It’s now a month since The National Cyber Security Centre (NCSC) launched the Cyber Advisor scheme to help smaller organisations achieve key cybersecurity controls and standards. The Cyber Scheme reflects on experience gained – why the scheme was launched, how it has been received and what stakeholders can learn from going forwards.
Cyber Advisor is aimed primarily at small organisations which can lack in-house expertise or access to accredited professionals to help them to secure their networks.
When qualified, Cyber Advisors will be able to provide cost-effective advice and, where required, hands-on help to implement the five Cyber Essentials Technical Controls required to attain Cyber Essentials Plus.
Why link Cyber Advisor to Cyber Essentials?
NCSC believe that instigating the Cyber Essentials Technical Controls protects small business from the majority of high volume, low-skill attacks perpetrated through the Internet. It makes sense then that implementing CE+ is of the easiest ways to make the UK more secure, and buyers more confident that their business is sufficiently protected.
Under the new scheme those organisations who have a qualified Cyber Advisor on their staff will be able to offer NCSC assured Cyber Advisor services to customers. This provides assurance to customers, and adds a level of legitimacy to the services provided by Cyber Advisor organisations, allowing them to rise above the ‘wild west’ of unregulated cyber consultancy services offered nationwide.
The scheme has been well received by those already in the Cyber Essentials eco-system; there is now a desire to expand knowledge of the scheme, and also to fully explain how beneficial the scheme will be to both cyber consultancies who acquire Cyber Advisor status, and also small and medium size businesses looking for a trustworthy source of cyber security advice – endorsed and recognised by the National Technical Authority NCSC.
“Over the last couple of months, I have been assessing candidates for the Cyber Advisor Scheme, meeting a wide range of prospective advisors, I have been intrigued at the level of innovative advice that candidates have provided to our scenarios. It shows there is some real talent out there. And a genuine commitment to support small businesses”
Peter Loomes, Lead Cyber Advisor Assessor and Head of Training, The IASME Consortium
The Cyber Scheme are currently the only Accredited Assessment Provider for the scheme, developed and delivered in partnership with IASME.
The Cyber Scheme have now been running the assessments for a month, and they have been well received by both candidates (mostly MSPs) wishing to gain Cyber Advisor status, and by the assessors involved in running the scheme. The aim is to roll assessment provision out nationwide, initially in Belfast and Manchester and including Edinburgh, Cardiff and London as soon as possible.
Initial feedback from candidates suggests that:
• more emphasis needs to be placed on providing learning materials with less technical emphasis
• more advice on the consultancy reporting section of the exam would be useful
• A forum for queries would be well received
Over the next few weeks The Cyber Scheme will be implementing an advice section on the website, as well as developing webinar and video resources to aid MSPs in deciding whether to take up the scheme, and for small businesses to aid procurement decisions.
"When I first heard about Cyber Advisor I was really excited, it's something that's badly needed in the Cybersecurity industry, but I was also very sceptical, how on earth were they going to capture the essence of what makes a good Cyber advisor in a 2-3 hour exam?? Well they nailed it, I didn't know what to expect but I came away feeling like it was exactly what I do in 'the day job'. They captured the technical knowledge, combined with the non-technical explanations, and even the conversations so well, it gives me confidence we have a really good way to assess the competence of future Cyber Advisors and I've got real confidence the process will weed out those not yet ready..."
Chris Blunt, Cybersecurity Assessor at Blunt Security