Best Practices and Guidelines for Cybersecurity Training (paper)
Introduction
“Best Practices and Guidelines for Cybersecurity Training” sets out 20 concrete principles for designing technical cyber-security courses that move far beyond basic awareness. Drawing on academic research, eight joint training events and public workshops held in 2024-25, the paper highlights active learning, realistic cyber-range labs, gamified missions and relevance to regulations such as NIS2. Its goal is to help organisations close the growing skills gap by making training relevant, hands-on and measurable.
Authors
The paper is a collaborative effort between Danish academia, industry and the professional community:
Prof. Jens Myrup Pedersen – Aalborg University & Campfire Security
Kristian Helmer Kjær Larsen – Campfire Security
Mikael Vingaard – ICSRange
Jens A. Nielsen – ICSRange
Emil Schmidth Nielsen – SagaLabs
Hans Ravnkjær Larsen – Dansk IT
Together they bring experience from university research, capture-the-flag platforms, scenario-based cyber ranges and national IT professional networks, ensuring that the 20 principles are both evidence-based and applicable.