Cybersecurity is an interesting trade.  Historically, it’s often an area people fall into by happy accident rather than design, and only when you’re already working in it do you realise just how fascinating an area it is and where it might take you. 

For instance, if you haven’t already caught it, check out Mary Haigh’s wonderful account from last years ‘CIISec LIVE’ event – she rose to become CISO at BAE Systems. 

Things have thankfully improved a little, although still nowhere near as much as CIISec would like to see.  CIISec has developed an industry-leading cyber-skills framework – clear, accessible and adaptable to individual role requirements, and based on practical function rather than abstract knowledge. 

This framework is excellent for determining what skills you need to perform a role with competence, and demonstrating that you have them.

From an employer perspective, knowledge alone is not enough, and knowledge frameworks are not enough.  Knowing the theory is very different to be able to put it into practice: consistently, appropriately, and pragmatically. 

Application of knowledge in a working environment, understanding what knowledge to call upon and where, marrying that with communication, interpersonal and business skills, and all or it underpinned by generic professional behaviours and sound ethics – that is what employers need, and what they will reward.

CIISec well understands this employer need, and is why it has been working hard to provide the tools to help them, not just in recognising cyber talent and quality and all levels, but in understanding their cyber skills requirements and progression pathways through the myriad and labyrinthine mesh of possible routes – especially important for the smaller and medium-sized businesses. 

In particular, it is now working on integrating that brilliant skills framework with a duties library and progression pathway signposting system with in-built recognition, for businesses and individual alike. 

For the individual, this not only shows where you are, but where you might go from that position and what skills you would need to acquire to get there.  And it can independently confirm achievements once you have made them, and the currency of that achievement in a constantly changing professional landscape. 

What’s more, it will show you how you can demonstrate that achievement to your employers and colleague, and provide the recognition you deserve for doing so – recognition accredited by the independent industry authority, the Chartered Institute for Information Security.

For the employer, CIISec provides independent authority that you have the skills you need, the progression pathways available to help keep the staff who hold them, and recognition of achievement upon those pathways.  You’ll know what role you need to recruit for, and what people can do once they’re in them – at all levels, from school to retirement.

Grassroots strategy

Key to all this is the nurturing and broadening of the cyber talent pipeline in early career. CIISec is absolutely committed to encouraging and diversifying that pipeline, recognising vocational and experiential achievement every bit as much as academic.  That’s why it is promoting the fantastic CyberEPQ in schools for 16-18 year-olds – giving young people a taste of what cybersecurity means in practice while adding to their UCAS points.

CIISec also runs the Associate Development Programme (ADP) (ciisec.org) for early career practitioners, and has set up the CIISec Apprenticeship Programme (CAP) Apprenticeships | CIISec for cyber apprentices. 

All these developments are designed to encourage and recognise early opportunity and talent wherever and however it arises, be that through academic, vocational experience or technical education.  This approach also inherently provides access to a wider talent pool that would otherwise go untapped, and with enhanced diversity. 

Not that we claim everything is perfect, of course. This is an ongoing and constant mission. For instance, in recent conversation with the IfATE Digital Route Panel chair and Burberry Global CIO Mark McClennon, it was clear that we (in the digital sector as a whole, not just cyber), are still failing in apprenticeship recruitment when it comes to simple gender balance.  Dramatically so: a ratio of about 10:1. Why is this the case?  Why can we not attract more female talent?  

Personally, I suspect the root cause runs deep, back to social norms, stereotyping and peer-pressure from the beginning of secondary school – perhaps earlier.  That is why The CyberEPQ is such an important piece of the puzzle, and why we must reach back even further in school to help all children understand the importance of information, data, cyber security and what rewarding career opportunities could lie ahead for those with the aptitude and disposition to pursue them.

CIISec signposts opportunity, recognises professional progression and helps development across a career lifetime as no one else can.  CIISec provides your map, guide and compass: clarity, recognition and authority throughout a lifetime of career development, and is continually striving to improve it. 

Richard Lester CITP FRSA has over 25 years’ experience in delivering infrastructure projects and programmes within the IT industry, primarily airline and telecommunications. Latterly he has been instrumental in developing skills recognition and progression pathways for industry, working for BCS, DfE, IfATE, UKCSC and CIISec.