National Computer Security Day Interview: Modernizing Cybersecurity Career Paths

Written by

The surging power of computers, coupled with rising reliance on digital machines, has made cybersecurity a mainstream topic. Governments globally are setting out strategies and legislation in this area, recognizing the enormous threat cyber-attacks pose to critical services and society more generally.

National Computer Security Day began in 1988 and was designed to raise awareness about computer security as usage grew in organizations. The relevance of this issue has grown immeasurably in that time, with computing technology now critical to all aspects of everyday life.

As the cybersecurity industry has evolved and grown, one of the key challenges is addressing the cyber-skills gap, ensuring IT teams can keep up with the expanding threat landscape.

There are a range of steps needed to address this multifaceted problem, one of which is to create a more professionalized cybersecurity careers that offers clearly defined roles and pathways, as exists in other professions like law and accountancy. This will both help employers find the right candidates for specific cybersecurity roles and workers to chart a clear career progression path.

This task is part of the remit for the UK Cyber Security Council, which launched as an independent regulatory body in March 2021. To find out more, Infosecurity Magazine recently caught up with Professor Simon Hepburn, CEO of the UK Cyber Security Council.

Infosecurity Magazine: The UK Cyber Security Council recently created a pilot program designed to create the country’s first chartered cyber professionals, focusing on two specialisms – Cyber Security Governance and Risk Management and Secure System Architecture and Design. Could you tell us how this has gone so far?

Professor Simon Hepburn, CEO, UK Cyber Security Council
Professor Simon Hepburn, CEO, UK Cyber Security Council

Simon Hepburn: We’re really pleased with the response to the pilot scheme so far and are planning to roll it out to include more specialisms in the near future. Bringing cybersecurity in line with other chartered industries such as surveying and accountancy has been much needed in order to standardize the sector and make entry routes into cybersecurity more accessible. Our aim in aligning existing qualifications and experience under recognized professional titles is to make career paths clearer to follow and to help those hiring easily recognize the individuals that have the skills they are seeking.

We are delighted to be working with the sector and certification bodies on the pilot program, alongside our working groups and technical advisory panel to ensure we are creating a program that works for everyone. We’re looking forward to receiving feedback from all participants to help shape future pilots.

IM: How important is it to create more clearly defined roles and pathways in cybersecurity? What other initiatives is the Council undertaking to achieve this goal?

SH: Setting clear benchmarks and defined career pathways for cyber professionals will help make routes into the industry clearer, as well as helping those working in the sector to navigate their career trajectories.

In turn, this will encourage individuals to be ambitious in their own short, medium and long-term career goals as there will be a clear correlation between upskilling to gain the next level of professional title and the opportunities that open up as a result.

From an employer perspective, defined roles and levels of expertise make it easier for an organization to identify the cyber professionals with the requisite skill level to meet their cyber need.

As well as driving awareness of opportunities within cybersecurity, for example through events, speaking opportunities and webinars, we are developing an ethics, standards and practise framework for the industry and are conducting working groups to encourage collaboration across the sector.

We have direct links to the government to help the profession’s voice be heard, and we work with partner organizations to produce expert insights and reports.

IM: How can the Council and other industry stakeholders work together to improve the diversity of cybersecurity professionals in the coming years?

SH: This is a key pillar of activity for us. It’s an area we’ve started to make improvements in but where there is clearly so much more to do. Our recent Ethnic Minorities in Cyber (EMiC) Symposium would indicate that progress is being made to break down the barriers to cyber for people of color and other ethnic minority backgrounds, but there is no doubt that more must be done to improve diversity in cyber across a number of areas and address the dramatic skills gap the industry is experiencing.

"An important driver of diversity is to have a diverse intake across entry routes"

An important driver of diversity is to have a diverse intake across entry routes. The majority of entrants to the cybersecurity industry come through career change or redirection, with just 3% entering via a school leaver or apprenticeship scheme and 12% via a graduate scheme. Rather than allowing the mystique around cybersecurity to become a barrier to socioeconomic, gender and ethnic diversity within the industry, there is an education piece to perform here so that when presented with the prospect of a future in cyber, school and university leavers have a clearer understanding of what routes to entry are available – including those that are non-traditional – and the career possibilities that could follow.

The Council will shortly be publishing our white paper on increasing diversity within cybersecurity, taking into account our conversations with and feedback from sector professionals, academia, partners and thought leaders at our EMiC Symposium.

IM: For this year’s National Computer Security Day, how will the work of the Council fit into the UK government’s goal of making the UK the safest place to live and work online?

SH: More than 80% of UK organizations experienced a successful cyber-attack in the past year, proving that the threat is real and incidents are increasingly common. Unfortunately, many businesses are unprepared for these attacks and we believe the skills gap in cyber is a huge part of the problem.

A recent labor market report from the UK government found that the UK’s cyber sector is facing a workforce gap of 14,100 people. With this in mind, it’s no wonder so many businesses are succumbing to cyber-attacks and that according to insurer Hiscox, one small business is hacked every 19 seconds.

If we can attract more cyber professionals by welcoming talented people into the industry and upskilling those already in the cyber space, we can help to build up the UK’s cyber defense and contribute towards the government’s goal of making the UK the safest place to live and work online.

IM: What new initiatives/aims does the Council have for 2023?

SH: 2023 will see incredible progress in our career, qualification and certification mapping, introducing a tool where key knowledge areas in cyber can be mapped onto the 16 specialisms by any individual. We will see the development of our goals set out in our new strategy – Chartering a Cyber Future Strategy, where we set out key priorities across each of our five pillars – Standards, Ethics, Careers & Qualifications, Outreach & Diversity and Thought Leadership.

We will be mapping the current Certified Cyber Professional (CCP) program over to our Standard using the pilot’s initial two specialisms, launching new programs to bring more people through our Associate, Principal, and Chartered titles. We also have ambitious plans for Women in Cyber and International Women’s Day in the first quarter of 2023.

What’s hot on Infosecurity Magazine?