UK Launches Consultation To Develop Cybersecurity Profession

The Department for Digital, Culture, Media and Sport (DCMS) has launched a consultation into developing the cybersecurity profession in the UK to support the National Cyber Security Strategy (NCSS). To support this effort, it has also proposed to create a UK cybersecurity council, which would sit independently of the government. 

The NCSS sets out the government's ambition to ensure there is a sustained supply of the best possible home-grown cybersecurity talent, which is to be achieved by 2021. This consultation, which closes on August 31, is for a broad range of interested parties including cybersecurity professionals, existing cybersecurity professional organizations in the UK, students and recent graduates, academia and law enforcement communities. 

Margot James, chair of the DCMS, wrote about why an intervention was needed to support the NCSS: "The cybersecurity profession is relatively new and has developed organically over recent years. It is broad and varied; those working in the cybersecurity ecosystem are found across multiple disciplines including engineering, technology, business, social science, compliance and law, with a wide range of different competencies.

"We heard strongly during our pre-consultation engagement that to build on the good work, more needs to be done to create the environment for the cybersecurity profession in the UK to develop at the pace required," she continued. "There was a strong sense from many we engaged with that there is no generally accepted, unifying narrative of what makes a cybersecurity professional. Misconceptions and stereotypes about cybersecurity professionals remain and we heard clearly that many still consider cybersecurity to be a complex subject area and a career which lacks clear routes into and through it."

The NCSS has specified goals to reach between now and 2021. By the end of 2019, there will be an early development and alignment of a coherent set of career specialism pathways into and through the cybersecurity profession and a draft Code of Ethics will be agreed between participating cybersecurity professional organizations. 

To support this, a number of established councils, chartered professional bodies, academics and industry groups have established a collaborative alliance to advance the development of the cybersecurity profession. With an overall aim to provide clarity around the skills, competencies and career pathways within this fast-moving area of professional practice, the initial objective for The Alliance is to support commitments expressed within the UK NCSS to provide a focal point for advising national policy, including the stated intent to recognize professionals through Chartered status. 

The Alliance brings together a range of expertise and disciplines, including BCS, The Chartered Institute for IT, Chartered Institute of Personnel & Development (CIPD), CREST, The Engineering Council, IAAC, The Institution of Analysts and Programmers (IAP), The IET, (ISC)2 and techUK. Talal Rajab, head of program - cyber and national security, techUK, commented on the coming together of these bodies: "techUK is pleased to be a founding member of the Alliance and contribute to the development of the cybersecurity profession. 

"Our digital economy is underpinned by the need for cybersecurity expertise and skills across a range of disciplines. Through bringing together these professional bodies and harnessing the full range of established cybersecurity professional expertise, the Alliance will go a long way to providing a focal point for the sector on the cybersecurity skills, competencies and standards needed to ensure that the UK has the skills needed to remain resilient to the growing cyber-threat.”

This announcement from the government follows the announcement from The Joint Committee for National Security Strategy which criticized the government for not acting urgently enough on critical national infrastructure cybersecurity. Kamila Hankiewicz, managing director, Girls in Tech, also feels strongly that not enough is being done to get people, especially women, into cybersecurity roles: "The current education model is flawed and results in a low number of women applying for technology roles. This means our nation misses out a huge group of talent in positions needed for the future workforce. 

"A shortage of female talent is predominantly down to a lack of awareness of the opportunities that exist and a flawed perception that you need to be strictly technical to work in industries such as cybersecurity, automation or crypto-investing. It is our responsibility, as the future leaders of the UK, to ensure that our governments are investing in children at an early age - preventing them from developing an unconscious bias towards STEM and getting them excited about the opportunities that the future digital economy presents."

Infosecurity:

You Might Also Read:

What Does Brexit Mean For British Data Privacy?:

Are Women Better At Cyber Security?:

 

 

« Cyber Threat Warnings ‘Blinking Red’
Kremlin Hacking Crew Take A 'Roman Holiday' »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Irish Reporting & Information Security Service (IRISS)

Irish Reporting & Information Security Service (IRISS)

IRISS-CERT is Ireland's first CSIRT (Computer Security Incident Response Team) to provide services to all users within Ireland.

Zurich

Zurich

Zurich is a leading multi-line insurer providing a wide range of property and casualty, and life insurance products and services in more than 210 countries and territories.

Green Hills Software

Green Hills Software

Green Hills Software is the largest independent vendor of embedded secure software solutions for applications including the Internet of Things.

Grimm Cyber

Grimm Cyber

GRIMM makes the world a more secure place by increasing the cyber resiliency of our client’s systems, networks, and products.

Cybercrime Investigation & Coordinating Center (CICC)

Cybercrime Investigation & Coordinating Center (CICC)

The Cybercrime Investigation and Coordinating Center (CICC) is an attached agency of the Philippines Department of Information and Communications Technology (DICT).

National Accreditation Authority Hungary (NAH)

National Accreditation Authority Hungary (NAH)

NAH is the national accreditation body for Hungary. The directory of members provides details of organisations offering certification services for ISO 27001.

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling & Data Destruction

Sadoff E-Recycling and Data Destruction protect the environment and your data with proven and trusted electronics recycling and data destruction services.

RiskXchange

RiskXchange

RiskXchange's cybersecurity risk rating solution helps businesses solve complex cybersecurity and compliance challenges by providing a 360-degree view of your cybersecurity posture.

Soliton

Soliton

Soliton is a leading Japanese technology company and a pioneer in IT security solutions for protecting company resources and data from external IT security threats.

Dynatrace

Dynatrace

Dynatrace provides software intelligence to simplify cloud complexity and accelerate digital transformation.

Berezha Security Group (BSG)

Berezha Security Group (BSG)

BSG is a cybersecurity consulting firm specializing in all aspects of application security and penetration testing.

Dhound

Dhound

Dhound is a cybersecurity company providing web application penetration testing.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

Valimail

Valimail

Valimail delivers the only complete, cloud-native platform for validating and authenticating sender identity to stop phishing, protect and amplify brands, and ensure compliance.

LeakSignal

LeakSignal

At LeakSignal, we transform the way you monitor and protect your data. We provide unparalleled visibility and control over your sensitive data flows.

ClamAV

ClamAV

ClamAV is an open-source (GPL) anti-virus engine used in a variety of situations, including email and web scanning, and endpoint security.