The cybersecurity industry is relatively young compared to fields such as engineering, law, and medicine, but that doesn’t mean it shouldn’t be taken seriously. Sitting with Dr Claudia Natanson MBE, CEO of the UK Cyber Security Council, one message she is clear to emphasise is the need for professionalisation.

You may read that and think, “It feels pretty professional to me!” Let me explain. Natanson was keen to stress two key elements on the road to professionalisation. Firstly, it’s about creating clear pathways into cybersecurity careers, and secondly, it’s about how the UK is formally recognising cybersecurity as a profession.

She points out that the impact of ransomware on businesses can be measured in the trillions, making a serious, collective defence essential—“just as we did with engineering, medicine, and accounting.”

Natanson praises the UK for leading the charge and being a pioneer in promoting cybersecurity as a profession, something she believes “we should all be proud of.” She acknowledges that cybersecurity, as a profession, is still in its infancy—“in reception class” compared to more established fields—but she is pleased that a first step has been taken. The next challenge is to develop structured career pathways.

Heart of Everything

Speaking at the Council’s recent conference in London, Natanson stated that professionalisation is “at the heart of everything and at the heart of our profession.” For the Council, professionalisation is about specialisms, and at the heart of specialisms is competence.

Talking to SC UK, she explained that to define a professional, competence must come first. She gave examples: a truck driver must be competent to drive safely, and if you were to visit a heart surgeon with the title ‘specialist,’ you would expect their competence level to be exceptionally high.

“That’s the first thing we’re focusing on—professionalisation creates a pathway to help individuals increase their competence to the highest level they aspire to,” she says. “Not everyone in engineering or medicine becomes a judge or a KC, but at least there is a clear path to achieving that.”

She describes competence as having two core components: knowledge and experience. “Experience is built over time, combined with the knowledge you acquire; but in cybersecurity, we must study constantly, as the field evolves daily. That’s why competence lies at the heart of professionalisation. Commitment follows when individuals recognise they are part of a profession.”

Competence and Confidence

Natanson highlights that the more competent someone becomes, the more confident they tend to be. “As I work across different sectors globally, it’s competence that gives me confidence. Competence enables me to assess an organisation’s specific needs. There’s no one-size-fits-all approach—each sector is different. That experience allows you to bring everything together and say, ‘I know exactly what this organisation needs,’ but only after understanding its unique challenges.”

Discussing pathways into cybersecurity careers, Natanson argues that it’s time to stop saying people “fell into” cybersecurity, as this creates a negative perception for future generations. “Would you aspire to a profession that people just ‘fell into’?” she asks. She points out that in other professions, if you ask a child why they want to become a doctor, they can visualise themselves in that role.

Changing this perception is part of the Council’s role—showing the breadth of cybersecurity careers, moving beyond the stereotype of people working in darkened rooms, and fostering pride in the profession.

“I’ve been in this profession for a long time, and if I wasn’t proud of it, I wouldn’t still be here,” she says. “We’ve spoken about professionalisation, and now that the Council exists, we must ensure this becomes a positive force for us.”

She describes the path to professionalisation as a journey—one that offers opportunities to explore different roles and develop new skills.

“It’s not a closed-door system, but being a professional means being on a journey, one where you can pause and explore different areas,” she explains. “‘Even though I’m an architect, I’d like to look at risk management because I think it would enhance the way I work with businesses.’”

Career Journey

Natanson believes professionalisation helps individuals visualise their career journey. “It provides a roadmap—not only for those starting out but also for those currently in the field, giving them a clear sense of progression. It allows people to see opportunities for improvement, increased competence, and growth within a recognised profession.”

Once established, a professional pathway can create further opportunities for the next generation. Natanson emphasises the importance of understanding the history of computing and how it evolved into cybersecurity. “It’s vital for us to talk about our sector’s history,” she says. “Professionalisation isn’t just about the present—it’s about shaping the story of where we’ve come from, where we’re going, and how different pathways have helped us become better professionals.”

She concludes: “If there’s nothing to follow, then there’s nothing to tell.”

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.