Is Standardisation Of The Cybersecurity Profession A Good Thing?

As a profession, cybersecurity has continually morphed and evolved in response to technological change. From the days of safeguarding mainframes and perimeterised networks through to the demands of securing deperimeterised cloud-based environments today, a host of specialisms have emerged and some have even converged, such as DevSecOps, illustrating that the industry is highly flexible and adaptive.

But the current skills shortage indicates that market can’t always keep pace. The 2022 Cybersecurity Skills Gap report found half of organisations globally are looking for cloud security specialists and the gap is widening. The Department for Digital, Media Culture and Sport (DCMS) initially estimated there would be an annual shortfall of 10,000 entering the cybersecurity sector but revised that last year to 14,000. This suggests there may well be some disparity between the skills being acquired versus those needed which is backed up by another DCMS report which found the single most common reason cited for being unable to fill vacancies was a lack of technical skills and knowledge.

Part of the problem comes down to that very flexibility we referred to before. The sector has evolved and expanded making it very difficult to identify the skillsets, qualifications and experience needed for particular roles. There’s a great deal of obfuscation and confusion and this in turn prevents individuals from working their way up the ladder to their career goal.

Pathways To Success

To help address this issue, the UK Cyber Security Council has been tasked with establishing the Cyber Pathways Framework. This will map out 16 careers as well as establishing a universally recognised professional standard which will allow practitioners to be certified at either Associate, Principal or Chartered level across those specialisms. Achieving the Council’s professional standard will provide practitioners with an independent seal of approval, with their status recorded on a secure register of practitioners and cybersecurity professionals will be able to register for accreditation later this year.

Effectively, the framework will standardise routes across the profession for the first time, providing some much-needed clarity on how you can progress from your current position through to the lofty heights of CISO.

It’ll provide baselines for achieving Associate, Principal or Chartered level across those 16 specialisms which will be rigorously assessed, with ISACA, for instance, due to oversee the chartered Audit and Assurance specialism.

In doing so, it will put the industry on a par with the legal and accountancy sectors as a profession in its own right.

However, formal standardisation of the sector does of course introduce some elements of rigidity, and this can cause problems. For instance, one of the reasons why companies are finding it so difficult to fill cybersecurity vacancies is that there’s an over emphasis on qualifications, with hirers looking for specific certifications when selecting candidates. The most commonly requested certification is the Certified Information Systems Security Professional (CISSP) with 39 percent of postings asking for this during 2022. When Chartered status was initially proposed, it was thought it could be used to help screen applicants, but this means there’s a danger it may see hirers further whittle down the list of applicants they are willing to consider.

Tapping Into New Talent

With insufficient entrants to the profession, realisation is dawning that hirers will have to cast their nets more widely and rethink their recruitment drives. As it turns out, 46 percent of the current cybersecurity workforce entered their current role from a non-cyber role and there’s now much more emphasis on helping applicants with the right aptitude and soft skills, such as communication and problem solving, to upskill. 

Diversity drives are also helping to open up the industry and, after training, flexible working and certifications, DEI initiatives are the next highest investment companies are making to try and close the workforce gap. There’s undoubtedly untapped talent here, with minorities still under-represented in the industry. In 2022, a quarter of the workforce came from ethnic backgrounds, 22 percent were female, 10 percent were neurodivergent and 8 percent were disabled. However, according to a report on Understanding the Cyber Security Recruitment Pool, minority candidates have felt pushed out of the industry because “it’s too difficult to progress”. 

So, the question is with the cyber pathways cater for both these pools of talent or will it reinforce the status quo? It’s great that the Chartered status will elevate the profession and recognise high achievers but we also need to consider that only 14 percent of ethnic minorities, 13 percent of women, six percent of neurodivergent and three percent of disabled professionals are in senior cyber roles. What we don’t want to do is create a new glass ceiling.

The Cyber Pathways Framework and Chartered status are welcome developments. But we need to ensure they’re inclusive and provide a means to attract and funnel new talent into the profession as well.

Jamal Elmellas is COO of Focus-on-Security

You Might Also Read:
 
More Women Needed In Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Quantum Computer Power Threatens Encryption
Russian Cyber Attack Disrupts Earthquake Aid  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Infinigate UK

Infinigate UK

Infinigate is a value-added distributor of IT security solutions to protect and defend IT networks, servers, devices, data, applications, as well as the cloud.

SC Media

SC Media

SC Media arms information security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face.

Mocana

Mocana

Mocana provides a software platform that allows you to develop, test and distribute more secure IoT devices and services.

Secure Technology Alliance

Secure Technology Alliance

Secure Technology Alliance is a multi-industry association working to stimulate the adoption and widespread application of secure solutions.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

Sysorex Government Services

Sysorex Government Services

Sysorex Government Services helps customers meet their strategic missions by providing secure, optimized IT solutions that allow them to perform more efficiently and effectively.

ACM-CCAS

ACM-CCAS

ACM is a UKAS-accredited certification body helping businesses around the world perform to a higher standard. Our certifications include ISO 27001 and ISO 22301.

First Point Group (FPG)

First Point Group (FPG)

First Point Group provide a global technological recruitment service worldwide. Within that we have a specialist team of Cyber Security recruiters.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Angoka

Angoka

Angoka provide hardware-based solutions for managing the cybersecurity risks inherent in machine-to-machine communication networks.

Stratum Security

Stratum Security

Stratum Security is an information security consulting company that focuses on providing clear and concise risk guidance to its clients through high quality assessment services.

Cyber Law Consulting

Cyber Law Consulting

Cyber Law Consulting is a Dynamic full service legal firm which offers complete services for Cyber Law, cyberlaw, Internet Law, Data Protection Act, Cyber Security, IPR, Drafting.

ATHENE National Research Center For Applied Cybersecurity

ATHENE National Research Center For Applied Cybersecurity

ATHENE is the largest research center for cybersecurity and privacy in Europe, conducting application-oriented top-level research for the benefit of the economy, society and the state.

Ruptura InfoSecurity

Ruptura InfoSecurity

Ruptura InfoSecurity provide CREST Accredited Penetration Testing & Offensive Security Services. We secure your critical assets through targeted and research driven penetration testing.

Fairly AI

Fairly AI

Fairly AI is on a mission to democratize safe, secure, and compliant AI across the enterprise.

SecZone

SecZone

SecZone is a Chinese enterprise with a mission to "Make It Secure." We are dedicated to driving software security innovation globally.