Since the first seed was sown back in 2016, work has been underway to create an independent body to support growth and professionalism within the U.K.’s cybersecurity education, training and skills activities. Now, that body has come into being in the form of the U.K. Cyber Security Council. (ISC)² staff and members have been involved in this project since 2018 and have been diligently working alongside volunteers from other organizations on the Council Formation Project, which concludes today following more than 18 months of work.

What does this mean for members, associates or those yet to begin their cybersecurity career journey?

The Council will support (ISC)² and other organizations involved in cybersecurity skills and education, helping with additional tools and resources to define cybersecurity career pathways, linking the right qualifications to the right career trajectories. It will provide long-term thinking for growing the scale and diversity of the profession with aligned Council programs, creating further opportunities for people to join a more inclusive and diverse working community. Ultimately, the Council will be a voice of the profession, speaking to all stakeholders on the profession’s priorities, challenges and ideas and helping (ISC)² in its efforts to advocate for members and the sector as a whole.

The Council operates to complement and support organizations such as (ISC)², not replace or compete with them. Also, it is not a technical body. The role of the National Cyber Security Centre (NCSC) is clearly defined as the U.K.’s technical and incident response cybersecurity agency. While both share the same overall objective, the Council will focus specifically on education, training and skills development.

What will the Council do?

The primary role of the Council is to champion the cybersecurity profession across the U.K. In doing so, it will provide broad representation for the industry, increase and improve awareness of the trends and skills issues in the sector, and promote excellence in the profession.

It will bring thought leadership, career mapping tools and other education resources to the cybersecurity sector and be an independent source of information for those seeking to enter the sector, alongside helping to influence government, industry and academia. It will do all of this with the aim of developing and promoting U.K. cybersecurity excellence globally and growing the nation’s cybersecurity skills base.

The Council is built on four key pillars:

• Professional Development

A key function of the Council is to support the professional development of those working in or aspiring to work in the cybersecurity profession. It will support employers and individuals as they make career-shaping decisions about skills, development and recognition. The Council will do this by mapping routes into and through the cybersecurity profession, establishing a professional qualification framework, mapping criteria to appropriate skills and qualifications.

• Outreach and Diversity in Cyber Security to Develop the Next Generation

Supporting and improving diversity in the UK cybersecurity sector is of paramount importance if we are to broaden the skills base and overcome actual and perceived barriers to entry and progression. The Council will promote cyber security as an attractive and rewarding career option for people of all ages, including those recently in education and those already in work looking to career change or progress on an existing cyber path. (ISC)² has also acknowledged this with the creation of its own Diversity, Equity and Inclusion (DEI) task force , which will look to support and work with the Council to achieve shared diversity aims.

• Professional Ethics

At the core of the Council is a Code of Ethics for the participating organizations as well as individual professionals. This code, in conjunction with those of individual organizations, enshrines the guiding principles within which all participants in the cybersecurity sector can demonstrate good practice.

• Thought Leadership and Influence

The Council’s role enables it to engage with and inform standards bodies, Government policy and regulation development by acting as an expert body. Thought leadership content and activities from the Council recognize and highlight cybersecurity as a global sector, helping to forge and nurture essential international links, while working with industry and regulators to further the cause of the sector and to ensure needs are understood on both sides.

With those four pillars providing the parameters for the Council’s focus and activities, it will work to support the aims of the Government’s National Cyber Security Strategy. Those aims include making the U.K. the safest place to live and work online, along with maintaining and growing the U.K.’s position as a global center of cybersecurity skills excellence.

What is the Cyber Security Alliance?

What began as a concept in the U.K. Government’s National Cyber Security Strategy paper grew into a consultation and a competitive tender by the Department for Digital, Culture, Media and Sport (DCMS) to commission the creation of the Council. That tender was won by a consortium of industry organizations called the Cyber Security Alliance, of which (ISC)² is a founding member. It commenced work in September 2019 to build the Council that launches today, drawing on the combined experience and expertise of 16 organizations including:

• (ISC)²
• BCS, The Chartered Institute for IT
• Chartered Institute of Information Security (CIISEC)
• CIPD
• CompTIA
• CREST
• Chartered Society of Forensic Sciences (CSFS)
• Engineering Council
• Information Assurance Advisory Council (IAAC)
• The Institution of Analysts and Programmers (IAP)
• The Institution of Engineering and Technology (IET)
• Institute of Measurement and Control (InstMC)
• ISACA
• Security Institute (SyI)
• techUK
• The Worshipful Company of Information Technologists (WCIT)

How can I get involved?

Once the Council begins operations, launches its website and begins engaging on social media, there will be opportunities for more cybersecurity professionals to get involved and support its activities. This includes working groups, research, events, developing thought leadership and more. We will continue to highlight these opportunities and we encourage as many people as possible to participate and engage with the Council in order to help shape its view of the industry.