Government plans to establish an “approved standard” and potentially underwrite “chartered” status for UK cybersecurity professionals have been called “worrying” by John Colley. He is the managing director for the info-security and IT membership body (ISC)2 EMEA.
After the release from the Department for Business Innovation and Skills of the policy paper: “Cyber Security Skills Business Perspectives and Government Next Steps Report”
The paper detailed the government’s support for cyber skills development and specific initiatives to be funded in 2014/2015. Among some very welcome commitments to work with industry on skills and work experience initiatives, the report outlined the intent to mandate compliance with the GCHQ-led CESG Certified Professional (CCP) scheme as a foundation to accredit private sector training. The scheme would also form the basis for the development of university curricula, funding incentive schemes through the Higher Education Authority; and to provide guidance for business of all sizes. Further, only ‘relevant’ courses accredited under the CCP scheme would be eligible to be showcased on the government-recognised Sector skills Council site: e-Skills UK Cyber Academy Learning Pathways.
Colley said: “This is worrying. I fear the CCP scheme will not meet the needs of the commercial sector. This scheme goes into fine detail to define roles, several levels of competency specific to those roles, and locks everyone into a rigid, expensive, and over-complicated process, for maintaining something that is never going to be fit for purpose.”
Colley said that the CCP scheme, originally launched for government in October 2012, has been developed based on the IISP skills framework published in 2007; and that there has been no communication around how the CCP scheme is to be kept up-to-date. GCHQ, the government’s intelligence and security agency, was funded to develop the CCP scheme, and worked to define six roles for government in October 2012. A seventh role was added to the scheme last week and there are plans to define several more.
“GCHQ brings a lot to the table, but it is not the only perspective that is relevant here. It is important to see strong endorsement from government for cyber training and education programmes, but one with such a narrow focus is limiting. By the time everything is documented and published, there is a huge risk that requirements will have changed.”
Colley, who has 16 years’ experience as a hiring manager for cybersecurity within the financial sector, pointed out that the priority is to develop people with a good level of all-round security knowledge; rather than to develop different areas of focussed specialist skills. The Government’s intent to address university curricula at all levels and to encourage greater collaboration between industry and academia are particularly welcomed.
“We need to cultivate volumes of people with solid foundations to develop and adapt in what is a very dynamic field of practice. People following the CCP scheme will be locked into a focussed career path and struggle to move laterally, which is exactly how people develop that all-round knowledge and experience that allows them to advance in the commercial sector today. I would like to see a broader, more inclusive approach that allows market-influenced development to continue to respond to the very fluid requirements of the profession.”
Visit www.isc2.org
