UK Cyber Security Council sets out its ambition at CYBERUK 2021


The CYBERUK 2021 panel discussion ‘Professionalising cyber security: Building a firm foundation in education and skills’ took a closer look at what the newly launched UK Cyber Security Council (‘the Council’) will be focusing on over the coming months and years.

The session began with an introduction from the Minister for Digital Infrastructure, Matt Warman MP, in which the importance of a whole-of-society approach towards the UK’s cyber security was emphasised. DCMS recently reported that half of businesses in UK have a basic technical skills gap when it comes to securing their data and operations: tackling this gap is a top priority, through the development of a cyber ecosystem which has a robust workforce that’s diverse in constitution and sustainable in terms of future supply.

In his speech, the Minister recognised that the profession is complex and difficult to navigate for individuals and employers alike. Lots of work has been going on to develop the cyber workforce, but this needs to be brought together in one place to properly support employers in accessing the skills and knowledge they need to secure their business and networks.

That ‘place’ will be the Council which has been charged with providing the professional infrastructure necessary to inspire young people, and mid-career transfers, to enter the cyber security profession. Government is committed to working with the Council, and continuing to support its work as it grows.

Dr Claudia Natanson, Chair of the Council confirmed that it will be an umbrella organisation, bringing together various groups; and learning from other professional bodies – for example, medical or legal (which all have areas that touch on cyber) – while ensuring better diversity.

Indeed, with figures such as only 16% of entry-level cyber roles being held by women, the industry is well aware that it needs to be a more inclusive work space. There isn’t a flow of people coming into the profession, and one of reasons for this is the lack of visible information about how to access a career in cyber, and what the different opportunities actually are.

Panellist, Virginia Hodge, Director at Heron Associates, underlined the positives of having one independent and objective professional body; and noted that industry is keen for the Council to work on defining the professional categories which will help employers to identify the competencies of future employees and find the people who will meet their business needs.

The National Cyber Security Centre’s Deputy Director for Cyber Skills and Growth, Chris Ensor, agreed that the Council will be the key to setting professional standards. The problem has historically been that no one quite knows where everyone fits in to the profession. The Council offers long-awaited clarity on this and NCSC will support it to build out a framework that covers specialisms, as well as a common-language approach. By mapping out the profession, the Council will help to draw more people to the field.

If we can make the pathways clear, showcase the attractive propositions, make the workforce diverse and inclusive and, therefore, make cyber more interesting, it will be possible to achieve some real change in the sector.

The panel discussion also touched on the key ingredient to the Council’s success – collaboration. Collaboration, of course, will continue to involve industry, academia, education, the NCSC and Government working together: indeed, it’s about bringing the knowledge and the practice together – including skills, experience and relevance to ensure we’re already preparing for the next tech explosion. But it’s also about ensuring equality. Because, as Dr Natanson points out, ‘if you don’t have equality, you can’t have diversity and inclusion’ and this means we need to collaborate with educators to ensure all children have access to the education pathway that leads them towards a career in cyber.

Andrew Elliot, Deputy Director for Cyber Security Innovation and Skills at DCMS highlighted that the public sector is the biggest consumer of cyber security services, and so Government has a responsibility to lead in this area. Indeed, Government is determined to stick with the Council for the long haul, viewing it as a key vehicle to deliver change in this area.

The panellists also reflected upon the importance of communication as a cyber skill – whether that’s in ensuring an organisation’s leadership team is clear about the impact of cyber security on their business, or in engaging with children on the topic – as well as the importance of integrity and ethics to help ensure a level playing field.

What’s going to happen over the next 12 months?

The Council has been energised by the goodwill towards it; and it will be creating channels to ensure that it’s relevant and that everyone (industry, academia, etc.) can find out exactly what it can do to help it achieve its objectives. It will engage across the whole of the industry to ensure that every size of organisation will have a channel into the Council. And the rallying call from all the panellists was for industry to recognise the importance of what the Council is doing, seize the opportunity for collaboration and get involved in ensuring we have the professional cyber security entity that we need to help make the UK the safest place to live and work online.