The evolving professionalism of the cyber-security industry
Cyber Security There is an ever-growing awareness of cyber security threats, with almost daily coverage in the media. The truth is every organisation is vulnerable; 100 per cent defence is not possible.
Even large organisations, with top talent and significant resources devoted to cyber-security, have suffered major breaches. The truism “it’s not if, but when” rings in the ears of business leaders and reinforces the need for skilled security professionals to mitigate against the threat.
Having identified cyber security as a national priority, in 2015 the UK Government announced an increase in cyber security spending to £1.9bn by 2020 – the only area of the budget to increase. This is reflected in business, with average salaries for security professionals increasing 16 per cent year on year.
The reason for the increased investment is simple; the cost of an attack far outstrips the ongoing cost of security. The ICO has handed out fines as high as £980,000 –which is still less damaging than the customer loss and reputational damage as results of a breach. But despite increasing budget to counter the cyber threat, businesses are still struggling to recruit the skills they need to keep up. Unemployment in the security industry has been reported at 0 per cent, with a 10 per cent increase in demand forecast each year to 2020. So how can we deliver the skills needed to address the current shortfall and also meet the growing demand? This is a question being asked by government, organisations and professionals. It is the reason for the intensifying chatter surrounding professionalisation of the cyber security industry.
Professionalisation addresses this burning issue by establishing a standard that enhances the quality of the workforce. By understanding, aligning and cultivating the most needed skills, the profession can raise the bar in the areas that will have the most value. This also establishes standardised roles and skills clusters. Businesses have a shared vocabulary to describe the skills they need that are recognised by potential applicants. New entrants are clearer on the skills they need and mindful of the need to continually self-develop. Structure, clarity and recognition make security a more attractive career path, which in turn encourages new entrants and grows the talent pool. This is perhaps the most critical of all – considering the evident need to step-change the number of workers in the field.
The cost of an attack far outstrips the ongoing cost of security
It is not always easy for professionals and potential entrants to navigate the skills and competencies required at each stage of their careers. Employers are not always clear themselves on this so the demand cited in job advertisements is not necessarily an accurate reflection of what is needed. This is where recognised skills frameworks developed by professional bodies come in. And from this standardisation and definition comes the ability to cultivate the skills on a greater scale.
For professionals wanting to demonstrate their capabilities against these frameworks, certification offers verification of their proficiency, clear stepping stones for development and improved employment and earning prospects. For employers, certification helps to assure the calibre of the professionals they are recruiting, provided this is backed up by demonstrable experience. It signifies that potential employees have been independently assessed, aiding employers in recruiting relevant skills into their organisations.
As well as being a mark of technical capability, certification also comes packaged with membership to a professional body such as BCS, The Chartered Institute for IT. These memberships demonstrate a commitment to self-development and require adherence to codes of professional conduct.
The combination of skills alignment, certification and continuous development comes together, in the form of professionalisation, to promote standards and quality amongst cyber security professionals. There is little doubt that businesses need quality security professionals, and in greater numbers. Cyber security is not a challenge that we will solve overnight, or with any one solution. Neither does it have an end date; we will have to continually assess the threat and work together to evolve best practice to stay ahead.
About BCS, The Chartered Institute for IT
IT has been gaining momentum within global business for decades and we’ve been there from the beginning, nurturing talent and shaping the profession. Today professionals & organisations work with us to exploit our unique insight and independent experience as we continue to set the standards of performance and professionalism in the industry.