Collaborative Alliance of Organisations Announced to Advance the UK’s Cyber Security Profession

Effort backed by Leading Bodies in the Field Aims to Support National Cyber Security Strategy

19 July 2018, London:  In recognition of the United Kingdom’s increasing economic dependence on internet-enabled capabilities, a number of established councils, chartered professional bodies, professional certification bodies, academics and industry representative groups have established a collaborative alliance to advance the development of the cyber security profession. With representation from a breadth of disciplines currently active in cyber security professional practice, including computing, engineering, physical security, CNI and focused cyber security bodies, the collaborative effort reflects constituent members’ common understanding that professional cybersecurity expertise is relevant to a broad range of disciplines. With an overall aim to provide clarity around the skills, competences and career pathways within this fast-moving area of professional practice, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy to provide a focal point for advising national policy, including the stated intent to recognise professionals through Chartered status.

The Alliance brings together a range of established expertise and disciplines, each of which currently has a leadership role in underpinning UK resilience in the digital environment. The founding membership includes several bodies operating under a Royal Charter granted through the Privy Council, and able to grant chartered status within their discipline, and it is open to including any organisation currently working on its common aims. Listed in alphabetical order current members include:  BCS, The Chartered Institute for IT, Chartered Institute of Personnel & Development (CIPD), the Chartered Society of Forensic Sciences (CSofFS), CREST, The Engineering Council, IAAC, The Institution of Analysts and Programmers (IAP), The IET, Institute of Information Security Professionals (IISP), Institute of Measurement and Control (InstMC) ISACA, (ISC)2, techUK, The Security Institute, and WCIT, The Worshipful Company of Information Technologists.

Today’s announcement follows constituent members’ participation in a series of workshops led by the Department of Digital, Culture, Media and Sport (DCMS) to develop a national professional body for cyber security, with government’s proposals now open to public consultation. See today’s announcement from DCMS here: https://www.gov.uk/government/consultations/developing-the-uk-cyber-security-profession

Alliance members are now committed to, without prejudice, engaging their membership to encourage a broad and robust response from the broad community of practice currently working in the field.

Common objectives agreed by Alliance members include:

  • To harness the full range of proven and established UK cybersecurity professional expertise;
  • To provide a forum for benchmarking and shared standards for cybersecurity professional excellence;
  • To enable the development of the specialist skills and capabilities that will allow the UK to keep pace with rapidly evolving cyber risks;
  • To enable a self-sustaining pipeline of talent providing the skills to meet our national needs;
  • To provide a focal point which can advise, shape and inform national policy

In support of their commitment, founding members said: 

bcsBCS, The Chartered Institute for IT
“BCS, The Chartered Institute for IT, strongly believes that collaboration at all levels is necessary to protect the public from current and future cyber threats. This collaborative development is therefore not only a functional necessity, but speaks to a necessary culture change for organisations and individuals working in cyber. As with other established professions, there will be places where we compete, but we must collaborate and share as a diverse professional community for the good of everyone to ensure we do not let down the people we ultimately serve. Our announcement today is only the start of our work, but it is well-founded on a shared mission, built on trust and compatible objectives, and bodes well for the future. It’s fantastic to be able to declare this with such a large field of distinguished organisations, and perhaps surprising to see for many who have worked in cyber security. This is a true reflection on a new culture and a new level of public need for the best in cyber security.”
     Jeremy Barlow MBCS, Director of Standards, BCS, The Chartered Institute for IT

cipdChartered Institute of Personnel and Development
“As the professional body for HR and people development, we are delighted to support this alliance, and help to raise awareness and understanding across our profession to the issues of cyber security. Access to and use of data and technology is as much about the people as it is about the technology itself, and we need to ensure that people are properly aware and trained to understand and mitigate cyber risks for themselves and for their organisations.”
     Peter Cheese, Chief Executive of the CIPD

crestCREST
“The information security industry relies on a wide range of skills and capabilities ranging from highly technical individuals providing penetration testing, incident response and threat intelligence services, to those responsible for policy, management, training, education and communications. Therefore, it is important that the professional organisations representing different facets of our industry work together to harness knowledge and experience. While these bodies have worked together for many years, the formalisation of the relationships is a significant step forward in the professionalisation of the industry. CREST supports the Alliance initiative and is delighted to be a founding member.”
     Ian Glover, President of CREST

iaacInformation Assurance Advisory Council (IAAC)
“The Information Assurance Advisory Council (IAAC) is pleased to support the government’s objectives to enable a clear, comprehensible career path for those entering cyber security, and to establish an authoritative voice for the Profession. IAAC was one of the earliest members of the Alliance and particularly welcomes the breadth of its composition, reflecting the wide range of skills and aptitudes demanded to ensure a safe and secure information society able to benefit from the many opportunities of the Information Age. We believe this will underpin the objective of making the UK the best place to do business online and to enhance UK resilience, while also setting a standard for others to follow.”
     Lord Arbuthnot, Chairman, IAAC

iapThe Institution of Analysts and Programmers (IAP)
“The IAP is committed to ‘Improving Software for Society’ and we recognise the threats from the cyber world affect all of us working in the information technology arena. From those who create the hardware that routes your emails and internet, the person who writes the app for your phone, to the computer scientist who is developing the next generation of computer. While we should only have to concentrate on creating an environment that is a good user experience we find ourselves in a battle with those out there in the cyber world who would try to do us harm. We are pleased to be working with our members and partners to ensure the software of tomorrow is fit for purpose and this means it must be robust to cyber attacks. The bringing together of this group of distinguished bodies shows the computer industries commitment to working together to protect the public and business from those who try to exploit them. To this end we are pleased to support the government’s objectives and help guide national policy.”
     John Ellis FIAP (Cmpn), MBCS, Operations Director, The Institution of Analysts and Programmers

IET Institute of Engineering and TechnologyThe IET
“It’s fundamental that cyber security is seen as an established profession and we are in support of the need for a professional body to recognise the breadth of expertise within the industry.

The Alliance offers the integration and coordination of existing Chartered and professional bodies across a range of cyber disciplines, that can provide credibility and knowledge to help deliver this work. With cyber skills shortages already emerging at every level, we are committed to working with the Government and the National Cyber Security Centre on the best solution. This will enable the rapid, yet capable development of specialist cyber skills to meet the growing needs of the industry, manage risk and secure the next generation of talent.”
     Ahmed Kotb, IET cyber lead

iispInstitute of Information Security Professionals (IISP)
“The IISP has always supported collaboration and cooperation across the information security industry and has been a champion of professionalisation and career development. Therefore, we are delighted to be one of the founding members of the Alliance and support the Government-backed initiative to harness the valuable knowledge and experience that exists across the various, well-established industry bodies. Working together with common goals is increasingly vital as we face growing cyber security threats and global disruption.”
     Amanda Finch, General Manager, IISP

isacaISACA
“At a time when cyberattacks have emerged as a clear threat to the economic and national security of countries throughout the world, it has been encouraging to see the UK take a leadership role in driving toward a national strategy that will strengthen capabilities and put more robust deterrence in place. As a global organization focused on advancing the positive potential of technology, ISACA is proud to be part of this Collaborative Alliance that will ultimately allow the UK and its residents to prosper from society’s ongoing digital transformation from a position of strength and security. We believe objectives such as the prioritisation of benchmarking cyber capabilities and a sharper focus on the need to fortify the pipeline of highly skilled, well-trained cyber security professionals put the alliance on track to serve as a valuable resource in support of the UK National Cyber Security Strategy.”
     Michael Hughes, CISA, CRISC, CGEIT, Board Director of ISACA

isc2(ISC)2
“We are reaching an important milestone in the maturity of our profession with the intent to develop a nationally-recognized professional body and consideration for chartered status. The UK is taking a leadership role in this effort that may well set an example for governments around the world. We are keen to support their work – ensuring the opportunity to build on the more than 30 years of international front line experience that has been comprehensively documented by (ISC)2 and our colleagues within the Alliance – to inspire a safe and secure cyber world. While cybersecurity was once purely the domain of focused specialists within IT, it has evolved to include a much broader range of governance, risk and policy experts. Still, a recognised skills gap exists which requires attracting more bright minds to the field. Reaching professional maturity and meeting the need will depend on the breadth of perspective and support that the Alliance is working to harness.”
     Deshini Newman, MA(Cantab) MBA FRSA, Managing Director EMEA, (ISC)2

tech-uktechUK
“techUK is pleased to be a founding member of the Alliance and contribute to the development of the cyber security profession. Our digital economy is underpinned by the need for cyber security expertise and skills across a range of disciplines.  Through bringing together these Professional Bodies and harnessing the full range of established cyber security professional expertise, the Alliance will go a long way to providing a focal point for the sector on the cyber security skills, competencies and standards needed to ensure that the UK has the skills needed to remain resilient to the growing cyber threat.”
     Talal Rajab, Head of Programme – Cyber and National Security, techUK

security-instThe Security Institute
“The Security industry has always been completely supported by the Security Institute as a professional body. We are fully committed in propelling the delivery of convergence between Physical Security and Cyber Security, by working on common security principles and objectives with the Collaborating Alliance we will continue to support the UK Government’s Cyber Security Strategy including our own.The Register of Chartered Security Professionals (RCSP) support the CSyP (Cyber) which will allow us to fulfil our vision for the cyber security profession through this Collaboration Alliance.”
     Mahbubul Islam, Director, The Security Institute

wcitWCIT, The Worshipful Company of Information Technologists
“The Worshipful Company of Information Technologists (WCIT) recognises that Information and Cyber Security is a profession that will continue to develop and grow for the foreseeable future. Cyber has also been recognised as a discipline that is impacting all aspects of business and society. Just as the development of the Engineering profession bolstered the Industrial Revolution, we need to identify the underpinning skills and expertise to meet the challenges of the current and fast-evolving digital era. The coming together and formation of an alliance of leading organisations already working in information and Cyber Security is a robust and significant step forward that provides the focal point to both guide the development of the profession and advise National Policy.”
     Roy Isbell (Prof.) FIET FBCS CITP, ITC Security Panel (Chair), WCIT