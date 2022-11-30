The surging power of computers, coupled with rising reliance on digital machines, has made cybersecurity a mainstream topic. Governments globally are setting out strategies and legislation in this area, recognizing the enormous threat cyber-attacks pose to critical services and society more generally. National Computer Security Day began in 1988 and was designed to raise awareness about computer security as usage grew in organizations. The relevance of this issue has grown immeasurably in that time, with computing technology now critical to all aspects of everyday life. As the cybersecurity industry has evolved and grown, one of the key challenges is addressing the cyber-skills gap, ensuring IT teams can keep up with the expanding threat landscape. There are a range of steps needed to address this multifaceted problem, one of which is to create a more professionalized cybersecurity careers that offers clearly defined roles and pathways, as exists in other professions like law and accountancy. This will both help employers find the right candidates for specific cybersecurity roles and workers to chart a clear career progression path. This task is part of the remit for the UK Cyber Security Council, which launched as an independent regulatory body in March 2021. To find out more, Infosecurity Magazine recently caught up with Professor Simon Hepburn, CEO of the UK Cyber Security Council. Infosecurity Magazine: The UK Cyber Security Council recently created a pilot program designed to create the country’s first chartered cyber professionals, focusing on two specialisms – Cyber Security Governance and Risk Management and Secure System Architecture and Design. Could you tell us how this has gone so far?

Professor Simon Hepburn, CEO, UK Cyber Security Council

Simon Hepburn: We’re really pleased with the response to the pilot scheme so far and are planning to roll it out to include more specialisms in the near future. Bringing cybersecurity in line with other chartered industries such as surveying and accountancy has been much needed in order to standardize the sector and make entry routes into cybersecurity more accessible. Our aim in aligning existing qualifications and experience under recognized professional titles is to make career paths clearer to follow and to help those hiring easily recognize the individuals that have the skills they are seeking. We are delighted to be working with the sector and certification bodies on the pilot program, alongside our working groups and technical advisory panel to ensure we are creating a program that works for everyone. We’re looking forward to receiving feedback from all participants to help shape future pilots. IM: How important is it to create more clearly defined roles and pathways in cybersecurity? What other initiatives is the Council undertaking to achieve this goal? SH: Setting clear benchmarks and defined career pathways for cyber professionals will help make routes into the industry clearer, as well as helping those working in the sector to navigate their career trajectories. In turn, this will encourage individuals to be ambitious in their own short, medium and long-term career goals as there will be a clear correlation between upskilling to gain the next level of professional title and the opportunities that open up as a result. From an employer perspective, defined roles and levels of expertise make it easier for an organization to identify the cyber professionals with the requisite skill level to meet their cyber need. As well as driving awareness of opportunities within cybersecurity, for example through events, speaking opportunities and webinars, we are developing an ethics, standards and practise framework for the industry and are conducting working groups to encourage collaboration across the sector. We have direct links to the government to help the profession’s voice be heard, and we work with partner organizations to produce expert insights and reports. IM: How can the Council and other industry stakeholders work together to improve the diversity of cybersecurity professionals in the coming years? SH: This is a key pillar of activity for us. It’s an area we’ve started to make improvements in but where there is clearly so much more to do. Our recent Ethnic Minorities in Cyber (EMiC) Symposium would indicate that progress is being made to break down the barriers to cyber for people of color and other ethnic minority backgrounds, but there is no doubt that more must be done to improve diversity in cyber across a number of areas and address the dramatic skills gap the industry is experiencing.

"An important driver of diversity is to have a diverse intake across entry routes"