Last week, the government announced the start of a new consultation on developing the UK’s cybersecurity profession. The consultation, which aligns with the UK’s National Cyber Security Strategy, runs until the end of August 2018.
By appealing to a broad range of interested parties – from security professionals and academics to businesses and law enforcement agencies – the government hopes to better understand the challenges facing the development of the cybersecurity profession, to help it deliver on a range of objectives by 2021.
This includes canvassing input on the creation of a new UK Cyber Security Council – which would be responsible for delivering on these objectives. Some of the ideas put forward by the consultation include:
- The creation of a Royal Chartered Status for cybersecurity professionals
- Development of career specialism pathways
- A code of ethics to encourage best practice
As the digital landscape grows and new threats emerge, it’s important that we attract more people into the industry, as well as training and equipping them better. Here at Redscan, we believe that you cannot expect to solve tomorrow’s challenges with technology alone and the small pool of talent that is currently available. Cyber-criminals are constantly innovating; governments and business need to do the same.
With such a pressing demand for security talent, one of the biggest challenges the UK faces is improving awareness of routes into the industry. The popular belief that cybersecurity needs only technical people with STEM skills is a misnomer: while people with networking, engineering and analysis are definitely in-demand, individuals with a background in law, governance, risk assessment and policy management are also increasingly sought after and more definitely needs to be done to create clearer pathways for all types of roles.
The current qualification and certification landscape can be needlessly difficult to navigate, both for those working in and hoping to break into the industry, as well as businesses that don’t have a clear understanding of the skills and experience they need.
A chartered standard, albeit covering multiple security disciplines, would help to improve the situation for all and is a proposal that the industry should certainly look to embrace.
Fortunately, the consultation has already received the backing of a number of leading bodies in the field, including CREST, techUK and the Chartered Institute for IT.
Boosting diversity in the cybersecurity sector is also an important discussion point of the consultation. The industry is still male-dominated and better coordination of outreach is needed to attract more women.
Government efforts to improve awareness of cybersecurity issues from a young age may help in this regard, albeit the effect of any initiatives is only likely to be felt over a much longer term.
Other stated aims of the consultation may also be difficult to achieve any time soon. The idea of a common agreed Code of Ethics for cybersecurity professionals may be well intentioned but, in reality, hard to implement given the constantly evolving nature of the industry and the many moving parts involved in keeping organizations across many different sectors secure.
Perhaps more emphasis should be placed on ensuring that security professionals are able to collaborate better to share knowledge and intelligence, as well as develop better, more efficient ways of working.
For the UK to remain a global leader in cybersecurity, it’s clear that we need to continue to raise awareness of the importance of cybersecurity and its many challenges. Encouraging open discussion is definitely a positive step, although given the current shortfall of industry professionals, the speed at which any recommendations are agreed and introduced will be pivotal.
At this moment, businesses are currently struggling to recruit the skilled personnel they need, and with security requirements only likely to grow, we need solutions to bridge the gap, both now and in the future.