UK Cyber Security Council publishes new strategy for advancing the UK’s cybersecurity sector

The UK Cyber Security Council – the self-regulatory body for the UK’s cybersecurity profession – has published a new strategic document detailing its plans for developing the sector over the coming years. In Chartering a Cyber Future Strategy 2025, the Council set out seven aims and priorities that it will focus on to help advance the cybersecurity industry across the UK.

Strategy designed in collaboration with cybersecurity sector

Dr. Claudia Natanson, chair of the UK Cyber Security Council, stated that the new strategy has been developed in collaboration with key stakeholders and through engagement with industry professionals to ensure it delivers an approach that works for the industry as a whole. “The Council will continue to engage with and work alongside the industry to achieve our aim of being the voice of the cybersecurity sector,” she added. “The Council has an essential role to play in helping to create a world class cybersecurity industry here in the UK and its new strategy will play a central role in achieving this.”

Professional standards, ethical/career frameworks, diversity among Council’s aims

The UK Cyber Security Council’s seven-piece strategy consists of focus areas including the development of standards and frameworks along with diversity outreach initiatives and organisational excellence.

1. Raise the industry’s profile: The Council stated it will raise the profile and visibility of the UK’s cybersecurity profession by demonstrating a discernible positive impact on the cyber ecosystem in all its workstream areas. This will include reaching a wide audience across the industry through various engagement strategies such as social media, regular and relevant communications and by both hosting and attending high profile events as part of its annual events strategy.
2. Design schemes to award professional cybersecurity titles: The Council will design schemes to award the professional titles of Chartered, Principal, and Associate, beginning with a pilot in Autumn 2022 for the Cyber Security Governance and Risk Management and Secure System Architecture and Design specialisms, it said. “By 2025, all agreed specialisms will have been stood up, underpinned by a holistic, responsive and inclusive standard, to represent the Cyber Security Life Cycle,” the Council added
3. Drive a cybersecurity ethical framework: In recognition of the importance of working ethically in cybersecurity, the Council stated it will develop an ethical framework in which the profession should operate. “This framework will be shared with sector professionals, government, stakeholders, and the third sector, to ensure we are helping to make the UK the safest place to live and work online,” it said.
4. Introduce a cyber careers framework: To demystify and simplify career paths within cybersecurity, the Council aims to design, develop, and publish frameworks aligning agreed specialisms in the sector. “The framework will cover areas such as qualification and certification, skills and behaviours, and knowledge and expertise,” and will enable the Council to create and promote cyber career route maps which will allow practitioners to develop specialised skills within the field of cybersecurity, it added.
5. Oversee outreach and diversity initiatives: The Council will use outreach initiatives to address the longer-term skills gaps in the sector and set a clear strategy and workplan to deliver the ambitions of increasing diversity throughout the cybersecurity workforce across the UK. “We will encourage, inform, and support those underrepresented within the sector such as women and people from ethnic minority backgrounds, to pursue a career within cybersecurity,” it added. The Council will do this by championing existing role models, hosting accessible and relatable events, publishing thought leadership pieces on the need for increased diversity, and inviting collaboration from professionals, businesses, and the wider community.
6. Establish trusted, authentic thought leadership: With the support of data and technical leads, the Council said it will work to establish trusted and authentic thought leadership to ensure it is speaking on the issues that matter to industry. “Through our links with academia, our business stakeholders, and our members, we will inform developments and feed into government activities. We will commission and publish annual research papers to inform government activities, as well as reports, publications, and public-facing articles to inform the public of our work,” it stated.
7. Create a fit-for-purpose Royal Incorporated Organisation: Lastly, the Council intends to create a fit-for-purpose Royal Incorporated Organisation to deliver on its missions and excellence across the profession. “We will have inclusive and accessible pathways to chartership in order to contribute to the recognition of cyber as a global profession,” it stated. The Council added that it will create a legal structure that enables the organisation to be self-funding, sustainable and scalable, by sourcing and generating alternative income streams to support the longer-term future of the organisation.