• United States



UK Editor

UK Cyber Security Council CEO reflects on a year of progress

Sep 27, 20233 mins
Data and Information SecurityGovernmentSecurity

Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity.

uk united kingdom fallback generic shutterstock 1666920130
Credit: Shutterstock

The CEO of the UK Cyber Security Council, Professor Simon Hepburn, has reflected on key achievements over the last 12 months in an interview with broadcaster ITN. Hepburn assessed the Council's work around cybersecurity professional standards, careers and learning, and outreach and diversity.

In what he called a "very busy year" the council -- the self-regulatory body for the UK's cybersecurity sector -- has worked both locally and internationally to advance the cybersecurity ecosystem within the UK.

UK Cyber Security Council's four new cybersecurity standards

"We've developed four professional cybersecurity standards in different areas," Hepburn said. These are Cyber Security Governance and Risk Management, Secure System Architecture and Design, Security Testing, and Audit and Assurance.

"When we were working with organizations to develop those standards, we did a lot of work on raising the profile of cybersecurity as a profession, which is really, really important, and one of our key priorities."

The council has partnered with several organizations that are specialists in specific areas of cybersecurity to develop the standards, Hepburn added. These include international professional association ISACA and industry bodies (ISC)2 and the Chartered Institute of Information Security (CIISec).

The standards are a key foundation of the council's work towards establishing a universally recognised, professional standard for the UK cybersecurity sector to provide professionals the opportunity to achieve chartered status across 16 specialisms.

"We’ve taken people through that process, and we're really pleased that we've got a lot of successful candidates, also some that weren't so successful, but that's the whole learning process. We use that learning as part of the next development.

The Council has also developed its Technical Advisory Panel, made up of security experts across government departments and different kinds of organizations/institutions who will review and assess the criteria of what it has developed, Hepburn said.

UK Cyber Security Council's work on tackling skills shortages, improving diversity

Hepburn was asked about the current shortfall of cybersecurity talent in the UK, as highlighted in a recent report from the Department for Science, Innovation, and Technology (DSIT) which revealed that approximately 50% of UK businesses have a basic cybersecurity skills gap. "It is a concern, but we’ve always kind of known that that exists," he said. "It is a long-term game -- it's a marathon, not a sprint."

The first key thing the Council has done to help address the skills shortage issue is to raise the profile of cybersecurity as a profession, engaging with schools to raise that awareness among younger people, but also for career changes, Hepburn said. "Our role is to really demystify the roots into the cybersecurity profession, using things like our online career tool to show how qualifications and experience align to specific opportunities."

The Council has also been working to improve representation in the UK cybersecurity field, Hepburn said. This includes the publication of the Diversity Process Flow Paper exploring the barriers people of colour and those from ethnic minority backgrounds face when pursuing a career in cybersecurity. "Increasing ethnic minorities in cyber but also elevating women in cyber. Also, we do things like thought leadership, looking at issues like neurodiversity. For us, it's really about social mobility; it is about profiling the opportunities and making sure everyone's aware that they're welcome to join the profession."

UK Editor

Michael Hill is the UK editor of CSO Online. He has spent the past five-plus years covering various aspects of the cybersecurity industry, with particular interest in the ever-evolving role of the human-related elements of information security. A keen storyteller with a passion for the publishing process, he enjoys working creatively to produce media that has the biggest possible impact on the audience.

More from this author