
Continuing Professional Development (CPD)
CPD is mandatory for those individuals registered on the Professional Register of Cyber Security Professionals, held by the UK Cyber Security Council.
Demonstration of commitment to CPD is an integral and mandatory part of the competency requirements for all cyber security practitioners irrespective of role or specialism. This is a commitment we expect from all Registrants awarded a professional registration title to further develop their knowledge and skills.
CPD is vital within the cyber security sector as we are securing a moving target, and our knowledge must be kept up to date in order to do this.
What counts as CPD?
This may include structured activities such as courses, distance learning programmes, private study, preparation of papers and presentations, mentoring, involvement in professional body activities, and relevant voluntary work. Professional experience, attending events & seminars, and activities completed for other organisations such as producing records also count. For detailed information on the categories created by The Cyber Scheme for collation of CPD, please see below.
CPD Plan
Continuing professional development relies on an individual identifying what they have already accomplished to date. This will highlight knowledge gaps and development needs that can be addressed during the next CPD period.
After identifying the gaps, strengths and weaknesses, a CPD plan can be instigated. This is where goals and objectives are set and ways to fulfil them can be identified. The Cyber Scheme will support registrants in the development of this plan by providing templates aligned to the demonstration of Knowledge, Skills and Behaviours, ensuring that the plan remains relevant and of the highest standard.
Completing the plan will involve attending and engaging in activities to meet the needs that were identified. When learning outcomes are identified as part of these activities, the plan can be updated to reflect that. Whilst this can be subjective it will demonstrate what knowledge, skills and abilities have been acquired upon completion of the learning experience or activity. If further gaps have been identified, they can be added to the plan for future CPD.
Regular self-auditing of the plan should be taken to evaluate the effectiveness of the learning and the impact of all activities. New skills will need to be put into practice, and knowledge gained can be shared – all of these activities should be recorded so that they form part of the continuous plan to learn and improve.
How do I record my CPD?
Registrants must commit to the planning, recording, and making available for reporting of their own CPD.
The recording of CPD is self-administered and you will need to track your own CPD activity in a spreadsheet and be prepared to submit it annually for verification. The Cyber Scheme are developing an online portal where the recording and auditing of CPD activity can be easily managed by registrants. While this is in development, we encourage you to download the CPD Records form we have created (see below), or use a similar offline form to record your activity.
How much CPD should I be doing?
The Council currently ask for 25 hours of CPD completed each year totalling 75 hours over a three-year period, and across several sources.
We will remind registrants as their anniversary of renewal is due to ensure that year’s CPD record is recorded and up to date.
Recognised Categories - recording your CPD with The Cyber Scheme
CPD records will be monitored and audited by The Cyber Scheme, working with the Council.
Records must be available for audit at any time by The Cyber Scheme. We have created the guidance and resources below to aid registrants in the collating and recording of their CPD. The recognised categories outlined here are mapped to the Council’s SPCC and aligned with the A-E competencies required for a professional title.
If you prefer to record your CPD as points rather than hours, 1 hour = 1 point. Please note the maximum hours allocated per category. You should split your hours across at least three categories.
Please provide information in accordance with the Title you hold, from awareness (Associate) to detailed evidence (Chartered).
Learning and Training
(max 20 hours per year).
Evidence of cyber security training and/or certification, including courses and assessments provided by The Cyber Scheme.
Online courses and webinars specific to specialism.
Practical exercises and challenges e.g CTF exercises, competitions.
Demonstrate learning acquired by the reading of research papers, news articles etc.
Professional Contribution – Volunteering
(max 25 hours per year).
Actively participate in and promote the cyber security profession through unpaid volunteering (e.g. The Cyber Scheme Assessor/Interviewer/Technical Advisory Board Member/Training Course Assessor/Moderator).
Engagement in activities supporting charities and other organisations (e.g local cyber clusters).
Attendance at non cyber security events to promote the profession (evidence of participation, not just attendance).
Professional Contribution – Mentoring or Education Programme
(max 20 hours per year).
Demonstrate that you have led, managed and/or developed people through coaching and mentoring.
Demonstrate being coached or mentored and the learning outcomes achieved.
Give evidence of collaboration, providing support, offering feedback and advice.
Professional Contribution – Writing
(max 20 hours per year).
Demonstrate written communication skills for both technical and non- technical audiences.
Publication of articles, blog posts, social media posts, white papers, opinion pieces attributed to the registrant and relevant to their specialism.
Demonstrate independent thinking and thought leadership through the written word.
Evidence of Management and Leadership Development
(max 20 hours per year).
Evidence of creating, maintaining, and enhancing productive working relationships, and developing collaborative solutions to defined cyber security goals.
Evidence of any activity that implements organisational change and improved understanding of equality, diversity, or inclusivity.
Engage in activity focused on trends, best practices, skills development, and innovations in leadership and management.
Evidence of Business and Communications Development
(max 20 hours per year).
Evidence of how a cyber security problem was communicated using the language of the organisation, conversely how a business’s requirement and priorities were translated into cyber security activities and actions.
The preparation of reports or specifications as part of a bidding process for a cyber security product or service.
Evidence of the gathering and reporting of threat intelligence, technological advancements and threat space.
Regulatory and policy knowledge, legal and ethical best practice
(max 10 hours per year).
Stay informed about relevant data protection laws and compliance regulations.
Demonstrate where privacy and ethical considerations were included in cyber security activities while adhering to organisation policies and objectives.
Identify changes in policy which affect roles and responsibilities.
Attendance at Events and Conferences relating to Specialism
(max 10 hours per year).
Attendance must be able to demonstrate learning e.g. how you maintain a working knowledge of technological advancements, panels and workshops attended and outcomes.
Speaking at an event in a capacity relevant to your specialism.
A list of appropriate events will be published for guidance.
Evidence of Peer Relationship Building, Networking, Professional Introductions, Knowledge Sharing and Professional Altruism
(max 10 hours per year).
Unpaid participation in International, Government or Industry working groups, unpaid skill related support to businesses, universities etc.
Participation in online forums and communities to discuss industry topics.