Professionalising the Cybersecurity Industry 

In this blog, BlackDice CISO Paul Jenkins discusses the recent establishment of the UK Cyber Security Council’s ‘Professional Standards’, and why this marks a pivotal moment for our industry. 

---

The growing significance of Cybersecurity as a ‘distinct profession’ 

Historically, the cybersecurity sector has been fragmented in its approach to standards, certifications, and practices. However, cybersecurity as a ‘distinct profession’ is now starting to be recognised, thanks in large part to the work of the UK Cyber Security Council (UKCSC), who recognised the need for the cyber industry to evolve from its more informal roots into a standardised, respected, and universally acknowledged profession. 

Who are the UKCSC and what do they do? 

The UK Cyber Security Council is the regulatory body overseeing the cybersecurity profession in the UK. It establishes national standards for cyber security to support the government’s efforts to enhance online safety. The council offers Professional Registration Titles, including Chartered Status, to build public trust in the profession. 

They are developing specialised areas aligned with the UK CSC SPCC Standard for assessing cyber professionals’ expertise. Pilot programmes in 2022 resulted in cyber professionals achieving Chartership, and the council aims to expand these specialisms by 2025. 

Their goal is to become the industry’s recognised standard setter, ensuring excellence and professionalism in cyber security to protect the country’s economy and critical infrastructure. 

“The creation of a “single governing voice” through UKCSC can offer a cohesive strategy, making it easier for fellow cyber professionals and business to adhere to a unified set of standards and guidelines.” 

Paul Jenkins

How to leverage the UKCSC? 

• If you’re a cyber professional, make sure you’re engaging with the UKCSC. Seek to understand the nuances of any standards, and consider aligning with them for career progression and global recognition. Remember, being certified not only benefits you but also contributes to raising the industry standard for our profession. 

• Employers should familiarise themselves with the UKCSC’s standards and use them as a benchmark in hiring and procurement. It offers a significant risk-mitigation strategy in cybersecurity endeavours. 

• Equally, I would encourage service providers to adopt and align with the UKCSC standards, as governments and companies are increasingly relying on these standards. Being compliant will provide you with a competitive edge and can open up new business opportunities. 

Final thoughts and future considerations 

The establishment of the UKCSC is a testament to the growing significance of cybersecurity in today’s ‘connected era’. It provides a roadmap for other countries to emulate and elevates the profession to the stature it deserves.  

“This is a welcome initiative by the government to establish standards and career paths in the cybersecurity industry, providing recognition of practitioners as professionals, and raising their standing to that of fields like law and engineering. The initiative strengthens national cybersecurity and ensures a safer online space for all.”  

Paul Jenkins

The onus is now on industry stakeholders – from professionals to businesses – to embrace this change, actively engage with the UKCSC, and contribute to a safer digital future.