to be able to protect their systems.  

‘’The Commission stimulates up-skilling and re-skilling towards cybersecurity.’’ 

Many EU-supported organisations offer cyber courses for generalists: a good example is

Through all of these actions, the Commission contributes to address cybersecurity skills. Moreover, the current Cybersecurity Month is a great occasion to highlight what the EU has to offer on cybersecurity skills and to raise cyber awareness in general cyber awareness in general. 

About Miguel Gonzalez-Sancho 

Miguel González-Sancho is since July 2018 Head of the Unit "Cybersecurity Technology and Capacity Building" at the European Commission, where he has worked for over 20 years, particularly on policy files, as well research and innovation programmes, focusing on the social and economic impact of digital technologies. His previous responsibilities include Head of Unit for eHealth, Well-Being and Ageing; Head of Unit for Administration and Finance; Deputy Head of Unit for Policy Coordination; Deputy Head of the Unit for Technologies and Social Inclusion, and member of cabinet of a European Commission Vice-President. Miguel holds degrees in law, business administration, international relations and European policies. 


@ Gorodenkoff -

Opinions details

Digital technology / specialisation
Geographic scope - Country
Geographical sphere
EU institutional initiative

One of the most important challenges of cybersecurity is security of the hardware. For more than ten years findings concerning deficits in hardware architecture have not been corrected yet. These deficits enable hackers to interfere with system operations. At least one secure hardware architecture has not only been developed, but has reached patent protection. Advantages of this architecture are physical incapability to execute malware, and multiplying the data transportation bandwidth between processor and memory.

Hardware seems to be outside most cybersecurity experts' view. But it is the base, which is required for all software activities. The above mentioned deficits of hardware cannot be healed by software.