The UK Cyber Security Council has announced a pilot program designed to create the country’s first chartered cyber professionals.
The initiative forms part of the Council’s remit to boost professional standards and career prospects for those working in cybersecurity. This includes creating professional standards and titles to bring the industry in line with other professions like accountancy, engineering and legal, providing more clearly defined roles and career paths.
The new professional registrations will initially apply to two specialisms – Cyber Security Governance and Risk Management and Secure System Architecture and Design.
The Council has partnered with two industry professional organizations – (ISC)2 and the Chartered Institute of Information Security (CIISec) – for the pilot program. Members of these bodies will be able to apply for three professional titles, which are ranked according to the depth of experience and expertise of the individual. These are: Associate, Principal and Chartered.
(ISC)2 and CIISEC will be responsible for assessing applications from their membership base against the Council’s newly established professional standard.
The announcement came shortly after the UK Cybersecurity Council, which launched as independent body in March 2021, was awarded Royal Chartered status by the Privy Council. This made the Council the only body that can charter individuals in the industry, conferring the status ‘Chartered Cyber Security Professional.’
Professor Simon Hepburn, CEO of the UK Cyber Security Council, commented: “The Council is committed to working with stakeholders across the industry, with a joint aim of creating a world class cyber sector right here in the UK.
“If we’re to achieve on that ambition, the country will need a framework and an aligned professional standard across the industry's disciplines. We will also need a better understanding of skillsets and experience, and a way of demonstrating an adherence to industry best-practice and ethical standards.
“The pilot program will be a significant step in the right direction, which is why we’re really excited with the potential of welcoming in the UK’s very first chartered cyber professionals this year.
“It will be crucial to our objectives and I'm really looking forward to working with the pilot participant bodies as we craft that new framework, for a clear and robust professional standard in the sector.”
In a press release, (ISC)2 CEO Clar Rosso stated: “The cybersecurity profession can benefit from clarity of pathway and progression for all cybersecurity professionals, from those coming into entry- or junior-level roles to seasoned professionals and business leaders.
“(ISC)² welcomes the opportunity to work with the UK Cyber Security Council on this pilot program that aims to support employers and provide clarity and confidence in an individuals’ competence and capabilities.”
Jill Trebilcock, director of CIISec, noted: “We welcome this opportunity to establish a Chartered qualification for cyber professionals to give those in the industry the recognition that they have deserved for many years.”
Industry experts welcomed the efforts to create a more standardized system of qualifications and career progression for industry professionals. Javvad Malik, security awareness advocate at KnowBe4, said: "It's encouraging to see the increasing professionalization of the cybersecurity field. Having a chartered status should make the profession more accessible through better defined career paths.”
However, Markus Strauss, head of product management at Runecast, cautioned that while the pilot is a good first step, significant work is required to put professional qualifications and pathways in cybersecurity on a par with more established sectors. “Better controls over curriculum content, which certifications are acceptable and a more structured plan for career entry from various different adjacent disciplines need to be created as well and lastly, similar setups need to be adopted globally to ensure people moving between jobs, across different countries have a way to have their professional experience recognized. I hope over time, this will become more widespread across the industry, and I am looking forward to a standardized system to recognize cyber professionals on a global scale in the not-so-distant future," he commented.
Malik added that it is important to remember that developing professional qualifications is not alone enough to solve the cyber skills gap. “It is important to bear in mind the broad nature of cybersecurity. It covers many fields and many skillsets. Some areas are easier to learn and measure, whereas other aspects are not. it is also important to bear in mind that simply having a certification or professional qualification alone is not enough to fill cyber gaps. Many times, organizations are looking for experienced professionals. Beyond that, organizations should do more to have apprenticeships and other entry level routes into the industry where those who haven't got a formal education or qualification can enter the industry," he outlined.