Professional Standards and Chartership
You will have heard about the UK Cyber Security Council. What is it and why was it brought about?
The UK Cyber Security Council was introduced in March 2021 to be an independent body that sets standards and define career and learning paths for the cyber security industry. It was established by His Majesty’s Government (HMG) to define the professional standard needed to ensure the UK is a safe and secure place to live and work online.
The UK Cyber Security Council provides a “single governing voice for the industry to establish the knowledge, skills and experience required for a range of cyber security jobs, bringing it in line with other professions such as law, medicine, and engineering.”[1]
The Council was brought into place due to The National Cyber Security Strategy 2016-2021 policy paper that set out the UK Governments’ plans to make Britain cyber secure and resilient in cyberspace. Included within this report was the government’s desire to further develop the cyber security industry and accredit the profession by “reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.” [2]
The Department for Digital, Culture, Media, and Sport (DCMS) won the bid to commission the UK Cyber Security Council delivering it to a consortium of cyber security professional bodies known as the Cyber Security Alliance. The Institution of Engineering and Technology describe the Cyber Security Alliance as “a consortium of cyber security organisations that represent a substantial part of the cyber security community in the UK. It brings stakeholders together in the interest of advancing a healthy cybersecurity sector for the UK, from the development of professional recognition to the collaboration around acknowledged priorities to move the workforce and skills base forward.”[3]
The basis of the 2025 strategy for UK Cyber Security Council is set in five pillars[4]:
- Professional Standards: Setting the standards for practitioners across the sector
- Professional Ethics: Creating and ensuring cyber professionals adhere to our Code of Ethics
- Careers and Learning: Providing guidance on how to join and progress within cyber security
- Outreach and Diversity: Striving for an inclusive and representative sector
- Thought Leadership and Influence: Positioning the Council as the voice of the profession.
The goal of the UK Cyber Security Council is that “By 2025, all agreed specialisms will have been stood up, underpinned by a holistic, responsive, and inclusive Standard, to represent the Cyber Security Life Cycle. A pipeline of candidates will produce individuals, who demonstrate the Gold Standard of expertise, excellence, and professional conduct, and therefore are able to protect the UK’s Economy and Critical National Infrastructure. The Council will be the recognised ‘Standard Setter’ for the Cyber Security Industry.”[5]
The Council have issued the following Value Proposition:
Supporting the UK Government, UK Regulators, and the National Cyber Security Centre, the Council will play a key role in ensuring cyber practitioners have the skills and expertise needed to protect data and systems in the UK.
Cyber security is a maturing profession, with a range of areas that require specialist insight, development and practice. The Council’s Professional Standard and Registration Titles will bring structure and unity to the profession accordingly, and a level of consistent professional recognition, already embedded in fields such as engineering, audit and medicine
The Council will enable employers to identify the people they need to manage their cyber risks and meet their regulatory obligations. It will help practitioners navigate the complex world of existing qualifications, certifications, and courses. By setting an overarching professional standard and defining three professional titles, the Council will make the equivalence of cyber security qualifications clear.
Regulatory Compliance and Ethical Practice
Regulatory compliance and ethical practice are key pillars in the cyber security sector. The Government wants the Council’s standard to become a measure used to assess compliance by regulators across the UK. Regulators need to assess whether regulated entities have sufficiently invested in their cyber workforce to maintain cyber resilience. The Council’s standard is an effective measure of this resilience. Alongside the standard, the Council’s Ethical Declaration sets out a code of conduct for businesses and guiding principles for individuals on how to practice ethically. Each Council registrant will sign the Ethical Declaration, agreeing to promote credibility, integrity and professionalism. This will serve as assurance that those awarded Professional Registration Titles are both ethical and compliant.
Helping employers of cyber practitioners
Hiring decisions are the most important decisions that organisations make. In cyber security they are loaded with risk, as assessing competence is challenging. Employers who seek robust recruitment and development processes will use the UK Cyber Security Council’s standard for assurance that they are employing high quality, experienced practitioners. The Government Security Group is one example of an employer seeking this kind of assurance, and it is actively looking to align its recruitment frameworks to the Council’s standard, as the specialisms are released. Recruitment, progression, and career growth for individuals can be accelerated by engagement with the Council’s Professional Registration Titles – Associate, Principal and Chartered.
Helping customers of cyber services
Customers of cyber services often struggle to determine quality in the market: what does good look like? How has this been assessed? Do assessments have equivalence? Chartership will ensure an easy way to identify this for companies of all sizes. The need for this is particularly acute for the UK Government – the largest customer for cyber security services in the UK. Government is seeking to integrate the Council’s standard into public sector procurement processes, similar to what has been achieved with Cyber Essentials, to help customers validate the competence of a company’s cyber resilience. The standard will enable clear assessment of those bidding for Government contracts. Aligning yourself to the standard will help your organisation prove the quality of your services.
A Global Standard
Professionalising the cyber security workforce is not just a UK programme, it is the direction of travel for many like-minded states across the globe. Governments in other countries are increasingly looking at how best to assure professional competence and the UK government is pursuing mutual recognition of the Council standard internationally. Chartership with the UK Cyber Security Council will provide global credibility and give professionals an easy way to demonstrate equivalent competence when moving between countries.
Influence and Prestige
The Council’s standard, governance and institutional architecture will be led by cyber security professionals with Council titles. The UK Government is working towards the Council standard being the only Government-recognised quality mark for the UK cyber workforce. To shape the profession, you need to be part of it.
[1] GOV.UK. (n.d.). New UK Cyber Security Council to be official governing body on training and standards. [online] Available at: https://www.gov.uk/government/news/new-uk-cyber-security-council-to-be-official-governing-body-on-training-and-standards.
[2] Office, C. (2016). National Cyber Security Strategy 2016 to 2021. [online] GOV.UK. Available at: https://www.gov.uk/government/publications/national-cyber-security-strategy-2016-to-2021.
[3] www.theiet.org. (n.d.). UK Cyber Security Council Formation Project – The IET. [online] Available at: https://www.theiet.org/impact-society/uk-cyber-security-council-formation-project/.
[4] Council, U.C.S. (n.d.). What the UK Cyber Security Council does | UK Cyber Security Council. [online] www.ukcybersecuritycouncil.org.uk. Available at: https://www.ukcybersecuritycouncil.org.uk/about-the-council/what-we-do/.
[5] UK Cyber Security Council. (n.d.). Ethics and the cyber security profession. [online] Available at: https://www.ukcybersecuritycouncil.org.uk/professional-standards/.