Charting A Course To Address The Cyber Skills Shortage

CEO of the UK Cyber Security Council, Professor Simon Hepburn, discusses standardising cyber security professional titles and what this means for attracting talent, streamlining recruitment, and tackling the cyber skills gap

Though the cyber security industry is still maturing, bringing the sector in line with other chartered industries, such as surveying and accountancy, has been needed for some time. 

With the UK’s cyber sector facing a workforce gap of over 14,100 people, it’s clear that action needs to be taken if we are to fulfil the government’s vision of making the UK to safest place to live and work online.

Helping the government achieve this aim – and in the process creating a more diverse sector with clear career pathways and universally recognised professional titles which map to specific skill sets – is the Council’s raison d’etre.

As we work towards achieving this mission, introducing our chartered professional standard to the sector has been a key focus. It’s a task which sits at the heart of creating the world class cyber security sector we want to see here in the UK.

Piloting The Journey To Cyber Security Excellence

When it comes to certifications and accreditations, the cyber security sector could best be described as a maze. There are a vast number of accreditations and certifications available, from a large number of course providers and awarding bodies. 

Consistency from one course to another is not always easy to find. For many organisations and businesses – especially those from outside the sector – this can make effective recruitment challenging. The Council is therefore seeking to redress this by introducing a new chartered professional standard for the sector, with universally recognised professional titles which correspond to specific skills sets.

Cyber practitioners can apply for one of three professional titles ranging from Associate to Principal and Chartered. These titles correspond with the depth of experience and expertise of the individual, demonstrated through written evidence and interview.

From an industry perspective these titles create a universally recognised standard, which will provide certainty around the skills and competencies associated with each level of professional title. 

Having a professional title recognised by the UK Cyber Security Council will help cyber practitioners evidence their knowledge and skills to employers, clients and the public. And more widely, it will also help create a pool of respected cyber security specialists.As the only organisation able to charter cyber security professionals as individuals, we are working with our partners to pilot the 16 cyber specialisms  across the sector.  

Pilot schemes for some specialisms have already been launched and we will be bringing forward new schemes in the coming months. 

By doing so, we are committed to creating clear pathways for practitioners to hone and evidence their expertise in specific disciplines within cyber.

Chartership and Recruitment

From an employer perspective, defined roles and levels of expertise, measured against an industry standard, make it easier for an organisation to identify cyber professionals who possess the requisite skill level to meet their cyber needs. When factoring recruiters into this process, the need for meaningful and reliable titles becomes even more key. It allows recruiters to be completely confident that they are putting forward candidates with adequate skills and experience for roles, ensuring they remain trusted suppliers to their clients.

All in all, the use of an industry standard and professional titles will streamline recruitment across the sector and be beneficial for cyber professionals and those in need of a cyber professional. With more than 80% of UK organisations experiencing a successful cyber attack in the past year, there is evident need for improved cyber defence across many organisations. The smoother recruitment processes for cyber practitioners can become, the quicker cyber professionals can begin to defend vulnerable businesses.

Tackling The Skills Gap

Whilst cyber security was once considered a way to future proof a business, it is now a foundational necessity. This shift has created a growing demand for cyber expertise, meaning that the current cyber skills gap is a significant issue.  According to Cybersecurity Ventures, there are 3.5 million open cyber jobs worldwide. Whilst in some instances these roles represent opportunities for upskilling and career progression, there are still entry level roles across the cyber space which need fresh new cyber professionals.

We believe setting clear benchmarks and defined career pathways for cyber professionals will help make routes into the industry clearer, as well as helping those already working in cyber to navigate their career trajectories.

The introduction of professional titles will also encourage individuals to be ambitious in their career goals, as the correlation between upskilling to gain the next level of professional title and the career opportunities which open up as a result will be much more evident. As the majority of entrants to the cyber industry currently come through career change or redirection, with just 3% via a school leaver or apprenticeship and 12% via graduate schemes, arguably there is more to be done to inspire students into the industry and present it as a viable, valuable career path. There is an education piece to perform here so that when presented with the prospect of a future in cyber, school and university leavers have a clearer understanding of what routes to entry are available and the career possibilities that could follow.

In comparison with industries such as law, medicine, accountancy or even marketing, a role in cyber can still seem like a very ‘new’ prospect. It can still carry some mystic around what is involved in the day to day, what skills are required and how to enter and progress through the industry.

Standardised professional titles will help bring cyber in line with other chartered industries and demonstrate a clear pathway into and through the industry. Resources such as our Career Framework and Career Mapping tool can also be helpful in identifying areas of interest in cyber, building on these interests and moulding them into an attractive career trajectory.

As we continue to add more specialisms to our pilot programme and partner with stakeholders across the UK to drive awareness and interest in cyber, we are building an invaluable network of talented cyber professionals. 

Continuing to do so will be crucial to addressing the cyber skills gaps and building a world leading cyber sector here in the UK.

You Might Also Read:

The Skills Gap Is Increasing Risk & Exposure To Attack:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 


 

« Chatham House Cyber Conference  | 14 June 2023
Highly Evasive Adaptive Threats & Advanced Persistent Threats »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Corero Network Security

Corero Network Security

Corero Network Security is dedicated to improving the security of the Internet through the deployment of its innovative DDoS & Network Security Solutions.

Netteam

Netteam

Netteam designs, implements and services networking solutions for companies of all sizes.

Digital Guardian

Digital Guardian

Digital Guardian is a next generation data protection platform designed to stop data theft.

Forter

Forter

Forter provides new generation fraud prevention to meet the challenges faced by modern enterprise e-commerce.

ATIA

ATIA

ATIA provides consulting services in the design and implementation of IT system, Information Security, ISO certification, and professional IT training and education.

Cortado Mobile Solutions

Cortado Mobile Solutions

Cortado Mobile Solutions creates enterprise mobility and file sharing solutions for companies, teams and freelancers.

LOGbinder

LOGbinder

LOGbinder eliminates blind spots in security intelligence for endpoints and applications.

Codean

Codean

The Codean Review Environment automates mundane software analysis tasks, so security experts can focus on finding vulnerabilities.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

SLVA Cybersecurity

SLVA Cybersecurity

SLVA Cybersecurity excel at delivering security-as-a-service, fit-for-purpose, within the constraints of realistic budgets and business expectations.

SYN Ventures

SYN Ventures

SYN Ventures invests in disruptive, transformational solutions that reduce technology risk.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Secolve

Secolve

Secolve is Australia’s next generation OT specialist cyber security firm, working with key industries to protect the nation’s critical infrastructure.

Price Forbes

Price Forbes

Building on more than 100 years of specialist insurance broking, Price Forbes partner with clients around the world who are looking to understand and balance today’s risk and plan for the future.

Incode

Incode

Incode is the leading provider of world-class identity solutions that is reinventing the way humans authenticate and verify their identities online.

Orchid Security

Orchid Security

Orchid Security provides unprecedented insight and action to your identity security with the help of advanced technologies like Large Language Models (LLM).