A cybersecurity training programme designed to widen access to the profession for women and non-technical entrants is expanding without EU funding, after being voluntarily adopted by organisations in Poland and North Macedonia following the formal close of its Erasmus+ project period.
SHE@CYBER, which was shaped and co-developed by ISACA, ended its funded phase in November 2025. Since then, more than 70 women in Poland have completed the training independently, and more than 40 educators in North Macedonia have been certified to deliver it. That adoption – after the grant money stopped – is the clearest sign yet that the model works on its own terms.
During the funded period, which began in 2024, the programme upskilled 45 trainers across Cyprus, Spain, Italy, Greece and Ireland, and reached 193 registered users through its open-access platform. An independent assessment by the Cyprus National Agency under the European Commission’s Erasmus+ programme scored it 90 out of 100, earning it a designation of “Excellent Quality” and recognition as a “European Good Practice.” It was also named a finalist in the 2025 European Digital Skills Awards.
The programme was built on a research-backed understanding of why women remain underrepresented in cybersecurity and how traditional skills frameworks can contribute to that gap. ISACA’s contribution was to translate its globally recognised frameworks into a format accessible to people without a technical background, mapping the curriculum against the European Cybersecurity Skills Framework (ECSF) so that learners build industry-recognised capabilities from the start.
“Women are underrepresented in cybersecurity not due to a lack of ability, but often because of how the profession defines itself and communicates its entry pathway,” said Professor Vladlena Benson, Academic and Research Liaison at ISACA and Director of the Aston Centre for Cyber Security Innovation at Aston University, whose work the programme draws on. “By combining technical foundations with confidence-building, professional skills and accessible learning, SHE@CYBER creates a more realistic and inclusive route into the field.”
The programme’s train-the-trainer model is central to how it scales. Rather than relying on a central delivery team, it certifies educators to deliver the methodology independently – creating a multiplier effect that extends reach to future cohorts without additional central resource. The North Macedonia adoption is the clearest example of this to date.
Chris Dimitriadis, Chief Global Strategy Officer at ISACA, said: “SHE@CYBER shows that when training is grounded in real-world needs and supported by recognised standards, it becomes both credible and inclusive. That combination is what building a stronger cybersecurity workforce actually requires.”
The SHE@CYBER platform and learning materials will remain freely accessible until at least November 2028.
This program accelerates the mission of ISACA’s SheLeadsTech program, which aims to increase representation in the tech workforce and elevate more women into leadership positions.
