Is Standardisation Of The Cybersecurity Profession A Good Thing?

Uploaded on 2023-02-14 in NEWS-News Analysis, FREE TO VIEW

As a profession, cybersecurity has continually morphed and evolved in response to technological change. From the days of safeguarding mainframes and perimeterised networks through to the demands of securing deperimeterised cloud-based environments today, a host of specialisms have emerged and some have even converged, such as DevSecOps, illustrating that the industry is highly flexible and adaptive.

But the current skills shortage indicates that market can’t always keep pace. The 2022 Cybersecurity Skills Gap report found half of organisations globally are looking for cloud security specialists and the gap is widening. The Department for Digital, Media Culture and Sport (DCMS) initially estimated there would be an annual shortfall of 10,000 entering the cybersecurity sector but revised that last year to 14,000. This suggests there may well be some disparity between the skills being acquired versus those needed which is backed up by another DCMS report which found the single most common reason cited for being unable to fill vacancies was a lack of technical skills and knowledge.

Part of the problem comes down to that very flexibility we referred to before. The sector has evolved and expanded making it very difficult to identify the skillsets, qualifications and experience needed for particular roles. There’s a great deal of obfuscation and confusion and this in turn prevents individuals from working their way up the ladder to their career goal.

Pathways To Success

To help address this issue, the UK Cyber Security Council has been tasked with establishing the Cyber Pathways Framework. This will map out 16 careers as well as establishing a universally recognised professional standard which will allow practitioners to be certified at either Associate, Principal or Chartered level across those specialisms. Achieving the Council’s professional standard will provide practitioners with an independent seal of approval, with their status recorded on a secure register of practitioners and cybersecurity professionals will be able to register for accreditation later this year.

Effectively, the framework will standardise routes across the profession for the first time, providing some much-needed clarity on how you can progress from your current position through to the lofty heights of CISO.

It’ll provide baselines for achieving Associate, Principal or Chartered level across those 16 specialisms which will be rigorously assessed, with ISACA, for instance, due to oversee the chartered Audit and Assurance specialism.

In doing so, it will put the industry on a par with the legal and accountancy sectors as a profession in its own right.

However, formal standardisation of the sector does of course introduce some elements of rigidity, and this can cause problems. For instance, one of the reasons why companies are finding it so difficult to fill cybersecurity vacancies is that there’s an over emphasis on qualifications, with hirers looking for specific certifications when selecting candidates. The most commonly requested certification is the Certified Information Systems Security Professional (CISSP) with 39 percent of postings asking for this during 2022. When Chartered status was initially proposed, it was thought it could be used to help screen applicants, but this means there’s a danger it may see hirers further whittle down the list of applicants they are willing to consider.

Tapping Into New Talent

With insufficient entrants to the profession, realisation is dawning that hirers will have to cast their nets more widely and rethink their recruitment drives. As it turns out, 46 percent of the current cybersecurity workforce entered their current role from a non-cyber role and there’s now much more emphasis on helping applicants with the right aptitude and soft skills, such as communication and problem solving, to upskill. 

Diversity drives are also helping to open up the industry and, after training, flexible working and certifications, DEI initiatives are the next highest investment companies are making to try and close the workforce gap. There’s undoubtedly untapped talent here, with minorities still under-represented in the industry. In 2022, a quarter of the workforce came from ethnic backgrounds, 22 percent were female, 10 percent were neurodivergent and 8 percent were disabled. However, according to a report on Understanding the Cyber Security Recruitment Pool, minority candidates have felt pushed out of the industry because “it’s too difficult to progress”. 

So, the question is with the cyber pathways cater for both these pools of talent or will it reinforce the status quo? It’s great that the Chartered status will elevate the profession and recognise high achievers but we also need to consider that only 14 percent of ethnic minorities, 13 percent of women, six percent of neurodivergent and three percent of disabled professionals are in senior cyber roles. What we don’t want to do is create a new glass ceiling.

The Cyber Pathways Framework and Chartered status are welcome developments. But we need to ensure they’re inclusive and provide a means to attract and funnel new talent into the profession as well.

Jamal Elmellas is COO of Focus-on-Security

You Might Also Read:
 
More Women Needed In Cyber Security:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Quantum Computer Power Threatens Encryption
Russian Cyber Attack Disrupts Earthquake Aid  »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Cavirin

Cavirin

Cavirin’s Automated Risk Analysis Platform reduces risk and automates security and compliance.

ERNW

ERNW

ERNW is an independent IT Security service provider with a focus on consulting and testing in all areas of IT security.

State e-Government Agency (SEGA) - Bulgaria

State e-Government Agency (SEGA) - Bulgaria

The State e-Government Agency (SEGA) is responsible for matters relating to electronic governance in Bulgaria.

RATEL (SRB-CERT)

RATEL (SRB-CERT)

RATEL has been appointed as the National Center for the Prevention of Security Risks in ICT systems of the Republic of Serbia (SRB-CERT).

Rentalworks

Rentalworks

Rentalworks is a leading provider of Internet-of-Things (IoT) Asset Lifecycle Management Services including secure data erasure and disposal.

Griffeshield

Griffeshield

Griffeshield is a company specialised in new information technologies used to protect Intellectual Property.

Cyturus Technologies

Cyturus Technologies

Cyturus Technologies delivers cybersecurity business risk quantification services using our proprietary Adaptive Risk Model (ARM).

CyberUK

CyberUK

CYBERUK is the UK government’s flagship cyber security event and the authoritative event for the UK’s cyber security community.

Vantage Point Security

Vantage Point Security

Vantage Point are specialists in penetration testing and application security with a focus on the industries undergoing rapid digital transformation.

Truvantis

Truvantis

Truvantis is a cybersecurity consulting organization providing best-in-class cybersecurity services to secure your organization’s infrastructure, data, operations and products.

MoogleLabs

MoogleLabs

MoogleLabs leverage AI/ML, Blockchain, DevOps, and Data Science to come up with the best solutions for diverse businesses.

Quantum Security Services

Quantum Security Services

Quantum Security Services is a specialist information security firm providing a range of risk, compliance and technical security services.

Seedcamp

Seedcamp

Seedcamp identify and invest early in world-class founders attacking large and global markets through disruptive technology in areas including AI, cybersecurity, and Fintech.

Radix Technologies

Radix Technologies

Radix offer end-to-end device management solutions, consolidating all the organization devices, processes and stakeholders into one easy-to-use management platform.