The role of The UK Cyber Security Council (the Council) is to champion the cyber security profession across the UK, provide broad representation for the industry, accelerate awareness and promote excellence in the profession. It will do this by delivering thought leadership, career tools and education resources to the cyber security sector and those seeking to enter the sector, alongside helping influence government, industry and academia with the aim of developing and promoting UK cyber security excellence globally and growing the UK’s cyber security skills base.
The Council’s focus is set in four pillars:
- Professional Development
- Outreach and Diversity in Cyber Security to Develop the Next Generation
- Professional Ethics
- Thought Leadership and Influence
The Council’s activities include supporting the Government’s National Cyber Security Strategy to make the UK the safest place to live and work online, doing so by leveraging all available expertise, relevant standards and guidance to deliver practical advice for the profession.
Exploring The Council’s Four Pillars
A key function of the Council is to support the professional development of those working in or aspiring to work in the cyber security profession. It also seeks to support employers and individuals as they make career-shaping decisions about the need for cyber security skills, development and recognition through certification and Chartered Status. The Council will do this by mapping routes into and through the cyber security profession, signposting essential skills, defining career pathways, removing complexity and demystifying the profession. The Council’s work includes establishing a professional qualification framework, mapping criteria to appropriate skills and qualifications including The Cyber Security Body of Knowledge (CyBOK). This will ensure a common level of knowledge for those aspiring to or achieving the appropriate grades.
Outreach and Diversity in Cyber Security to Develop the Next Generation
Supporting and improving diversity in the UK cyber security sector is at the forefront of the Council’s aims to broaden the skills base and overcome actual and perceived barriers to entry and progression. Core to achieving this will be building a vibrant and inclusive national network of industry, government and education partners to provide nationwide events to attract people into the cyber security community from all parts of society, promote dialogue and the sharing of best practice. The Council will promote cyber security as an attractive and rewarding career option for people of all ages, including those recently in education and those already in work looking to career change or progress on an existing cyber path.
Building and maintaining public confidence is a core principle of the Council. At the heart of the Council’s operations and Terms of Reference is a Code of Ethics for the participating organisations as well as individual professionals. These provide the guiding principles within which the participating organisations and individual professionals can demonstrate good practice.
Thought Leadership and Influence
The Council is structured to provide coordinated strong leadership – through a variety of content and engagement platforms – to the profession and industry in the UK, as well as outside of the cyber security sector. It recognises that those in the profession need strong leadership in all areas that their decisions involve – technical, business and risk/cost, while those yet to enter it need guidance and clear direction on how to successfully join the sector, develop their skills and progress a long and successful career.
The Council’s role enables it to engage with and inform Government policy and regulation development by acting as an expert body, identifying where new policies are required and advising on regulations or statutes that include an aspect of cyber security.
Thought leadership content and activities from the Council recognise and highlight cyber security as a global sector, helping to forge and nurture essential international links, while working with industry and regulators to further the cause of the sector and to ensure needs are understood on both sides. Working with standards bodies is also part of the Council’s remit, agreeing which standards define cyber security, which will include but be wider than the ISO 27000 series.
Why The Council Was Created
The Council was conceived initially as part of the UK Government’s National Cyber Security Strategy (NCSS) 2016-2021 document, which set out ambitions to develop and accredit the cyber security profession. It seeks to do this by “reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.” This was developed further in the Initial National Cyber Security Skills Strategy (2018). This declared intentions to establish a new, independent, UK Cyber Security Council to act as an umbrella body for existing professional organisations and drive progress against the key challenges the profession faces.
Following a competitive tender process, the Department for Digital, Culture, Media and Sport (DCMS) awarded the contract to design and deliver the Council in September 2019 to a consortium of cyber security professional bodies known as the Cyber Security Alliance. The IET is the lead contracting Alliance partner to DCMS for delivery of the project which is to run through to 31st March 2021.
The Cyber Security Alliance
The Alliance is a consortium of cyber security organisations that represent a substantial part of the cyber security community in the UK. It brings stakeholders together in the interest of advancing a healthy cybersecurity sector for the UK, from the development of professional recognition to the collaboration around acknowledged priorities to move the workforce and skills base forward. Its members include: