(C4CA) Short-Term Expert - Cybersecurity Capacity Building and Exercises (H / F)

Expertise France est l’agence publique de conception et de mise en œuvre de projets internationaux de coopération technique. L’agence intervient autour de quatre axes prioritaires : - gouvernance démocratique, économique et financière ; - paix, stabilité et sécurité ; - climat, agriculture et développement durable ; - santé et développement humain. Dans ces domaines, Expertise France assure des missions d’ingénierie et de mise en œuvre de projets de renforcement des capacités, mobilise de l’expertise technique et joue un rôle d’ensemblier de projets faisant intervenir de l’expertise publique et des savoir-faire privés. The objective of the assignment is to strengthen the technical capacity of national cybersecurity teams and institutions by designing and delivering advanced training programs, cybersecurity exercises, and Train-the-Trainer activities in line with international standards. The expert will be responsible for the following : Design and implement tailored technical training programs for national cybersecurity teams, including CERTs / CSIRTs, public institutions, and critical infrastructure operators. Develop and conduct practical cybersecurity exercises such as : Incident response simulations (including table-top and live drills) Risk assessment and risk management workshops Capture-the-Flag or red / blue team exercises Facilitate “Train-the-Trainer” sessions to ensure sustainability of national capacity-building efforts. Support national authorities in identifying relevant cybersecurity certification schemes (e.g., CompTIA, CISSP, CISM, ISO / IEC 27001) and assist in developing pathways for accreditation. Engage with project stakeholders to adapt training and exercise content to local institutional maturity and regional context. Prepare all necessary supporting documentation, materials, and post-training evaluation reports. Deliverables for each assignment will be detailed in the related purchase order. They can include documents listed non-exhaustively hereafter : Capacity needs assessment brief (if needed) for selected country(ies). Design and delivery of at least one technical training module (incl. presentations, tools, exercises). Design and facilitation of at least one cybersecurity exercise or simulation drill. Delivery of at least one Train-the-Trainer session or workshop. Post-training / exercise evaluation reports with recommendations for follow-up capacity development. Final mission report summarizing activities, outcomes, and lessons learned. The Team Europe Initiative (TEI) on Digital Connectivity in Central Asia  C4CA) promotes secure and inclusive digital transformation. Under SO4, Expertise France is leading efforts to improve cybersecurity governance and resilience. Output 3 focuses on building the technical capacity of national cybersecurity stakeholders, including CERTs, CSIRTs, ministries, regulators, and critical infrastructure entities, through comprehensive training, exercises, and long-term skills development initiatives. Education : Advanced degree (Master’s or equivalent) in cybersecurity, computer science, information security, or related fields is preferable. Relevant professional certifications are an asset. Professional Experience : Minimum of 7 years of hands-on experience in cybersecurity training, CERT operations, cyber incident response, or security operations center (SOC) management. Proven experience in designing and delivering cybersecurity training and exercises in a professional or institutional setting. Familiarity with standards and frameworks such as NIST, ISO / IEC 27001, ENISA guidance, and EU NIS / NIS2 Directive. Experience delivering or participating in international cybersecurity conferences such as Black Hat, DEF CON, or equivalent is considered a strong advantage. Experience working in donor-funded or international development projects is highly desirable. Experience in capacity building in low- or middle-income countries and / or transition economies is an asset. Regional experience in Central Asia or similar contexts is considered an asset. Certifications (advantageous) : Possession of one or more internationally recognized certifications, such as : CISSP (Certified Information Systems Security Professional) CEH (Certified Ethical Hacker) GIAC (Global Information Assurance Certification – any specialization) ITIL (Information Technology Infrastructure Library) Other relevant cybersecurity, risk management, or training credentials Skills and Competencies : Strong practical knowledge of cyber threat management, detection, and response. Ability to translate complex technical content into accessible training formats. Strong facilitation, presentation, and communication skills. Excellent organizational and reporting skills. Cultural sensitivity and ability to engage with multi-stakeholder audiences. Fluency in English is required; knowledge of Russian is an advantage. Applications will be reviewed on a rolling basis. Interested experts should apply by sharing : a CV in English highlighting fields of expertise listed in these TORs and relevant experience ; and Cover letter in English.  This advertisement will be used to create a pool of 7 experts supporting the implementation of the Policy and Regulatory Frameworks activities of the Cybersecurity component. Number of working days :  up to 30 days, activated through a Purchase Order