Editorial

UK Cyber Security Council welcomes NCSC report into diversity and inclusivity in cybersecurity

The Council will devise, drive and support D&I programmes through its membership

Posted 23 November 2021 by Christine Horton


The UK Cyber Security Council has welcomed a report by the National Cyber Security Centre (NCSC) on diversity and inclusivity (D&I) in the cyber security sector.

Simon Hepburn, CEO of the self-regulatory body for the cybersecurity sector praised the “concrete recommendations that will move the sector towards ensuring there are no barriers to entry” within the Decrypting Diversity report.

“The sector must succeed at this,” he said. “It’s vital not just to help the sector fill the tens of thousands of vacancies that exist, but for the sector and the UK to benefit from the wider range of abilities, improved creativity, different thinking and alternative contributions of a truly diverse, inclusive cybersecurity workforce. The Council and the NCSC are in lockstep over the D&I objectives for the sector and, to that end, we also welcome and agree with the conclusions of the report.”

He did however note that the recommendations in the report are largely about what needs to be done – but that little may change unless the sector proceeds to address “how to do what needs to be done; programmes will need to be devised and executed.”

He said the Council will play its full role in devising, driving and supporting D&I programmes, through its membership which it is starting to build.

“I encourage cyber-related organisations that want to lead the way in D&I, and which want to show the sector that they’re leading the way, to join us without delay. There is much to do.”

Recommendations to improve D&I in cybersecurity

D&I is one of the four key pillars of the UK Cyber Security Council, which was commissioned in 2019 by DCMS to be the governing voice for the cybersecurity profession and launched in the spring of 2021.

NCSC’s report, written by KPMG, contains six recommendations to improve the D&I performance of the sector.

The Council is cited specifically in two of the conclusions of the Decrypting Diversity report.

The Council should produce a series of case studies and career journeys that show the breadth of routes into cyber and the diversity of professionals in the industry today. Individuals need to understand how they can join the cyber security industry and the variety of opportunities available, including at entry level. There should be no barrier to entering the cyber job market based on demographic characteristics.

It should also produce cyber roles and the skills required to develop a framework to describe cyber roles and skills consistently. Job descriptions and adverts for cyber roles need to be clear and accessible, to ensure they are inclusive, and focused on aptitude and skills. The industry should support this by, providing information on the cyber roles and skills they require.