About The UK Cyber Security Council
The role of The UK Cyber Security Council (the Council) is to champion the cybersecurity profession across the UK, provide broad representation for the industry, accelerate awareness and promote excellence in the profession. It will do this by delivering thought leadership, career tools and education resources to the cybersecurity sector and those seeking to enter the sector, alongside helping influence government, industry and academia with the aim of developing and promoting UK cybersecurity excellence globally and growing the UK’s cybersecurity skills base.
The Council’s focus is set in four pillars:
- Professional Development
- Outreach and Diversity in Cybersecurity to Develop the Next Generation
- Professional Ethics
- Thought Leadership and Influence
The Council’s activities include supporting the Government’s National Cyber Security Strategy to make the UK the safest place to live and work online, doing so by leveraging all available expertise, relevant standards and guidance to deliver practical advice for the profession.
Exploring The Council’s Four Pillars
Professional Development
A key function of the Council is to support the professional development of those working in or aspiring to work in the cybersecurity profession. It also seeks to support employers and individuals as they make career-shaping decisions about the need for cybersecurity skills, development and recognition through certification and Chartered Status. The Council will do this by mapping routes into and through the cybersecurity profession, signposting essential skills, defining career pathways, removing complexity and demystifying the profession. The Council’s work includes establishing a professional qualification framework, mapping criteria to appropriate skills and qualifications including The Cyber Security Body of Knowledge (CyBOK). This will ensure a common level of knowledge for those aspiring to or achieving the appropriate grades.
Outreach and Diversity in Cybersecurity to Develop the Next Generation
Supporting and improving diversity in the UK cybersecurity sector is at the forefront of the Council’s aims to broaden the skills base and overcome actual and perceived barriers to entry and progression. Core to achieving this will be building a vibrant and inclusive national network of industry, government and education partners to provide nationwide events to attract people into the cybersecurity community from all parts of society, promote dialogue and the sharing of best practice. The Council will promote cybersecurity as an attractive and rewarding career option for people of all ages, including those recently in education and those already in work looking to career change or progress on an existing cyber path.
Professional Ethics
Building and maintaining public confidence is a core principle of the Council. At the heart of the Council’s operations and Terms of Reference is a Code of Ethics for the participating organisations as well as individual professionals. These provide the guiding principles within which the participating organisations and individual professionals can demonstrate good practice.
Thought Leadership and Influence
The Council is structured to provide coordinated strong leadership – through a variety of content and engagement platforms – to the profession and industry in the UK, as well as outside of the cybersecurity sector. It recognises that those in the profession need strong leadership in all areas that their decisions involve – technical, business and risk/cost, while those yet to enter it need guidance and clear direction on how to successfully join the sector, develop their skills and progress a long and successful career.
The Council’s role enables it to engage with and inform Government policy and regulation development by acting as an expert body, identifying where new policies are required and advising on regulations or statutes that include an aspect of cybersecurity.
Thought leadership content and activities from the Council recognise and highlight cybersecurity as a global sector, helping to forge and nurture essential international links, while working with industry and regulators to further the cause of the sector and to ensure needs are understood on both sides. Working with standards bodies is also part of the Council’s remit, agreeing which standards define cybersecurity, which will include but be wider than the ISO 27000 series.
Why The Council Was Created
The Council was conceived initially as part of the UK Government’s National Cyber Security Strategy (NCSS) 2016-2021 document, which set out ambitions to develop and accredit the cybersecurity profession. It seeks to do this by “reinforcing the recognised body of cyber security excellence within the industry and providing a focal point which can advise, shape and inform national policy.” This was developed further in the Initial National Cyber Security Skills Strategy (2018). This declared intentions to establish a new, independent, UK Cyber Security Council to act as an umbrella body for existing professional organisations and drive progress against the key challenges the profession faces.
Following a competitive tender process, the Department for Digital, Culture, Media and Sport (DCMS) awarded the contract to design and deliver the Council in September 2019 to a consortium of cybersecurity professional bodies known as the Cyber Security Alliance.
The Cyber Security Alliance
The Alliance is a consortium of cybersecurity organisations that represent a substantial part of the cybersecurity community in the UK. It brings stakeholders together in the interest of advancing a healthy cybersecurity sector for the UK, from the development of professional recognition to the collaboration around acknowledged priorities to move the workforce and skills base forward. Its members include:
(ISC)²
BCS, The Chartered Institute for IT
Chartered Institute of Information Security (CIISEC)
Chartered Institute of Personnel and Development (CIPD)
CompTIA
CREST
Chartered Society of Forensic Sciences (CSFS)
Engineering Council
Information Assurance Advisory Council (IAAC)
The Institution of Analysts and Programmers (IAP)
The Institution of Engineering and Technology (IET)
Institute of Measurement and Control (InstMC)
ISACA
Security Institute (SyI)
techUK
The Worshipful Company of Information Technologists (WCIT)