The government is launching an independent body designed to oversee and quality-assure the plethora of cyber security training and certification schemes available across the UK, providing a clear pathway for opportunities to upskill.
Funded by the Department for Digital, Culture, Media and Sport (DCMS), the UK Cyber Security Council will serve as a one-stop-shop for information on cyber security training opportunities. It will aim to attract more talent to the security workforce and increase diversity in the field, while setting professional standards for training providers.
Most importantly, the council will provide a single governing voice for the industry to establish the knowledge, skills and experience required for a range of cyber security roles. This will bring it in line with other professions such as law, medicine and engineering.
“Cyber security is a growing industry in the UK and it’s vital for high standards of practice and technical expertise to be at the heart of the profession as it develops,” said the deputy director for cyber growth at the National Cyber Security Centre (NCSC), Chris Ensor.
“We look forward to working with the Council to help ensure that future generations of cyber security professionals have the skills and support they need to thrive and make the UK the safest place to live and work online.”
The UK Cyber Security Council is being established in response to a 2018 public consultation examining the major issues facing the profession. In the consultation, there was overwhelming support for an independent standards body.
Chairing the organisation will be Dr Claudia Natanson, a global cyber security expert who was previously CSO at the Department for Work and Pensions and MD at BT Secure Business Service.
Joining her as vice-chair will be tech market strategist Jessica Figueras, senior director, policy & government affairs UK&I, Palo Alto Networks, Carla Baker as trustee, and Marston Holdings’ CFO Mike Watson as treasurer.
The body will boost skilled job prospects across the country by providing a clear roadmap for career-building in the industry across all experience levels. It’ll do so with a special focus on increasing the diversity of people entering the profession.
The State of Email Security 2020
Email security insights at your email perimeter, inside your organisation, and beyond
The UK Cyber Security Council will also work with training providers to accredit courses and qualifications, and offer employers the information they need to recruit effectively.
There is already a wealth of cyber security training and certification opportunities in the UK that individuals and businesses can access. DCMS has confirmed the council will bring coherence, structure and clarity to the field by quality-assuring existing courses and setting professional standards for future qualifications. This is against directly funding or setting up new courses itself.
Plugging a gap in the system
The overwhelming consensus among cyber security professionals and experts, speaking to IT Pro, is that there’s a pressing need for ramping up both the number of skilled workers in the industry as well as the quality of training.
For cyber criminologist Azeem Aleem - who is VP cyber security consulting, global digital forensics and incident response lead at NTT - there’s a wide gap in what we teach in universities and what the practical world of security is throwing at graduates.
“They are mostly being taught by academics who lack practitioner knowledge,” he explains. “As a result, the graduate lacks a real understanding of the threat landscape and the real-world workings of a cybercriminal. The industry is crying out for skilled cybersecurity professionals to fill this increasing gap, but doesn’t have the means of educating them.”
“There has definitely been immense evolution in technical cybersecurity certification progression - for example, SANs, CREST, EC council, ISC2, etc,” he continues. “However, many organisations find that these certifications do not develop the rigorous analytical skills that an academic degree instils into a cyber-professional.”
Paul Farrington, EMEA CTO at Veracode, adds there are only five undergraduate computer science degrees certified by the UK’s NCSC for cybersecurity content. “Both users and the creators of software will benefit from the launch of the UK Cyber Security Council,” he says. “There’s a real need for new training opportunities, accredited courses and qualifications for software developers to get the assistance they need to thrive.”
What the UK Cyber Security Council will bring is a level of standardisation, cyber security specialist with ESET, Jake Moore tells IT Pro, saying this “can help dramatically in pulling the necessary resources together and helping people understand both the risks but the protection available”.
The UK Cyber Security Council can also kickstart the development of training opportunities at the lower end of the spectrum, according to Keith Glancey, systems engineering manager at Infoblox. This will fill a gap that’s long-existed, despite high-end certifications such as CISSP having been established for some time. The fact it’s vendor-independent, too, means small and medium-sized businesses (SMBs) will find it easier to know what should be done with cyber security training with regards to their own employees.
However, the real proof will be in the longevity of the council, Jake Moore warns. “Sadly - once initiatives such as this lose focus or uptake - they can fall apart just as quickly as they are established. It is vital that the programme continues its course.”
Azeem Aleem agrees, adding that if the council works to solve the industry’s issues then its foundation can be justified. He says, however, that there needs to be a more robust partnership between academic institutions and public and private sector bodies, hinting that fostering such relationships should be one of the organisation’s key priorities.
