Is Standardisation Of The Cybersecurity Profession A Good Thing?

As a profession, cybersecurity has continually morphed and evolved in response to technological change. From the days of safeguarding mainframes and perimeterised networks through to the demands of securing deperimeterised cloud-based environments today, a host of specialisms have emerged and some have even converged, such as DevSecOps, illustrating that the industry is highly flexible and adaptive.

But the current skills shortage indicates that market can’t always keep pace. The 2022 Cybersecurity Skills Gap report found half of organisations globally are looking for cloud security specialists and the gap is widening. The Department for Digital, Media Culture and Sport (DCMS) initially estimated there would be an annual shortfall of 10,000 entering the cybersecurity sector but revised that last year to 14,000. This suggests there may well be some disparity between the skills being acquired versus those needed which is backed up by another DCMS report which found the single most common reason cited for being unable to fill vacancies was a lack of technical skills and knowledge.

Part of the problem comes down to that very flexibility we referred to before. The sector has evolved and expanded making it very difficult to identify the skillsets, qualifications and experience needed for particular roles. There’s a great deal of obfuscation and confusion and this in turn prevents individuals from working their way up the ladder to their career goal.

Pathways To Success

To help address this issue, the UK Cyber Security Council has been tasked with establishing the Cyber Pathways Framework. This will map out 16 careers as well as establishing a universally recognised professional standard which will allow practitioners to be certified at either Associate, Principal or Chartered level across those specialisms. Achieving the Council’s professional standard will provide practitioners with an independent seal of approval, with their status recorded on a secure register of practitioners and cybersecurity professionals will be able to register for accreditation later this year.

Effectively, the framework will standardise routes across the profession for the first time, providing some much-needed clarity on how you can progress from your current position through to the lofty heights of CISO.

It’ll provide baselines for achieving Associate, Principal or Chartered level across those 16 specialisms which will be rigorously assessed, with ISACA, for instance, due to oversee the chartered Audit and Assurance specialism.

In doing so, it will put the industry on a par with the legal and accountancy sectors as a profession in its own right.

However, formal standardisation of the sector does of course introduce some elements of rigidity, and this can cause problems. For instance, one of the reasons why companies are finding it so difficult to fill cybersecurity vacancies is that there’s an over emphasis on qualifications, with hirers looking for specific certifications when selecting candidates. The most commonly requested certification is the Certified Information Systems Security Professional (CISSP) with 39 percent of postings asking for this during 2022. When Chartered status was initially proposed, it was thought it could be used to help screen applicants, but this means there’s a danger it may see hirers further whittle down the list of applicants they are willing to consider.

Tapping Into New Talent

With insufficient entrants to the profession, realisation is dawning that hirers will have to cast their nets more widely and rethink their recruitment drives. As it turns out, 46 percent of the current cybersecurity workforce entered their current role from a non-cyber role and there’s now much more emphasis on helping applicants with the right aptitude and soft skills, such as communication and problem solving, to upskill. 

Diversity drives are also helping to open up the industry and, after training, flexible working and certifications, DEI initiatives are the next highest investment companies are making to try and close the workforce gap. There’s undoubtedly untapped talent here, with minorities still under-represented in the industry. In 2022, a quarter of the workforce came from ethnic backgrounds, 22 percent were female, 10 percent were neurodivergent and 8 percent were disabled. However, according to a report on Understanding the Cyber Security Recruitment Pool, minority candidates have felt pushed out of the industry because “it’s too difficult to progress”. 

So, the question is with the cyber pathways cater for both these pools of talent or will it reinforce the status quo? It’s great that the Chartered status will elevate the profession and recognise high achievers but we also need to consider that only 14 percent of ethnic minorities, 13 percent of women, six percent of neurodivergent and three percent of disabled professionals are in senior cyber roles. What we don’t want to do is create a new glass ceiling.

The Cyber Pathways Framework and Chartered status are welcome developments. But we need to ensure they’re inclusive and provide a means to attract and funnel new talent into the profession as well.

Jamal Elmellas is COO of Focus-on-Security

You Might Also Read:
 
More Women Needed In Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Quantum Computer Power Threatens Encryption
Russian Cyber Attack Disrupts Earthquake Aid  »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Link11 GmbH

Link11 GmbH

Link11 provides DDoS protection solutions to protect websites and complete server infrastructures from DDoS attacks.

Cast Software

Cast Software

CAST is a pioneer in Software Analysis and Measurement (SAM) to capture and quantify the reliability and security of business applications.

MAY Cyber Technology

MAY Cyber Technology

MAY Cyber Technology is a Security Management solutions provider located in Turkey & Germany.

Cellopoint

Cellopoint

Cellopoint is a leading manufacturer of information security and email lifecycle management (ELM) products.

Corvus Insurance

Corvus Insurance

Corvus' mission is to create a safer, more productive world through technology-enabled commercial insurance.

Information System Authority (RIA) - Estonia

Information System Authority (RIA) - Estonia

RIA ensures the interoperability of the state’s information system, organises activities related to information security, and handles security incidents in Estonian computer networks.

Connectitude

Connectitude

Connectitude IIoT Platform ™ is a complete solution for industrial IIoT.

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions (EPS)

Extreme Protocol Solutions is an industry leading Data Sanitization Software, Hardware and Onsite Service Provider.

Protocol Labs

Protocol Labs

Protocol Labs is a research, development, and deployment institution for improving Internet technology.

KBR

KBR

To help governments and other agencies to combat cyber threats, KBR is safeguarding their most valuable systems with sophisticated tools, hardware and training.

Secured Communications

Secured Communications

Secured Communications has developed the only unified secure communications platform trusted by public safety and counter terrorism professionals around the world.

Presidio Identity

Presidio Identity

Presidio Identity offers a digital-native approach that brings security, privacy, and simplicity to user authentication and digital interactions.

White Tuque

White Tuque

A new way to protect your organization. White Tuque is your partner in identifying threats, understanding your risk, and ensuring your business remains resilient.

Aikido Technology Services

Aikido Technology Services

Aikido Technology Services is a leading-edge technology solutions provider, servicing the Pacific North West USA. We offer affordable IT solutions designed to streamline and secure your business.

SquareX

SquareX

Squarex secures your online activities without compromising productivity.

CoGuard

CoGuard

CoGuard is a patented solution that uses AI driven automation to provide fast, cost effective white-box penetration testing, infrastructure audits and infrastructure design services.