Is Standardisation Of The Cybersecurity Profession A Good Thing?

As a profession, cybersecurity has continually morphed and evolved in response to technological change. From the days of safeguarding mainframes and perimeterised networks through to the demands of securing deperimeterised cloud-based environments today, a host of specialisms have emerged and some have even converged, such as DevSecOps, illustrating that the industry is highly flexible and adaptive.

But the current skills shortage indicates that market can’t always keep pace. The 2022 Cybersecurity Skills Gap report found half of organisations globally are looking for cloud security specialists and the gap is widening. The Department for Digital, Media Culture and Sport (DCMS) initially estimated there would be an annual shortfall of 10,000 entering the cybersecurity sector but revised that last year to 14,000. This suggests there may well be some disparity between the skills being acquired versus those needed which is backed up by another DCMS report which found the single most common reason cited for being unable to fill vacancies was a lack of technical skills and knowledge.

Part of the problem comes down to that very flexibility we referred to before. The sector has evolved and expanded making it very difficult to identify the skillsets, qualifications and experience needed for particular roles. There’s a great deal of obfuscation and confusion and this in turn prevents individuals from working their way up the ladder to their career goal.

Pathways To Success

To help address this issue, the UK Cyber Security Council has been tasked with establishing the Cyber Pathways Framework. This will map out 16 careers as well as establishing a universally recognised professional standard which will allow practitioners to be certified at either Associate, Principal or Chartered level across those specialisms. Achieving the Council’s professional standard will provide practitioners with an independent seal of approval, with their status recorded on a secure register of practitioners and cybersecurity professionals will be able to register for accreditation later this year.

Effectively, the framework will standardise routes across the profession for the first time, providing some much-needed clarity on how you can progress from your current position through to the lofty heights of CISO.

It’ll provide baselines for achieving Associate, Principal or Chartered level across those 16 specialisms which will be rigorously assessed, with ISACA, for instance, due to oversee the chartered Audit and Assurance specialism.

In doing so, it will put the industry on a par with the legal and accountancy sectors as a profession in its own right.

However, formal standardisation of the sector does of course introduce some elements of rigidity, and this can cause problems. For instance, one of the reasons why companies are finding it so difficult to fill cybersecurity vacancies is that there’s an over emphasis on qualifications, with hirers looking for specific certifications when selecting candidates. The most commonly requested certification is the Certified Information Systems Security Professional (CISSP) with 39 percent of postings asking for this during 2022. When Chartered status was initially proposed, it was thought it could be used to help screen applicants, but this means there’s a danger it may see hirers further whittle down the list of applicants they are willing to consider.

Tapping Into New Talent

With insufficient entrants to the profession, realisation is dawning that hirers will have to cast their nets more widely and rethink their recruitment drives. As it turns out, 46 percent of the current cybersecurity workforce entered their current role from a non-cyber role and there’s now much more emphasis on helping applicants with the right aptitude and soft skills, such as communication and problem solving, to upskill. 

Diversity drives are also helping to open up the industry and, after training, flexible working and certifications, DEI initiatives are the next highest investment companies are making to try and close the workforce gap. There’s undoubtedly untapped talent here, with minorities still under-represented in the industry. In 2022, a quarter of the workforce came from ethnic backgrounds, 22 percent were female, 10 percent were neurodivergent and 8 percent were disabled. However, according to a report on Understanding the Cyber Security Recruitment Pool, minority candidates have felt pushed out of the industry because “it’s too difficult to progress”. 

So, the question is with the cyber pathways cater for both these pools of talent or will it reinforce the status quo? It’s great that the Chartered status will elevate the profession and recognise high achievers but we also need to consider that only 14 percent of ethnic minorities, 13 percent of women, six percent of neurodivergent and three percent of disabled professionals are in senior cyber roles. What we don’t want to do is create a new glass ceiling.

The Cyber Pathways Framework and Chartered status are welcome developments. But we need to ensure they’re inclusive and provide a means to attract and funnel new talent into the profession as well.

Jamal Elmellas is COO of Focus-on-Security

You Might Also Read:
 
More Women Needed In Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Quantum Computer Power Threatens Encryption
Russian Cyber Attack Disrupts Earthquake Aid  »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Tanium

Tanium

Tanium delivers Autonomous Endpoint Management (AEM) with the industry’s only true real-time platform for AI.

CloudHesive

CloudHesive

CloudHesive provides cloud solutions through consulting and managed services with a focus on security, reliability, availability and scalability.

GovCERT.CZ

GovCERT.CZ

GovCERT.CZ is the Government Computer Emergency Response Team of the Czech Republic.

Zentera Systems

Zentera Systems

Zentera's CoIP (Cloud over IP) solution offers enterprise-grade networking and security for the emerging cloud ecosystem.

Stormshield

Stormshield

Stormshield is a European leader in digital infrastructure security. We offer smart, connected solutions in order to anticipate attacks and protect digital infrastructures.

Gate 15

Gate 15

Gate 15 provide risk management services focusing primarily on information, intelligence and threat analysis, operational support and preparedness.

Spherical Defense

Spherical Defense

Spherical Defense offers an alternative approach to WAFs and first generation API security tools.

ecsec

ecsec

ecsec is a specialized vendor of security solutions including information security management, smart card technology, identity management, cloud computing and electronic signature technology.

Blockchain R&D Hub

Blockchain R&D Hub

Blockchain R&D Hub's mission is to serve the needs of blockchain ecosystem as the center of excellence for technology research and development.

BullGuard

BullGuard

BullGuard is an award-winning cybersecurity company focused on providing the consumer and small business markets with the confidence to use the internet in absolute safety.

F1 Security

F1 Security

F1 Security provides a family of web security solutions including web application firewalls, web shell detection solutions, and web shell scanners.

Lupovis

Lupovis

Lupovis is an AI-based deception solution that deploys active decoys turning your network from a flock of sheep to a pack of wolves where the hunter becomes the hunted.

Numen Cyber Technology

Numen Cyber Technology

Numen Cyber Technology is committed to becoming a Threat Discovery and Response expert for corporate customers.

McAfee

McAfee

McAfee is a worldwide leader in online protection. We’re focused on protecting people, not devices. Our solutions adapt to our customers’ needs and empower them to confidently experience life online.

V2X

V2X

V2X delivers IT support, networking, and cybersecurity solutions that ensure optimal mission support and performance.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.