The security of the communication systems, digital services and functionalities of Critical Infrastructures (CI) is more important now than ever. Many of today’s energy providing infrastructures such as Smart Grids and Nuclear Power Plants rely on digitalized In- dustrial Control Systems. This, while facilitating data exchange and regular functions, has also rendered the infrastructures vulnerable to cyber-attacks. Additionally to installing security applications, ensuring that CI personnel is aware of cyber-threats and properly trained to cover all functions of their role is critical. For this purpose, several Cyber-Security (CS) training solutions have been proposed and adopted in recent years. While many advancements to CS training have been proposed in the literature, certain limitations are still present in current offerings. Current CS training and exercise offerings are often generalized to all audiences, as well as being inflexible and challenging to implement in many cases. Additionally, training participants are often not involved in the design or development of the exercises, which does not allow for tailored personaliza- tion and design of appropriate learning paths. In this work, we propose a framework for developing CS train- ing exercises based on Personalized Learning Theory (PLT) concepts. Additionally, we develop and evalu- ate two different CS exercises with two different tar- get groups developed using the framework. The results of the experiments and comparison with exercises con- ducted without using the framework show that the im- plementation of PLT concepts in the exercises had a significant effect on their effectiveness and outcome.