The Government is consulting on ‘Developing the Cyber Security Profession in the UK’. A document casts doubt on whether it’s a ‘coherent profession’; and argues that a UK Cyber Security Council, independent of government, with members, a body designed and owned by the profession, is required. That council would aim for Royal Chartered status.
Margot Jones, Minister of State for the Department for Digital, Culture, Media and Sport, said the Government did not want to replace or replicate existing professional organisations. “Rather these proposals work with and build on the excellent work and expertise of the existing professional community, to ensure that collectively we can deliver on stretching objectives to develop the profession at the pace required.
“As our reliance on technology also grows, the opportunities for those who would seek to attack and compromise our systems and data increase, along with their impact. Ensuring the UK has the capability, diversity and professionalism within the cyber security workforce to meet our needs across all parts of the economy is a critical part of the Develop strand of the [National Cyber Security] Strategy.”
The consultation document notes that the profession is relatively new, and varied, taking in penetration testing and more strategic and policy positions such as Chief Information Security Officers (CISOs). There is no generally accepted, unifying narrative of what makes a cyber security professional, it’s claimed. “Misconceptions and stereotypes about cyber security professionals remain and we heard clearly that many still consider cyber security to be a complex subject area and a career which lacks clear routes into and through it.”
The ‘qualification and certification landscape’ is hard to navigate for cyber people; and for those seeking to hire those people.
The consultation runs until August 31. Responses to the consultation or about the substance of the policy should be submitted through the online portal.
Comment
Andy Kays, CTO at threat detection and response company, Redscan said: “The security landscape is changing quickly, and we can’t expect to solve tomorrow’s challenges with the skills we have now.
“Professional qualifications which reflect evolving security needs are hugely important. With cybercrime a growing threat to all UK businesses, it’s essential that organisations have confidence in the people paid to protect them, since technology can only help to a certain point. That said, the current qualification and certification landscape can be hard to navigate, particularly for businesses that don’t clearly understand the skills they need. It can also be difficult for cybersecurity pros to assess the careers options available to them and make informed decisions. A chartered standard would help to make the situation clearer for all.
“Boosting diversity in the cybersecurity sector should, quite rightly, be an important aim. To defend against the next generation of cybercriminals, we need a larger, more diverse and better trained pool of cybersecurity talent as a top priority.”
