Interview: Professor Steven Furnell, University of Plymouth

At the end of 2017, it was announced that University of Plymouth students who have successfully completed the Cyber Security Analyst Degree Apprenticeship pathway will gain automatic Associate Membership of the Institute of Information Security Professionals (IISP).

The first university to be accredited under this new scheme, the pathway is based on the IISP’s Skills Framework and Plymouth’s students, who are studying for four years whilst in full time employment, will achieve associate membership to the IISP.

Peter Fischer, a fellow of the IISP, said: “Cyber Security Degree Apprenticeships represent a major step towards addressing both challenges. The IISP is keen to support this career path into the industry and the University of Plymouth’s accreditation recognizes that on graduation, individuals exceed the rigorous requirements for IISP Associate Membership.”

Professor Steven Furnell, who is an IISP fellow and head of the School of Computing, Electronics and Mathematics at Plymouth, said the “students will be able to graduate with such a clear endorsement of how their qualifications and experience are aligned to the needs of the profession.”

In conversation with Infosecurity, Furnell said that the degree is a new approach to degree-level learning based on government standards. The apprenticeships offered by Plymouth are within the Digital and Technology Solutions standard, which has routes including Cyber Security Analyst. 

“This is a nationally-defined framework that a program needs to address, but it is down to the local university as to how they deliver the outcomes,” he said. “It is a more flexible study opportunity for candidates in the workplace in order to take the degree route, they need to have an employer as sponsor.”

This also works the opposite way, where an employer could hire someone and put them through the academic process, but Furnell explained that this is different from a simple UCAS application, as it requires the candidate having the job.

This concept means that someone who is already in employment can gain an academic qualification. Furnell called this “an alternative way to get a degree” as it allows a person to do the same level of study, but while in employment. Candidates typically spend 20% of their time of the four-year course in training, and will work a 30 hour week.

“The content offered a mixture from our degree catalog but with a more flexible approach,” he said. “The key thing is it offers more flexibility to the candidates themselves as they can get out on certain days to go to the partner college to do the modules.”

The University of Plymouth is the first to take up the offer of earning associate membership of the IISP, and several other universities have plans to do the same.

So is this a way to develop skilled and qualified people? Furnell said that was the point and the reason why IISP was able to make the membership offer as it was predicated on having work experience. This is providing people with more than a placement year, as the candidates have the degree and at least four years of work experience.

In a statement released in December, Furnell called the IISP associate membership offer a “clear endorsement of how qualifications and experience are aligned to the needs of the profession” and in clarification, Furnell added that graduates of the program would get the IISP associate membership, which is linked to the IISP skills framework assessing not only their ability to know things, but to do things.

“It is one of the things that I am most enthused about, as it does give a basis for someone’s skills and competencies, and not all security professionals have their skills in the same area, so scoring against it gives you a reference for recruiters and training.”

What’s Hot on Infosecurity Magazine?