Interview: Simon Hepburn Discusses the UK Cyber Security Council's Early Progress

Written by

In March, the UK Cyber Security Council officially launched as an independent body when it fully transitioned from the Cyber Security Alliance-led formation project. Since then, it has set about laying the foundations to deliver its overarching mission in the years ahead: addressing education and skills challenges in cybersecurity by boosting professional standards and career prospects for those in the industry. These foundations include appointing its inaugural leadership team, and in September, the Council announced the appointment of Simon Hepburn as its first permanent chief executive.

A quick glance at Hepburn’s CV demonstrates why he was viewed as the right person to lead an organization based on developing skills and standards. Among his experiences, he founded Black Star Inc., where he advised on diversity and inclusion, leadership and management, people and change, strategy and organization development, careers and employability. He was also UK director at the international social action charity City Year UK, where he oversaw school partnerships, program design and delivery, leadership program development and mentor experience. 

Following a busy first few months at the helm, Infosecurity caught up with Hepburn to find out how he was settling into the role and the Council’s progress so far.

Simon Hepburn
Simon Hepburn

How are you settling into your role of chief executive at the UK Cyber Security Council? What persuaded you to take on this role? 

Thanks for asking; I’ve settled in very happily and am off to a busy start, as you’d expect. I’m enjoying working with the team, planning for the growth of that team, working and liaising with DCMS, NCSC and other partners and potential partners. I’m passionate about education, skills and careers and, above all, making a difference to people’s lives, so the opportunity to build an organization from the ground up, dedicated to those things, is why I wanted this role.

What are the main objectives of the Council over the coming years? 

The mission of the Council is to be the focal point through which industry and the professional landscape can advise, shape and inform national policy on cybersecurity professional standards. Our aim is to establish the Council as the ‘umbrella’ organization and governing voice for the cybersecurity sector.

We will bring a different voice to discussions about professional standards, ethics, qualifications and careers. Of course, also as advisers to the government, we will, when necessary, speak the truth to power.

How much interest have you received from organizations about coming members since the application process opened in August? 

I’m pleased to say that the first memberships have already been approved and also pleased that the overwhelming majority of interest has been from organizations that weren’t involved in setting up the Council. We’re in the process of recruiting a membership executive to take responsibility for the membership process and to make sure we provide a high-quality membership experience.

The UK Cyber Security Council's careers route map shows would-be practitioners that there are routes into the sector from any point in their working life
The UK Cyber Security Council's careers route map shows would-be practitioners that there are routes into the sector from any point in their working life

Could you explain what the Council’s careers route map is? What feedback/reception have you received from the cybersecurity community about this initiative? 

The careers route map, as you currently see it on the website, was created during the Council’s formation project – so, by the industry. The aim was to show would-be practitioners that there are routes into the sector from any point in their working life; and, for current practitioners, to map career routes ‘through’ the sector, including to the senior roles in large companies. We’ve received and seen various positive comments on it – for example, people have tagged in their social media contacts, even those from other countries. We’ve also received comments that challenge it, which is brilliant. It will always be ‘in development’ and, with feedback and debate, we may end up with more – or less! – than the current 16 specialisms. Our goals include making it more useful and usable for more types of people, such as careers advisers.

What other initiatives are the Council currently working on that you can tell us about? 

Membership is key to the Council’s success; the Council was set up to be driven by the sector, and members will be central to the delivery of Council initiatives. So membership is a key initiative for us at the moment. We’ve already announced the first two committees – Standards & Ethics and Careers & Qualifications – and we have two project managers on board developing the remits for those. And, related to those committees, we are planning some events at which we aim to engage with and listen to the expectations of cyber sector organizations from all corners of the UK; it’s essential that we listen before we act.

Diversity and inclusion is both another passion of mine and one of the primary remits of the Council. We will be developing programs around this in the near term, too.

What’s hot on Infosecurity Magazine?