UK Cyber Security Council launches inaugural initiatives

The UK Cyber Security Council – the government-backed association dedicated to security education, training, skills and certifications – has invited its 16 founding member bodies to apply for a role in determining terms of reference for two significant committees: one to oversee Professional Standards & Ethics, and the other Qualifications & Careers.

Having established its immediate priority as raising professional standards among cyber security practitioners, the council said both committees would be critical to its objective of developing a common set of professional standards to be adopted through education and training interventions. At the same time, it is beginning work on mapping CyBOK’s Qualifications Framework onto a public-facing Career Pathways Framework.

“While the council is uniquely supported by the UK government and has a board of experienced industry professionals, it will be through its members that the UK Cyber Security Council will play a central role in driving the cyber security industry forwards,” said the UK Cyber Security Council’s interim chief executive, Don MacIntyre.

“We don’t have the luxury of starting with something ‘easy’: professional standards and qualifications and careers are the two stand-out issues facing the profession, so we’re going to hit the ground running. There will never be a better opportunity for the profession to influence its own direction and development than joining the council and getting involved with these first two committees.”

Though the frameworks for the new committees are to be developed by the UK Cyber Security Council’s founders – who are all drawn from the Cyber Security Alliance – the committees themselves are to be made up of actual council members. The application process to become a member has yet to open, although the council is currently inviting expressions of interest from any organisation “with an interest in promoting, supporting and developing the cyber security profession”.

Stemming from a 2018 government consultation on developing the security profession, and funded out of the £1.9bn National Cyber Security Strategy, the UK Cyber Security Council’s mandate from Westminster is to serve as a focal point around which industry and the professional landscape can advise, shape and inform national policy on professional standards in the security trade. Its establishment was commissioned by the Department for Digital, Culture, Media and Sport (DCMS) in September 2019, and it was formally stood up in March 2021.

Speaking at the National Cyber Security Centre’s (NCSC’s) annual CyberUK conference in May 2021, digital infrastructure minister Matt Warman said: “The council has been built through extensive consultation with practitioners and organisations across the cyber security landscape.

“We will look to the council to develop the professional infrastructure of standards and pathways to help inspire interested young people, and our current workforce, to enter and develop in cyber roles, providing more confidence for UK organisations to understand their needs and recruit accordingly.”

Speaking to Computer Weekly, UK Cyber Security Council chair Claudia Natanson – previously CSO at the Department for Work and Pensions (DWP), CISO of beverage multinational Diageo, and managing director of BT Secure Services – said the council’s work would help to reframe how security is perceived in organisations, too many of which see cyber only in technical terms, not in business terms.

“By placing cyber security into the technology stack, we are miseducating people, because immediately they think it is a technology problem, but it is not, it is a business problem. When you deal with the business, you have to work across functions, influence and educate, because security is actually about hearts and minds; you have to win people to it, people have to understand why they are doing it,” she said.

A full interview with Claudia Natanson on the proposed work of the UK Cyber Security Council will be published in early July.