The security of the communication systems, digital services and functionalities of Critical Infrastructures (CI) is more important now than ever. Many of today's energy providing infrastructures such as Smart Grids and Nuclear Power Plants rely on digitalized Industrial Control Systems. This, while facilitating data exchange and regular functions, has also rendered the infrastructures vulnerable to cyber-attacks. Additionally to installing security applications, ensuring that CI personnel is aware of cyber-threats and properly trained to cover all functions of their role is critical. For this purpose, several Cyber-Security (CS) training solutions have been proposed and adopted in recent years. While many advancements to CS training have been proposed in the literature, certain limitations are still present in current offerings. Current CS training and exercise offerings are often generalized to all audiences, as well as being inflexible and challenging to implement in many cases.Additionally, training participants are often not involved in the design or development of the exercises, which does not allow for tailored personalization and design of appropriate learning paths. In this work, we propose a framework for developing CS training exercises based on Personalized Learning Theory (PLT) concepts. Additionally, we develop and evaluate two different CS exercises with two different target groups developed using the framework. The results of the experiments and comparison with exercises conducted without using the framework show that the implementation of PLT concepts in the exercises had a significant effect on their effectiveness and outcome.