Editorial

UK Cyber Security Council urges businesses to help strengthen cybersecurity sector

Vice-chair, Jessica Figueras explains the UK Cyber Security Council’s plans to shape the cybersecurity landscape, improve diversity in the sector and introduce a standards framework in line with other professions

Posted 27 May 2021 by Christine Horton


The UK Cyber Security Council is calling on companies from all industries to get involved to help boost career opportunities and professional standards for the UK’s cybersecurity sector.

The new DCMS-funded Council was launched on April 1 to provide a governing voice for the cybersecurity industry. The aim is to bring it in line with other professions such as law, medicine and engineering. It also wants to establish the knowledge, skills and experience required for a range of cybersecurity jobs.

Organisations will be able to sign up as members of the council from around September,” said the Council’s vice-chair, Jessica Figueras.

“We are looking for people from the broadest possible range of backgrounds,” said Figueras. “If just the cybersecurity industry gets involved, we’re going to be missing the perspective of those other businesses. So, we hope to get people from the public sector, retail, manufacturing and beyond to help us to shape the profession and help become informed employers, and customers of cybersecurity professionals and services.”

Skills gap

The government’s National Cyber Security Strategy had previously identified a need to strengthen the cybersecurity profession as a whole. Figueras says this is where the Council is stepping in, to help boost the UK’s cyber capabilities, particularly around the skills gap.

“We’re working practically to try and address some of those issues around skills in the UK,” she said.

Jessica Figueras

“There are there are lots of providers out there doing fantastic work, providing training and certification of skills. We felt the missing piece was a look at what skills the UK needs. These may not be necessarily skills which are being served very well in today’s market. Somebody needs to take the lead in identifying what are the areas, what are the gaps and what can we do to make sure they get filled.”

Figueras said the Council can provide skills mapping when it is not easy for non-cyber experts in other sectors to understand what exactly they need from a cybersecurity solution or when hiring professionals.

“There are lots of different paths with lots and lots of different training courses, lots of different certifications, they’re probably not comparable. We don’t know if those people are going to have the skills that are needed for tomorrow or next year, or five years’ time.

“What it means is that, at the moment, the only people who are well placed to make well informed decisions about the kind of people that they need to hire, and the skills they need, are organisations which are already experts in cybersecurity.

“We can do that mapping all of the skills on to the actual qualifications that are available in the market. Eventually we will provide a certification or proof of qualifications as well, so you’ll have a level of assurance that particular qualifications come up to certain standards.”

Establishing framework of professional conduct

Figueras said cybersecurity must align with other professions that have clear standards and frameworks.

“If you look again at some of the professions out there such as accountancy or medicine, one of the things that marks them out as mature professions is a very clear framework of professional conduct. They have…an innate sense of what’s right and wrong.

“We need to do the same for cybersecurity. There’s a lot to build on – I do think there is already a strong sense of shared professional values around safety and security. But there’s lots more in terms of navigating some of the ethical dilemmas, looking at things like conflicts of interest. What’s the duty to the public versus what’s the duty to the employer? These are all, these are all issues where other professions have had these worked out.”

Focus on diversity

Figueras also stressed that diversity will be a big focus for the Council.

“Where you have a profession which is drawn from quite a narrow sector of society, that also narrows the kind of skills you get – the tendency is towards a narrow frame of reference. We need to incorporate more perspectives, more ways of looking at the challenges of cybersecurity.

“Keeping ahead of the bad people is really hard to do when you’re not bringing the full strength of cognitive diversity to the table.”