Switzerland Training Plan to Empower Micro and Small Enterprises (MSEs) Employees and Applied University Students with Cybersecurity Skills

Our Erasmus+ research project – MECyS has reached an essential milestone! A Training Report was published in November 2023, and this has been adapted to the needs of Switzerland.

Aimed at providing an overview of how a Cybersecurity learning process for MSEs can be organised, the training report covers three essential parts: segmentation of learners, content requirements, and learner journey.

There are three levels for potential learners – the Beginner, Intermediate and Advanced levels (see Figure 1). Each level is assigned an animal according to its movement speed, making the segmentation of participants more understandable and user-friendly. The Beginner level, also known as Turtle’s pathway, introduces learners to the basics of computer security. The Intermediate level (Mouse pathway) provides learners with essential skills through theory and practical exercises, and the Advanced level, also known as the Hare Pathway, is directed towards learners eager for advanced cybersecurity knowledge.

^{Figure 1: Learner Segmentation (Source: MECyS overall Training Plan)}

Further, the training report adopts the Must-Have, Could-Have, Should-Have, and Won’t-Have method (MoCOW) to ensure that each level’s learning goal is met. As shown in Figure 2 below, the MoCOW method refers to topics, features and requirements that must be implemented, are desirable, are optional, or should be excluded from the learning scope, accordingly.

^{Figure 2: The MoCow Method (Source: MECyS overall Training Plan)}

Moreover, the overall training plan has been adapted to national needs. In this regard, a National Training Plan has been developed for Switzerland targeting two main groups – staff at MSEs) and students at Applied Universities, Target Groups 1 and 2, respectively.  Switzerland’s Training Plan covers the study aims of the two target groups, course organisation and duration as well as the learner journey. Referring to the aims of both target groups, a cybersecurity course will interest Target Group 1 because the prospective participants would like to enhance their cybersecurity skills and job profiles. On the other hand, students at applied universities, Target Group 2 may enrol in cybersecurity as an elective module or upon completion of their studies to add to the attractiveness of the curriculum vitae.

Concerning how the course should be organised, online training in a trainer-based and self-regulated format will be suitable for both Target Groups 1 and 2 (see Table 1). More so, there will be the need for trainers with cybersecurity expertise as well as experience in lecturing and coaching. Besides, the required learning resources for Target Groups 1 and 2 include games, quizzes, and video tutorials.

^{Table 1: Cybersecurity Course Setting (Source: Switzerland National Training Plan)}

Furthermore, a course duration of 1 – 4 weeks is ideal with Target Group 1, and this group could be reached through MSE partnerships, LinkedIn, and startup communities.  A 1 – 4-month schedule is ideal with Target Group 2 which could also be reached by industry associations.

Finally, the learning journey for both groups will involve a combination of cybersecurity and data protection. Target Group 1 will pursue a «Cybersecurity and Data Protection Baseline-Professional» course at beginner and intermediate levels and an «MSE Cybersecurity and Data Protection Deep-Dive Professional» course at an advanced level.  Target Group 2 will pursue a «Cybersecurity and Data Protection Baseline-Explorer» course at beginner and intermediate levels and an «MSE Cybersecurity and Data Protection Deep-Dive Explorer» course at an advanced level.

The upcoming stages of the project entail operationalizing the training plan in Switzerland, commencing in 2024.