Exploring Barriers in Cybersecurity Training: A Socio-Technical Perspective on Cross-Organizational Portability and Inclusion

Abstract: Cybersecurity training and practical exercises such as cyber-range and Capture-The-Flag (CTF) events are increasingly used to build organisational resilience. However, challenges remain in reusing and adapting these exercises across organisational and national boundaries. This paper explores two key aspects that affect the long-term sustainability and impact of cybersecurity training: cross-organisational portability and inclusivity. Drawing on a cross-border workshop with participants from Sweden and Norway, we identify technical, organisational, and pedagogical barriers that hinder the reuse of cybersecurity training and exercises, including the lack of shared packaging standards, mismatched legal frameworks, hidden infrastructure dependencies, and divergent learning objectives. We argue that portability is not only a technical issue but also a socio-technical challenge requiring clearer communication and aligned expectations. The paper also investigates how inclusivity is understood and implemented in cybersecurity education, highlighting promising practices, such as diverse learner pathways, multilingual materials, and community-led efforts, alongside persistent structural limitations. Based on these findings, we propose the use of lightweight, machine-readable manifests to improve scenario portability and call for more structured institutional support for inclusive training environments.

Keywords: Cybersecurity Training and Exercises, Barriers, Cross-Organizational, Portability, Inclusivity, Sweden, Norway.

DOI: 10.54941/ahfe1006793

Cite this paper:

​