lolloj - Fotolia
Collaborative alliance to advance UK’s cyber security profession
Leading UK organisations in cyber security have united to develop a national professional body in the field
A cross-sector UK alliance has been announced in response to a government brief to develop a national professional body for cyber security.
The alliance, incorporating 15 leading UK organisations, will help shape national cyber security standards, drive advances in cyber education and advise the government on national cyber security policy.
The alliance brings together a wide range of cross-sector security expertise, from professional bodies to institutions operating under a Royal Charter granted through the Privy Council with the aim of advancing the development of the cyber security profession.
Established councils, chartered professional bodies, professional certification bodies, academics and industry representative groups are represented in the alliance, which has been set up in recognition of the UK’s increasing economic dependence on internet-enabled capabilities.
With the latest (ISC)2 Global Information Security Workforce Survey predicting a global shortfall of 1.8 million cyber security personnel by 2022 and a shortage of 350,000 across Europe, one of the alliance’s key aims is to create a self-sustaining pipeline of talent to fill the skills gap in the UK.
With representation from a breadth of disciplines active in cyber security professional practice – including computing, engineering, physical security, critical national infrastructure (CNI) and focused cyber security bodies – the collaborative effort reflects constituent members’ common understanding that professional cyber security expertise is relevant to a broad range of disciplines.
With an overall aim to provide clarity around the skills, competencies and career pathways within cyber security, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy to provide a focal point for advising national policy, including the stated intent to recognise professionals through chartered status.
The announcement follows constituent members’ participation in a series of workshops led by the Department of Digital, Culture, Media and Sport to develop a national professional body for cyber security, with government proposals now open to public consultation.
Alliance members are committed to engaging their membership to encourage a broad and robust response from the broad community of practice currently working in the field.
Alliance members have agreed to:
- Harness the full range of proven and established UK cyber security professional expertise;
- Provide a forum for benchmarking and shared standards for cyber security professional excellence;
- Enable the development of the specialist skills and capabilities that will allow the UK to keep pace with rapidly evolving cyber risks;
- Enable a self-sustaining pipeline of talent providing the skills to meet our national needs;
- Provide a focal point which can advise, shape and inform national policy.
“The Worshipful Company of Information Technologists (WCIT) recognises that information and cyber security is a profession that will continue to develop and grow for the foreseeable future,” said Roy Isbell, ITC security panel chair at WCIT.
“Cyber has also been recognised as a discipline that is impacting all aspects of business and society. Just as the development of the engineering profession bolstered the Industrial Revolution, we need to identify the underpinning skills and expertise to meet the challenges of the current and fast-evolving digital era,” he said.
Read more about cyber security skills shortage
- Skills shortage a major cyber security risk.
- Demand for cyber security skills outstrips internal supply, research finds.
- An anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, says security industry panel.
- Information security professionals need to grow their skills, engage with the business, increase security awareness and set business goals and tailor their messages, say experts.
Isbell described the alliance as a “robust and significant” step forward that provides the focal point to both guide the development of the profession and advise national policy.
“BCS, The Chartered Institute for IT, strongly believes that collaboration at all levels is necessary to protect the public from current and future cyber threats. This collaborative development is therefore not only a functional necessity, but speaks to a necessary culture change for organisations and individuals working in cyber,” said Jeremy Barlow, director of standards at BCS.
“As with other established professions, there will be places where we compete, but we must collaborate and share as a diverse professional community for the good of everyone to ensure we do not let down the people we ultimately serve,” he said.
Ahmed Kotb, cyber lead at The Institution of Engineering and Technology (IET), said: “It’s fundamental that cyber security is seen as an established profession and we are in support of the need for a professional body to recognise the breadth of expertise within the industry.
“The alliance offers the integration and coordination of existing chartered and professional bodies, across a range of cyber disciplines, that can provide credibility and knowledge to help deliver this work. With cyber skills shortages already emerging at every level, we are committed to working with the government and the National Cyber Security Centre on the best solution.
“This will enable the rapid, yet capable development of specialist cyber skills to meet the growing needs of the industry, manage risk and secure the next generation of talent,” he said.
Amanda Finch, general manager of the Institute of Information Security Professionals (IISP), said the organisation has always supported collaboration and cooperation across the information security industry and been a champion of professionalisation and career development.
Amanda Finch, IISP
“Therefore, we are delighted to be one of the founding members of the alliance and support the government-backed initiative to harness the valuable knowledge and experience that exists across the various, well-established industry bodies.
“Working together with common goals is increasingly vital as we face growing cyber security threats and global disruption,” she said.
Talal Rajab, head of programme, cyber and national security, at TechUK, said: “Our digital economy is underpinned by the need for cyber security expertise and skills across a range of disciplines. Through bringing together these professional bodies and harnessing the full range of established cyber security professional expertise, the alliance will go a long way to providing a focal point for the sector on the cyber security skills, competencies and standards needed to ensure that the UK has the skills needed to remain resilient to the growing cyber threat.”
Deshini Newman, managing director for EMEA at (ISC)2, said: “We are reaching an important milestone in the maturity of our profession, with the intent to develop a nationally recognised professional body and consideration for chartered status.
“The UK is taking a leadership role in this effort that may well set an example for governments around the world. We are keen to support their work – ensuring the opportunity to build on the more than 30 years of international front-line experience that has been comprehensively documented by (ISC)2 and our colleagues within the alliance – to inspire a safe and secure cyber world,” she said.
Ian Glover, president of Crest, said the information security industry relies on a wide range of skills and capabilities, ranging from highly technical individuals providing penetration testing, incident response and threat intelligence services, to those responsible for policy, management, training, education and communications.
“Therefore, it is important that the professional organisations representing different facets of our industry work together to harness knowledge and experience. While these bodies have worked together for many years, the formalisation of the relationships is a significant step forward in the professionalisation of the industry,” he said.
Michael Hughes, board director of Isaca, said it has been encouraging to see the UK take a leadership role in driving towards a national strategy that will strengthen capabilities and put more robust deterrence in place.
“As a global organisation focused on advancing the positive potential of technology, Isaca is proud to be part of this collaborative alliance that will ultimately allow the UK and its residents to prosper from society’s ongoing digital transformation from a position of strength and security,” he said.
Current alliance members:
- BCS, The Chartered Institute for IT
- Chartered Institute of Personnel & Development (CIPD)
- The Chartered Society of Forensic Sciences (CSofFS)
- Crest
- The Engineering Council
- IAAC
- The Institution of Analysts and Programmers (IAP)
- The IET
- Institute of Information Security Professionals (IISP)
- Institute of Measurement and Control (InstMC)
- Isaca
- (ISC)2
- TechUK
- The Security Institute
- The Worshipful Company of Information Technologists (WCIT)