The CEO of the UK Cyber Security Council, Professor Simon Hepburn, has reflected on key achievements over the last 12 months in an interview with broadcaster ITN. Hepburn assessed the Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity.
In what he called a “very busy year” the council — the self-regulatory body for the UK’s cybersecurity sector — has worked both locally and internationally to advance the cybersecurity ecosystem within the UK.
UK Cyber Security Council’s four new cybersecurity standards
“We’ve developed four professional cybersecurity standards in different areas,” Hepburn said. These are Cyber Security Governance and Risk Management, Secure System Architecture and Design, Security Testing, and Audit and Assurance.
“When we were working with organizations to develop those standards, we did a lot of work on raising the profile of cybersecurity as a profession, which is really, really important, and one of our key priorities.”
The council has partnered with several organizations that are specialists in specific areas of cybersecurity to develop the standards, Hepburn added. These include international professional association ISACA and industry bodies (ISC)? and the Chartered Institute of Information Security (CIISec).
The standards are a key foundation of the council’s work towards establishing a universally recognised, professional standard for the UK cybersecurity sector to provide professionals the opportunity to achieve chartered status across 16 specialisms.
“We’ve taken people through that process, and we’re really pleased that we’ve got a lot of successful candidates, also some that weren’t so successful, but that’s the whole learning process. We use that learning as part of the next development.
The Council has also developed its Technical Advisory Panel, made up of security experts across government departments and different kinds of organizations/institutions who will review and assess the criteria of what it has developed, Hepburn said.
UK Cyber Security Council’s work on tackling skills shortages, improving diversity
Hepburn was asked about the current shortfall of cybersecurity talent in the UK, as highlighted in a recent report from the Department for Science, Innovation, and Technology (DSIT) which revealed that approximately 50% of UK businesses have a basic cybersecurity skills gap. “It is a concern, but we’ve always kind of known that that exists,” he said. “It is a long-term game — it’s a marathon, not a sprint.”
The first key thing the Council has done to help address the skills shortage issue is to raise the profile of cybersecurity as a profession, engaging with schools to raise that awareness among younger people, but also for career changes, Hepburn said. “Our role is to really demystify the roots into the cybersecurity profession, using things like our online career tool to show how qualifications and experience align to specific opportunities.”
The Council has also been working to improve representation in the UK cybersecurity field, Hepburn said. This includes the publication of the Diversity Process Flow Paper exploring the barriers people of colour and those from ethnic minority backgrounds face when pursuing a career in cybersecurity. “Increasing ethnic minorities in cyber but also elevating women in cyber. Also, we do things like thought leadership, looking at issues like neurodiversity. For us, it’s really about social mobility; it is about profiling the opportunities and making sure everyone’s aware that they’re welcome to join the profession.”