In my recent blog summarising the DCMS report on the State of the UK Cyber Security Sector I promised to summarise the changes to national and local cyber policing structures over the past year and similarly map relevant skills activities. My original objective was to have these ready for the launch of the Cybersecurity Council. Then I decided to bring it forward to help promote the forthcoming SASIG Security Skills Festival.
The budget unleashed a torrent of employment and skills related fraud, as criminals seize the opportunity to loot the new programmes , as they did to the Individual Learning Accounts after Y2K, at the same time as victimising job seekers and infiltrating those seeking to recruit new staff as they re-open for business.
There is an urgent need to make rapid use of the trusted partner programmes of the new Cyber Resilience Centres to help businesses of all sizes (and charities, schools, reputable training providers and others) to implement and check effective vetting, authorisation and access management processes, perhaps using digital identities that are worth more than the paper they are not printed on. You can learn more at the UK Identity Fraud Advisory event on 18th March.
What is follows is “work in progress”. Some of the most important sections are still missing. Others may need correction. But I hope readers will find it useful and will help those who have to fill the gaps and make the linkages after the launch of the Cybersecurity Council and the recruitment of members and sponsors to pay for the work necessary. In the mean time I will insert the material sent to me.
The scale and nature of demand for cybersecurity skills have changed radically over the past year in the face of transformations in the threats and responses needed. Fraud is now perceived as national threat. The structure and nature of the UK police response is changing with Cyber Resilience Centres mapped onto the ROCUs and the automation of intelligence gathering to aid targeted response. Cybersecurity has become an £8.9 billion business in the UK.
The way demand for cybersecurity skills is measured has not kept pace. The statistical definitions commonly used reflect neither the skills in demand nor those used to analyse the structure of the industry. Those for cyberwarfare, needed by GCHQ and MoD, overlap with those to protect Megabank and its Customers, but are not the same. They, in turn, overlap with those to protect children, adults and microbusinesses, but are not the same. Those to secure critical national infrastructures, on-line networks and connected devices also overlap, but are not the same.
A focus on the areas of overlap, defining these as “the profession”, is essential if we are to improve the supply of those competent to handle the areas of overlap, but it is not enough. In consequence the work to create the Cyber Security Council is essential, but not enough. The scale and nature of its outreach programmes will be critical. But they will, in turn, depend on the support it receives after the launch, including from Government as the UK’s largest employer and victim.
There may be a shortage of “Professionals” competent to protect large organisation from targeted attacks by organised crime but there is a much bigger shortage (proportions and numbers) of “Technicians” capable of helping advise and protect SMEs and end-users. Then there are the issues of training end-users to protect themselves and what to do when “attacked” or victimised.
We need to unpack demand for digital and cyber skills and map these regionally and locally onto the new structures for policing and the four “P”: prevent, pursue, protect and prepare. We then need to take effective action to attract and train those with the skills necessary and ensure they are provided with employment frameworks and terms of reference which enable them to work together constructively, including with other trades and professions .
1 Unpacking Demand
2 The Police Structures and Strategies
3 Skills Initiatives and Partnerships
4 Points of leverage
5 Action Plan
6 Appendices – Qualifications, Sources of Guidance
1 Unpacking Demand
The main current focus, including of those planning the Cybersecurity Skills Council, is on:
- the needs of those collectively seeking a few hundred post-graduates with “deep skills”,
- the needs of those collectively seeking thousands capable of becoming rounded “professionals”, for a relatively small number of security consultancies and large organisations,
- opening up alternative career paths as technicians (e.g. penetration testers) for individuals with “extreme talent” who would otherwise be at risk of recruitment by organised crime.
Demand can be split between the providers of cybersecurity products and services (including the security services and law enforcement such as MoD, GCHQ and those in their supply chains) and their customers.
The recent DCMS Analysis of the UK Cybersecurity Industry indicates that the supply side currently employs the equivalent of 47,000 full time staff. Two thirds work in the cyber-security operations of under 150 service and/or product suppliers, in teams averaging over 200 staff, i.e. large enough to have in-house training and/or apprenticeship operations. Most are within large telco, defence, consulting, product or outsourcing operations. Most of the other 15,000 work in fewer than 200 specialist operations large enough (teams averaging a little over 50) to employ and supervise more than a couple of trainees.
To put this in wider context. The UK has only 7,500 businesses with more than 250 staff – i.e. likely to consider hiring a security technician/professional. There are only 42,000 businesses with more than 50 staff, i.e. likely to have a member of staff with the digital competence to enable the organisation to meet the expectations for Cyber Essentials.
By contrast there are over 1.4 million business with under 50 staff, plus several million sole traders who need access to affordable “virtual CISO” services. That implies local support operations (not just on-line services), with staff competent to the level of (for example) CompTIA Security + .
But most employers also need sector and/or application specific skills e.g. to secure financial services, hospitality, logistics/transport, retail, construction, critical infrastructure, light or heavy engineering, consumer, entertainment, sports, educational or employment products and services. The skills to develop, maintain and operate secure applications have seen the sharpest recent rise in demand, followed by those for cloud security. Meanwhile the skills in local demand vary geographically with the employment mix.
Thus an exercise some years ago to look at security skills sought by London-based financial services organisations (serving customers globally as well as nationally) found that the most serious gap was with those related to “Identity and Access Management”, developing and implementing systems (including people processes for checking claimed certifications, competence, experience, probity and qualifications) to help users decide who should be trusted, with what access, to which data, under what circumstances. These skills moved into crisis with lockdown and mass homeworking.
The exercise also found that organisations large enough to have career development and training frameworks rarely have HR staff with the skills and knowledge to organise and procure training related to Cybersecurity. The main exceptions were those for which this was a major business area: e.g. Accenture, BAe, BT, Deloitte, HP, IBM, KPMG, PWC, Qinetiq, EY etc. Several of these had “academies” organised in co-operation with large training providers like QA and BPP and/or Universities like Royal Holloway or Warwick.
Most such employers make heavy use of a limited number of training providers and/or universities. Thus BPP (now with University status) and its competitors handles the content delivery side of the “apprenticeship” programmes for most major accounting practices and law firms as well as for professional bodies such as the Chartered Institute of Marketing. DSS (part of Newham College) runs digital apprenticeship programmes for several large financial services employers as well as for O2.
2 The Police Structures and Strategies
2.1 The National Structure
UK Cyber Policing, including the National Cyber Crime Unit of the National Crime Agency, the National Cyber Security Centre , their intelligence sharing and response facilities (including what is now CiSP) and those organised by the National Police Chief’s Council have been re-organised locally and regionally to improve their shared capability to reduce cyber risk by collating intelligence (not just “reporting” and responding collectively to common threats and major attacks.
2.2 The Regional Structures
The National Cybercrime Programme enables every police force in England and Wales to have a dedicated cybercrime unit in place, supported by a network of Regional Organised Crime Units ROCUs). Each ROCU now links to a Cyber Resilience Centre (CRC). Constituted as a Not-for-Profit organisation, each CRC is a public/private partnership there to promote increased cyber resilience across the SME audience as well as the wider community The CRC’s are at different stages of development but the intention is that all will provide free access to NCSC and Police guidance using supervised cyber security students from universities recommended by BRIM (which is contracted nationally to help with formation and co-ordination of the CRCs) plus arrangements with trusted local and national partners to provide access to affordable services. The processes for selecting partners are evolving but the initial filter is accreditation via IASME to Cyber Essentials Plus The services include security awareness training, corporate internet investigation, individual internet investigation, remote vulnerability assessment, internal vulnerability assessment, web app vulnerability assessment, security policy review, cyber business continuity review and partner resource support.
The CRC for Manchester opened in 2019, with support from players like CGI, Northropp Grumman, NCC Group and Siemens and a consortium of five local Universities. The North East CRC is supported by Accenture and Sheffield Hallam and Northumbria Universities. The East Midlands is supported by Nottingham and De Montfort Universities. West Midlands is supported by Wolverhampton University). The South East became operational in January, includes the Thames Valley, has major users like Bank of America, Domino’s Pizza, Marriott Hotels and Save the Children on its board, and has links to Oxford, Portsmouth, Southampton and Surrey Universities and JISC. The South West is expected to have strong links to GCHQ and its supply chain. Those for Wales and the East of England are in the process of formation. Cyber Scotland brings together the longer established Scottish Business Resilience Centre (now in its 9th year) and the NCSC information sharing programmes. London is handled differently. UK Finance funds operations like the DCPCU . City of London Police host Action Fraud and the UK’s largest economic crime unit.
2.3 Incident Reporting
Police Cyber Alarm connects to police monitoring services to give a real-time view of potentially malicious activity as it happens. The service is designed for SMEs but could be used by larger firms and the public sector, such as schools. It shares personnel, analyses and tools with the bulk reporting processes that are also being piloted with large organisations in defence, aerospace, pharmaceutical, financial services, telecoms and some other sectors. Local support is via the Cyber Resilience Centres and the map on the website shows where it is live and where it will be released soon.
The key to improving intelligence collection, reporting, investigation and victim support at affordable cost is automation. The Cyber Help-Line is based on a three year old network of volunteer security professionals who developed a 24/7 chatbot that appears to be 80% accurate in identifying the problems faced by individuals and sole-traders.
Their 60 or so volunteers currently handle 4 – 500 cases a month. They need many times that number to enable the service to be expanded and linked locally to the Cyber Resilience Centres, let alone to the Cyberhood Watch component of the Neighbourhood Watch network.
On-line sexual abuse and related issues can be reported centrally to CEOP which became a command within the National Crime Agency some years ago.
The process for report spam texts is here
There is a need to complement and support the new structures with practical and realistic guidance on self-protection and reporting for use by Neighbourhood Watch, Business Watch and Safer Neighbourhood Partnerships and Teams as well as by public and private sector organisations of all shapes and sizes. That implies extending and promoting current NCSC and ROCU guidance for business (sample here) and individuals (sample here) and programmes such as NCSC Cyberware (currently only 27,000 followers) and Get Safe On-line. Guidance on Fraud protection includes that from UK Finance (Take Five) and the Financial Conduct Authority (ScamSmart) and well as from individual banks (e.g. the NatWest Fraud Guide or the guidance from Arbuthnot Latham) or the Consumer Association . Guidance with regard to Employment Fraud and Impersonation is available from Safer Jobs and UKIFA pending the launch of JobsAware in the near future.
The main sites for guidance for schools, parents and employers with regard to child protection are those of CEOP itself, the Safer Internet Centre and the Grids for Learning (e.g. SWGfL and LGfL). Other sites provide DfE guidance for those running out-of-school activities and for handling peer-on-peer abuse. There are also operations supported by the mobile Phone Operators and others to help with social media awareness and safety such as Digital Awareness and, to help with wider on-line awareness, Project Evolve, supported by DfE.
The Association of Child Protection Professionals has also gone on-line.
There is a need to provide a variety of audience-friendly front-ends, with regularly updated cross referencing, for inclusion in Section 5 (being Safe and Responsible On-line) of programmes delivered to the National Standards for Essential Digital skills.
3 Skills Initiatives and Partnerships
Many of the Cybersecurity skills partnerships, local and national, that are beginning to emerge to harness currently neglected talent are organised by professional bodies and trade associations also involved with the work to create the Cybersecurity Council as an umbrella for such activities.
The Institute for Apprenticeships is part of a triumvirate with Ofqual and Ofsted which agrees standards, funding levels and providers for programmes which can be charged against the apprenticeship levy via EFSA listed training providers, before unspent funds revert to HM Treasury.
The Cybersecurity standards are:
Cyber security technician, Level 3 – £11,000 – provided via DSS, SWATPRO and 12 others, EPA: BCS
(organised by e-Skills when the process excluded most industry recognised qualifications).
Cyber security technologist, Level 4, £18,000 – organised via BPP, DSS, Firebrand, QA, 2 ITECs, 19 FE Colleges, 30 others. EPA : BCS, City and Guilds, Accelerate (includes. Comptia Security + etc.)
Cyber Intrusion Analyst – Level 4, £18,000 – via DSS, Firebrand, Barking and Dagenham, Plymouth City and 3 other FE Colleges, 10 others (focussed more on the needs of large proganisations)
Cyber security technical professional – level 6, £24,000, organised by TP Degrees: via QA, De Montfort, Central Lancashire, Edinburgh Napier, Northumbria, Gloucestershire, Bedfordshire, Croydon College (degree linked apprenticeships organised by TP Degrees , now part of TechUK)
Other standards relevant to converged (cyber and physical) security, crime and investigation include:
Security First Line Manager level 3 £5,000 Organised by G4S
Intelligence Analyst – level 4 £11,000 – led by Home Office
Counter Fraud Investigator – Level 4 £15,000 – organised by HMRC
Serious and Complex Crime Investigator – level 6 £19,000 – organised by NCA
3.2 Other programmes include:
- Employers offering Covid Traineeships can claim £1,000 per trainee on prorammes which can range from 6 weeks to 6 months with varying requirements.
- Kickstart is for those aged 16 – 24 who are out of work, on Universal Credit and at risk of long-term unemployment.
- T-Levels require 45 week industry placements.
- The Essential Digital Skills entitlement , fully funded basic digital user skills.
- National Skills Fund covers Level 3 skills programmes and Regional Boot Camps via: Derby and Notts LEP D2N2LEP, the Lancashire Digital Skills Partnership, Heart of the South West LEP (boot camp graduates available to recruit from March 12th plus Bounce Back Digital, including Cybersecurity), Leeds , Liverpool and West Midlands (Code programmes fully booked). Other funded boot camps include Comptia Cyber Ready
- The Hacked programme for “at risk” teenagers vetted and referred by the ROCUs. The first referrals now work for, inter alia, GHCQ.
3.3 Generic Careers Guidance Programmes (see 3.n for Cybersecurity Careers Programmes)
JISC hosts the shared signposting service for the University Careers Services Prospects. The start point for most Employers and Schools is the Careers and Enterprise Company with 3,500 advisors serving over 2,000 schools via LEP partnerships, including “Careers Hubs” bringing over half of them alongside local colleges, careers professionals, universities and employers with support from over 100 national employers. Founders4Schools works with the Careers and Enterprise Company and others to connect business leaders with over a thousand schools. There are also 30,000 STEM Ambassadors grouped into 19 regional STEM hubs. Tech UK carries a page of links to digital careers sites. Other employer and industry groupings with careers activities include FISSS, 5% Club.
3.4 Cyber Security Technical and Professional Partnerships
- be the self-regulatory body for Cyber Profession
- support the delivery of the Government Cyber strategy
- set standards nationally and internationally for the profession with ethical guidelines
The UK technical authority will remain the NCSC. The role of the Council is complementary, setting professional standards and providing a voice to the technical authority from the profession.
The four pillars are:
- Professional development: The Council will begin by mapping the qualifications and certifications already available back to the knowledge areas in Cybok and through to create pathways so people can find how to enter and navigate their way through the profession. (See Appendix for Qualifications accredited by the founding members)
- Outreach and Diversity: the long term focus is pupils before they decide their educational direction (boys 12-14, girls earlier). Shorter term it is on recruitment from parallel disciplines. There is also a need to look at gender, ethnic and neuro diversity and at inclusivity.
- Ethics. Enforced against agreed baseline standards will through the professional bodies with the Council providing assurance and a route for appeal.
- Thought leadership and influence with regard to new technologies, e.g. Cloud, AI, Machine Learning, Quantum. NCSC provides technical guidance.
The Council has to be self-sustaining after seed corn funding from DCMS. Membership will be open to any organization that can show that it has an interest in developing the profession and for which cyber security is a core or important part of what they do. That will include professional bodies, training, certification and qualification providers, plus a range of employers of cybersecurity professionals to help ensure that the needs of the public sector, defence, transport, finance and health are covered.
3.5 Other cybersecurity qualification/certification providers and their programmes include:
NCSC Academic Centres of Excellence in Cyber Security (ACE-CSE): 8 Universities and a call for additional centres currently out.
NCSC Certified Degrees (Batchelor, Integrated Masters and Masters : 23 Universities
AWS, CISCO, IBM, Microsoft , Oracle Samsung, SAP, Juniper, Palo Alto, SANS, Open University, City and Guilds, Pearson, Huawei. IASME runs the Cybersecurity Essentials certification that is mandatory for those in Government procurement supply chains.
3.6 Education, Training, Geographic and Application Sector Partnerships
Cybersecurity Talent Attraction and Careers Guidance programmes include: Cyberfirst (the umbrella for NCSC funded competitions and courses), (Cybersecurity Challenge funded by an industry consortium) and Cybergirls First (employer supported schools events to stimulate wider engagement). Salute my Job (and other similar guidance operations) for those leaving the armed forces.
Association of Career Colleges: Two Cyberhubs are operational (Plymouth and Barking and Dagenham). Two are expected to be operation within three months (Birmingham and Liverpool). Another is expected to be operational by summer (Manchester). Subject to the success of the first five the lead sponsor (AWS) has agreed to support one per Career College (currently 22).
TP Degrees is the accreditation operation previously run by e-Skills, now a subsidiary of Tech UK. It is used by over 200 employers and 38 Colleges/Universities for their degrees and apprenticeships.
University Technical Colleges : UTC Cybergroup 21, including MATs giving a total of over 50 Schools. Sponsors include Fujitsu who sponsored an on-line challenge day with Immersive labs attended by over 800 pupils.
Global Cyber Alliance Anglo-US which uses the proceeds of crime to reduce vulnerabilities by providing free tool-kits
Vendorcom Brings together on-line payment and transaction providers
West Midlands Digital Road Map BT, PWC, Lloyds Bank, Microsoft, Google, Coursera., Good Things, Fircroft College, Dudley College, Halesowen College, Birmingham University, OU, Comptia
3.7. Apprenticeship, Training and Awareness Providers:
Bluescreen IT cyber-security audit and skills provider to defence and aerospace operating to international (NATO) not just UK standards. It pioneered the cyberhub: secure, shared, networked skills incubators-cum-SOCs, operating within contractual processes for ethical co-operation.
Bobs Business a small business security training co-operation which grow out of the EU-funded collaboratipn which made South Yorkshire “the safest place to go on-line” in the UK.
DSS the digital arm of Newham College which also co-ordinates apprenticeship operations for London North of the River Thames. South Bank University does South of the Thames. Newham commonly works in tandem with QMUL
Good Things is the UK’s main digital inclusion charity running and/or involved with many digital literacy and inclusion programmes, national and locally.
Immersive labs Bristol-based multi-national providing AI based on-line cyber-security training materials and courses, including uncharged access for registered pupils and students.
QA Probably the UK largest digital (including cyber security) training provider. Runs boot camp programmes for Amazon (e.g. Cloud Security for Army veterans, wives and dependents), BAe (thousands of applicant down to hundreds capable of UK eyes only security clearance) etc.
The Security Company Arguably the largest and best known UK-based provider of Corporate Security Awareness programmes.
3.8 Generic Training Providers with Digital/Cyber offerings include:
3.9 Recruitment Agencies and Sites include:
3.10 Applicant Applicant Screening
There are a wide variety of requirements to check claimed identities and audit the processes used from “know your customer” and DBS checks, through trade association standards, such as those of the Payment Card Industry or Government requirements such as BPSS. The scale and nature of Employment and Education fraud make it essential to also be able to check the authenticity of job sites and offer and the provenance of claimed qualifications and supposedly accredited training providers.
The NCSC guidance is here. The best known email authentication tools are those available at no charge from the Global Cyber Alliance which also runs boot camps on their use to secure and check domain names etc. Those services doing business with Government are required to be accredited to Cyber Essential + but this is not always enforced. The CPNI Employment Screening guidance includes support documentation such as: CPNI Document verification guidance and CPNI employment Screen Good Practice .
Many organisations offer screening services using a variety of processes. Some automated and on-line, others not. Their value depends on the processes and sources they use. CIFAS is the main clearing house for general fraud prevention information and guidance on identity protection . UKIFA has just been launched, with support from the London Fraud Forum , Reed Screening and others as a UK clearing operation for advice, guidance and reporting on impersonation and identity fraud. ADVP is the trade association for those providing the electronic validation of identity documents in the UK. Founding members included Passport Proven and Prospects HEDD , the portal for validating claimed UK degrees. Qualification Check offers a global service. Other services for checking documents supposedly issued by Governments and/or other claimed identities include Onfido and Junio.
Appendix 1 lists the main organisations providing cybersecurity qualifications and the processes for checking accredited individuals and training providers.
3.11 Onwards: Identity and Access Management Identity and Access Management, Data Protection and Information Governance, Risk Management, Trading Standards, Investigation, Prosecution/Redress [to be added ]
4 Points of Leverage
4.1 Formation and launch of the Cyber Security Council
The Cyber Security Council is expected to provide outreach to other relevant professional bodies, trade associations and regulators. To do so it will far more resource than is currently envisaged.
The activities below should not divert effort from the formation and launch of the Council, but be progressed in parallel, with the expectation and intention that they will come under the aegis of the Council as it grows and matures.
4.2 Joining up guidance on reporting and safeguarding
NCSC has issued Cyber Aware for sole traders and small firms but has not yet produced guidance for individuals and families It is focused on improving password practice, adopting two factor authentication, software updating and forwarding phishing e-mails.
There is currently fragmented guidance for reporting: scam texts) phone calls (e.g. Protecting you from scams | BT Help ), phishing e-mails (e.g. simple forwarding or generic guidance ), employment fraud (Safer Jobs), financial fraud (e.g. Take Five and Action Fraud) and the various types of abuse (e.g. Child Abuse , Hate Crime, Revenge Porn ) and impersonation (e.g. Amazon, Apple, Facebook, Google, Instagram, Twitter etc.).
Given the scale and nature of fraud and impersonation, authoritative and reputable guidance needs to be accessible via a robust, secure and usable (by a variety of audiences) front ends, including via:
- Neighbourhood Watch and Safer Neighbourhood Partnership Teams,
- Local Police Force and Cyber Resilience Centre Programme
- Corporate websites (e.g. via links from “Report Abuse/Problem” buttons
- Schools, business, children and adults as well as professionals, technicians and advisors.
4.3 Guidance on public funding for training, on tax breaks and on use of the apprenticeship levy
Employers can claim £1,000 per Traineeship, which may range from 6weeks to 6 months with varying requirements. Kickstart is for those aged 16 – 24 who are out of work, on Universal Credit and at risk of long-term unemployment. T-Levels require 45 week industry placements. The Essential Digital Skills entitlement is fully funded and covers basic skills.
There are varying incentives for apprenticeships according to age. There are also programmes to enable the re-use of unused apprenticeship levy – such as that being piloted under the aegis of the Positive Transformation Group with the Shaw Trust. There is also a need to promote guidance on good practice in running apprenticeships programmes such as that from Investors in People.
4.4 Guidance on identifying applicants and reputable training providers
There is a serious problem with education, training employment fraud (from obtaining the credentials of applicants to enable access, through frees for worthless/unnecessary checks and qualifications to the “insertion” of unqualified/malicious applicant. There are also issues to do with the quality, relevance, competence and probity of training providers. This problem will become very much worse, very quickly as fraudsters seek to exploit the skills programmes announced in the budget on 3rd March.
4.5 Guidance on Safeguarding pupils and students of all ages
Reference and links to London Grid for Learning, Safer Internet Centre, JISC, NSPCC, Elder Abuse etc. and new DfE funded SWGfL programme.
5 Action Plan
5.1 Use the revision and completion of this paper to identify partners, publicity channels and invitees for the SASIG Skills Fest
5.2 Use the process to identify those interested in using the Skills Fest to pilot a secure (e.g. DNS checked) portal for use by schools, colleges, careers advisors, pupils and partners to access reputable careers information via Janet and the Grids for Learning
5.3 Use the revision of this paper in the light of experience and feed-back from the Skills Fest to help inform those planning the skills outreach programmes for the Security Council
5.4 Use the revision of this paper to help those seeking to join up activities at the local and regional, not just national, level.
5.5 Use the revision of this paper to help inform those planning and implementing policy development and implementation: central and local government, regulatory and corporate.
The audiences include Communication, Financial Services, Data Protection and other regulators as well as Home Office, BEIS, DCMS, DWP, Treasury and their agencies.
5.6 Use the revision of this paper to help form “coalitions of the willing”, publicise their success in moving from words to deed, and encourage others to join them.
6 Appendices (yet to be completed)
Appendix 1- Providers of Cyber Security Qualifications and how to check the claims of accreditation by individuals and providers
- Tech UK visit TP Degrees for a list of accredited degrees and use Prospects Hedd to check individual claims
- NCSC Certified Degrees and NCSC Academic Centres of Excellence in Cyber Security , individual clams can be checked via Prospects Hedd
- (ISC2) , 7,900 UK members with CISSP, claims can be checked via Member Verification (isc2.org) and Official Training Providers (isc2.org)
- BCS : Certificate Checker (bcs.org)
- CIISEC :
- CIPD :
- CompTIA : CompTIA Digital Badges | CompTIA IT Certifications , Delivery Partner List (comptia.org)
- CREST :
- CSFS :
- IAP :
- IET :
- InstMC :
- ISACA, CRISC, CGEIT, CDPSE, Verify a Certification (isaca.org) , Find an Accredited Training Partner (isaca.org)
- Security Institute,
- SANS :Find a Certified GIAC Professional | Directory
- IASME : Cybersecurity Essentials
- City and Guilds : Certificate Verification , Training Provider Accreditation , employer training programme accreditation
- AWS, CISCO, IBM, Microsoft , Oracle Samsung, SAP, Juniper, Palo Alto, Open University, , Pearson, Huawei.
Top 10 Digital qualifcations in order of global demand: ITIL Foundation, CCNA Cisco Certified Network Associate, CISA Certified Information Systems Auditor, CCNP Cisco Certified Network Professional, Comptia A+ , CISM Certified Information Security Manager, Comptia Security + , Comptia Network + , CCA-V Citrix Certified Associate – Virtualisation, AWS Certified Solution Architect