National professional body for cyber sec established - combines 17 orgs - just as gov criticised for inaction
![Padlock]](/rails/active_storage/representations/proxy/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaHBBK1o0RGc9PSIsImV4cCI6bnVsbCwicHVyIjoiYmxvYl9pZCJ9fQ==--ddd9fd0b943151215cc7db32e020cdc3a3a79b21/eyJfcmFpbHMiOnsibWVzc2FnZSI6IkJBaDdCem9MWm05eWJXRjBTU0lJYW5CbkJqb0dSVlE2QzNKbGMybDZaVWtpRFRjMU1IZzBOVEJlQmpzR1ZBPT0iLCJleHAiOm51bGwsInB1ciI6InZhcmlhdGlvbiJ9fQ==--9a8cb233bbd899661209fac1218cb930366c2398/padlock%5D.jpg)
A grand Alliance of 17 leading UK organisations impacting cyber-security has been formed in response to a call by the UK government’s Department of Digital, Culture, Media and Sport (DCMS) to develop a national professional body for cyber-security.
The DCMS has only just begun a consultation process - open until 5 pm 31 August, inviting those interested to contribute to how the country can improve the environment to develop people with the right skills, capabilities and professionalism to meet its need for cyber-security professionals.
The move came just as it was being reported how GCHQ had criticised the government to the Joint Committee on the National Security Strategy whose recent report (see end of this story) criticises the government for a "lack of urgency" in fixing the skills gap.
The consultation also follows on from the 2016 National Cyber Security Strategy in which the Government made a commitment to develop the cyber security profession in the UK. This consultation includes what the government says is a clear definition of objectives for the profession to achieve and proposes the creation of a new UK Cyber Security Council to coordinate delivery.
Specific aims for the consultation are to:
- Summarise the Government’s understanding of the challenges facing the development of the cyber-security profession;
- Seek views on objectives for the profession to deliver by 2021 and beyond; and
- Seek views on the creation of a new UK Cyber Security Council to help deliver those objectives.
Formation of the Alliance
There has been a swift Industry-wide response to the plans to develop a national professional body for cyber-security, with a new cross-sector alliance incorporating 17 leading UK organisations created. This new Alliance aims to help shape national cyber security standards, drive advances in cyber-education and advise the government on national cyber-security policy.
The Alliance ranges from professional bodies to institutions operating under a Royal Charter granted through the Privy Council. One of the alliance’s key aims is to create a self-sustaining pipeline of talent to fill the skills gap in the UK.
The Alliance has put out a statement explaining its formation, saying: "In recognition of the United Kingdom’s increasing economic dependence on internet-enabled capabilities, a number of established councils, chartered professional bodies, professional certification bodies, academics and industry representative groups have established a collaborative alliance to advance the development of the cyber-security profession.
"With representation from a breadth of disciplines currently active in cyber-security professional practice, including computing, engineering, physical security, CNI and focused cyber-security bodies, the collaborative effort reflects constituent members’ common understanding that professional cybersecurity expertise is relevant to a broad range of disciplines. With an overall aim to provide clarity around the skills, competences and career pathways within this fast-moving area of professional practice, the initial objective is to support commitments expressed within the UK National Cyber Security Strategy to provide a focal point for advising national policy, including the stated intent to recognise professionals through Chartered status."
The Alliance currently comprises, in alphabetical order: BCS, The Chartered Institute for IT, Chartered Institute of Personnel & Development (CIPD), the Chartered Society of Forensic Sciences (CSofFS), CREST, The Engineering Council, IAAC, The Institution of Analysts and Programmers (IAP), The IET, Institute of Information Security Professionals (IISP), Institute of Measurement and Control (InstMC) ISACA, (ISC)2, techUK, The Security Institute, and WCIT, The Worshipful Company of Information Technologists.
The statement adds that Alliance members are encouraging a broad and robust response from the broad community of practice currently working in the field.
Common objectives agreed by Alliance members include:
- To harness the full range of proven and established UK cyber-security professional expertise;
- To provide a forum for benchmarking and shared standards for cyber-security professional excellence;
- To enable the development of the specialist skills and capabilities that will allow the UK to keep pace with rapidly evolving cyber-risks;
- To enable a self-sustaining pipeline of talent providing the skills to meet our national needs;
- To provide a focal point which can advise, shape and inform national policy
Further statements were issued by some of the members including:
(ISC)2
Deshini Newman, managing director EMEA, (ISC)2 said in his press statement: "We are reaching an important milestone in the maturity of our profession with the intent to develop a nationally-recognized professional body and consideration for chartered status. The UK is taking a leadership role in this effort that may well set an example for governments around the world. We are keen to support their work – ensuring the opportunity to build on the more than 30 years of international front line experience that has been comprehensively documented by (ISC)2 and our colleagues within the Alliance – to inspire a safe and secure cyber-world. While cyber-security was once purely the domain of focused specialists within IT, it has evolved to include a much broader range of governance, risk and policy experts. Still, a recognised skills gap exists which requires attracting more bright minds to the field. Reaching professional maturity and meeting the need will depend on the breadth of perspective and support that the Alliance is working to harness."
ISACA
Michael Hughes, board director of ISACA commented: "At a time when cyberattacks have emerged as a clear threat to the economic and national security of countries throughout the world, it has been encouraging to see the UK take a leadership role in driving toward a national strategy that will strengthen capabilities and put more robust deterrence in place. We believe objectives such as the prioritisation of benchmarking cyber-capabilities and a sharper focus on the need to fortify the pipeline of highly skilled, well-trained cyber security professionals put the alliance on track to serve as a valuable resource in support of the UK National Cyber Security Strategy.
IISP
In her statement, Amanda Finch, general manager, Institute of Information Security Professionals (IISP) said her organisation has been a champion of professionalisation and career development and so: "Therefore, we are delighted to ...support the Government-backed initiative to harness the valuable knowledge and experience that exists across the various, well-established industry bodies. Working together with common goals is increasingly vital as we face growing cyber security threats and global disruption."
CREST
Ian Glover, President of CREST reiterated the industry’s need for a wide range of skills and capabilities, saying: "Therefore, it is important that the professional organisations representing different facets of our industry work together to harness knowledge and experience. While these bodies have worked together for many years, the formalisation of the relationships is a significant step forward in the professionalisation of the industry."
techUK
For techUK, Talal Rajab, head of programme – Cyber and National Security, commented: "Through bringing together these Professional Bodies and harnessing the full range of established cyber-security professional expertise, the Alliance will go a long way to providing a focal point for the sector on the cyber-security skills, competencies and standards needed to ensure that the UK has the skills needed to remain resilient to the growing cyber-threat."
The Security Institute
Mahbubul Islam, Director, The Security Institute said: "We are fully committed in propelling the delivery of convergence between Physical Security and Cyber Security, by working on common security principles and objectives with the Collaborating Alliance we will continue to support the UK Government’s Cyber Security Strategy including our own.The Register of Chartered Security Professionals (RCSP) support the CSyP (Cyber) which will allow us to fulfil our vision for the cyber security profession through this Collaboration Alliance."
WCIT
Professor Roy Isbell, ITC Security Panel (Chair), WCIT, The Worshipful Company of Information Technologists said: "Cyber has been recognised as a discipline that is impacting all aspects of business and society. ...we need to identify the underpinning skills and expertise to meet the challenges of the current and fast-evolving digital era. The coming together and formation of an alliance of leading organisations already working in information and cyber security is a robust and significant step forward that provides the focal point to both guide the development of the profession and advise National Policy."
BCS
Jeremy Barlow, director of standards, BCS, The Chartered Institute for IT adds: "This collaborative development is not only a functional necessity, but speaks to a necessary culture change for organisations and individuals working in cyber. As with other established professions, there will be places where we compete, but we must collaborate and share as a diverse professional community for the good of everyone to ensure we do not let down the people we ultimately serve. It’s fantastic to be able to declare this with such a large field of distinguished organisations, and perhaps surprising to see for many who have worked in cyber security. This is a true reflection on a new culture and a new level of public need for the best in cyber security."
IAAC
Lord Arbuthnot, Chairman, Information Assurance Advisory Council (IAAC) expressed support for a clear, comprehensible career path for those entering cyber security, and establishment of an authoritative voice for the Profession. IAAC particularly welcomed: " the breadth of its (the Alliance’s) composition, reflecting the wide range of skills and aptitudes demanded to ensure a safe and secure information society able to benefit from the many opportunities of the Information Age. We believe this will underpin the objective of making the UK the best place to do business online and to enhance UK resilience, while also setting a standard for others to follow."
IET
Ahmed Kotb, IET cyber lead also said that: "It’s fundamental that cyber-security is seen as an established profession and we are in support of the need for a professional body to recognise the breadth of expertise within the industry.
The Alliance offers the integration and coordination of existing Chartered and professional bodies across a range of cyber-disciplines, that can provide credibility and knowledge to help deliver this work."
CIPD
Peter Cheese, chief executive of the Chartered Institute of Personnel and Development CIPD added: "Access to and use of data and technology is as much about the people as it is about the technology itself, and we need to ensure that people are properly aware and trained to understand and mitigate cyber risks for themselves and for their organisations."
Critical National Infrastructure sector warnings
The initiative somewhat steals the thunder of another new report accompanying a statement from the Joint Committee on the National Security Strategy which has been warning that the gap between the demand and the supply of suitably skilled cyber-security workers in the Critical National Infrastructure sector is a cause for alarm, adding that the UK Government has no real sense of the scale of the problem or how to address it effectively.
The Joint Committee has published report into Cyber Security Skills which concludes that the shortage in specialist skills and deep technical expertise is one of the greatest challenges faced by the UK’s CNI operators and regulators in relation to cyber-security. The Joint Committee says it is concerned by the Government’s lack of urgency and calls on ministers to step forward and take the lead in developing a strategy to give drive and direction.
A lack of detailed analysis of which CNI sectors and specialisms are most acutely affected is impacting on the Government’s ability to understand, and therefore address the gap between skills supply and demand. But a standalone skills strategy, promised by Government in November 2016 and which would frame and give impetus to its various efforts, will not now be published until December 2018.
The Chair of the Joint Committee, Margaret Beckett MP, said: "Our Report reveals there is a real problem with the availability of people skilled in cyber-security but a worrying lack of focus from the Government to address it. We’re not just talking about the ‘acute scarcity’ of technical experts which was reported to us; but also the much larger number of posts which require moderately specialist skills. We found little to reassure us that Government has fully grasped the problem and is planning appropriately.
"We acknowledge that the cyber-security profession is relatively new and still evolving and that the pace of change in technology may well outstrip the development of academic qualifications. However, we are calling on Government to work closely with industry and education to consider short-term demand as well as long-term planning. As a very first response, Government must work in close partnership with the CNI sector and providers to create a cyber security skills strategy to give clarity and direction. It is a pressing matter of national security to do so."
Responding to the report, Talal Rajab, head of cyber and national security, techUK said in a press statement: "The Joint Committee’s report rightly recognises that a lack of cyber-security skills in the UK is unduly affecting the ability of CNI operators to protect the critical sectors that we rely on in our daily lives. techUK welcomes the many initiatives that Government has conducted in this space from the classroom to the boardroom. This includes the recent announcement pertaining to the creation of a Cyber Professional Body that will establish career pathways for cyber professionals to enter the sector. We also commend the ongoing work of the NCSC’s Cyber First programme inspiring young people, especially girls, to consider a career in cyber. We look forward to working with Government as it increases activities to plug the cyber skills gap and protect the UK’s critical services."
David Kennerley, director of Threat Research at Webroot also emailed SC Media UK to comment saying: "Many organisations report that there is a scarcity of skilled engineers who are trained in cyber-security, and it’s become a bidding war to retain the critical talent needed for security operations. To manage this skills shortage, CISOs should work with their HR Departments to understand how to recruit cyber-security talent. Cyber-security is a growing field and sometimes it’s better to spot specific qualities in junior candidates that can be nurtured and mentored. This allows the organisation to retain talent who are more embedded within the organisation’s culture.
"Another approach is for organisations to become proactively involved in the cyber-security community, by sponsoring hackathons, internships or presenting at security conferences. Getting the organisation involved in the community helps candidates to understand the opportunities available and will help attract the sharpest minds to the industry."
Andy Kays, CTO at Redscan, almost preempting todays moves said: "Professional qualifications which reflect evolving security needs are hugely important. That said, the current qualification and certification landscape can be hard to navigate, particularly for businesses that don’t clearly understand the skills they need. It can also be difficult for cyber-security pros to assess the careers options available to them and make informed decisions. A chartered standard would help to make the situation clearer for all."
Adam Maskatiya, General Manager, UK & Ireland at Kasperksy Lab agreed, saying: "Businesses need security professionals with adequate skills to defend the likes of nuclear plants, hospitals and every imaginable critical infrastructure, which we depend upon, but our education system and the industry are not inspiring young people’s interests and talent in the field of cybersecurity –which is leading to a skills shortage.
"This issue needs to be addressed by the industry as well as the government. It’s increasingly important to equip children with cyber-security skills at an early age to give them an idea of what cyber roles entail with an onus on us as an industry to excite and encourage students to pursue a career in cyber security. One of the biggest reasons that this shortage exists is that security businesses have recruited people with traditional technology credentials. IT businesses should consider applicants whose non-traditional backgrounds mean they could bring new ideas to the position and the challenge of improving cyber-security."
Source: scmagazine

Latest Jobs
-
- Account Manager - IT Services
- Germany
- €90000 plus OTE and Car
-
Are you a deal closer with a hunter mindset? Do you know how to uncover business pain points, and turn them into long-term digital transformation partnerships? Our Client are growing their sales force across Germany and looking for an ambitious, straight-talking Account Manager to take the lead on new client acquisition. You’ll focus on mid-sized to large enterprises across Germany helping to shape their digital future with tailored IT solutions in Workplace, Cloud, and Security. • Drive Growth: Own the full sales cycle for new business across your region. • Solution Sell: Build bespoke offers in Security, Digital Workplace and Cloud solutions • Build Relationships: Establish a solid pipeline through smart prospecting, marketing-driven leads, and your own network. • Represent a brand known for trust, delivery, and tech excellence—with 4,000 employees globally and a growing team within Germany. What You Bring • Proven new logo sales experience in the IT services space (not hardware!) • Deep knowledge in one or more of: Cybersecurity, Digital Workplace, or Cloud • Confidence to lead enterprise deals and pitch directly to senior stakeholders • Fluent German and good English skills Sind Sie ein Abschlussprofi mit Hunter-Mentalität? Wissen Sie, wie man geschäftliche Pain Points identifiziert und in langfristige Partnerschaften zur digitalen Transformation verwandelt? Unser Kunde baut derzeit sein Vertriebsteam in ganz Deutschland aus und sucht eine ambitionierte, ehrliche Persönlichkeit als Account Manager, die den Lead bei der Neukundengewinnung übernimmt. Ihr Fokus liegt auf mittelständischen bis großen Unternehmen in Deutschland, denen Sie mit maßgeschneiderten IT-Lösungen in den Bereichen Workplace, Cloud und Security den Weg in die digitale Zukunft ebnen. Ihre Aufgaben • Wachstum vorantreiben: Verantwortung für den gesamten Vertriebszyklus im Neugeschäft Ihrer Region. • Lösungsorientierter Vertrieb: Entwicklung individueller Angebote in den Bereichen Security, Digital Workplace und Cloud-Lösungen. • Beziehungen aufbauen: Aufbau einer stabilen Pipeline durch gezielte Ansprache, marketinggenerierte Leads und Ihr eigenes Netzwerk. • Marke repräsentieren: Werden Sie Teil eines Unternehmens mit 4.000 Mitarbeitenden weltweit und einem stark wachsenden Team in Deutschland – bekannt für Vertrauen, Verlässlichkeit und technologische Exzellenz. Was Sie mitbringen • Nachgewiesene Erfahrung in der Neukundenakquise im Bereich IT-Services (kein Hardwarevertrieb!) • Fundiertes Wissen in mindestens einem der Bereiche: Cybersecurity, Digital Workplace oder Cloud • Selbstbewusstes Auftreten im Umgang mit Enterprise-Deals und Entscheidungsträgern auf Top-Level • Verhandlungssichere Deutschkenntnisse und gute Englischkenntnisse
-
- Senior SOC Analyst Level 3. Microsoft Security stack | Ability to achieve SC Clearance
- London
- To attract the right person
-
Job Title: Senior SOC Analyst Level 3. Microsoft Security stack | Ability to achieve SC Clearance Location: Hybrid remote | London / Berkshire Overview: Senior SOC Analyst Level 3 to join a specialist Managed Security Services business. You will be responsible for advanced threat hunting / triage, incident response etc with a strong focus on the Microsoft Security Stack. Key Responsibilities: Lead and resolve complex security incidents / escalations Conduct advanced threat hunting using the Microsoft Security Stack. Build, optimise and maintain workbooks, rules, analytics etc. Correlate data across Microsoft 365 Defender, Azure Defender and Sentinel. Perform root cause analysis and post-incident reporting. Aid in mentoring and upskilling Level 1 and 2 SOC analysts. Required Skills & Experience: The ability to achieve UK Security Clearance (SC) – existing clearance ideal. (Sorry no visa applications) Current experience working with a SOC environment Microsoft Sentinel: Development and tuning of custom analytic rules. Workbook creation and dashboarding. Automation using Playbooks and SOAR integration. Kusto Query Language (KQL): Writing complex, efficient queries for advanced threat hunting and detection. Correlating data across key tables (e.g., SignInLogs, SecurityEvent, OfficeActivity, DeviceEvents). Developing custom detection rules, optimising performance, and reducing false positives. Supporting Sentinel Workbooks, Alerts, and Playbooks through advanced KQL use. Deep understanding of incident response, threat intelligence and adversary techniques (MITRE ATT&CK framework). Strong knowledge of cloud and hybrid security, particularly within Azure. Additional Requirements: Must hold or be eligible to achieve a minimum of Security Clearance (SC) level. Nice to have certifications (e.g., SC-200, AZ-500, GIAC) are desirable. Strong problem-solving and analytical skills. Excellent communication for clear documentation and team collaboration. Please follow Wheaton’s Law.
-
- New Business Sales Hunter | Cyber Security (UK Based)
- London
- To attract the right person
-
New Business Sales Hunter needed | Cybersecurity (UK Based) Are you looking for uncapped commission, a fun and sociable team that drives success with no politics? If so...You must Be UK based - and able to achieve UK SC clearance. (sorry no visas) Have a demonstrable history of sales success in Cyber Security Follow Weatons law. The role: Seeking a proven New Business Sales Hunter to join an established, successful and expanding cyber security firm. New business focused - £1m GP year one target (ramped). Sell a blend of security services & professional services. Ideal experience selling some or all of the following Cyber strategy & risk management Managed detection & response (MDR) Penetration testing Compliance & audit support You: Strong cybersecurity/IT services sales track record. Confident selling into mid-market & enterprise. UK based - London commutable 1x per week. Hunter mindset, full sales cycle ownership. Don't just send an email to apply give me a call on 07884666351
-
- CyberArk Architect
- London
- Upto £110,000 plus bonus and benefits
-
Are you ready to lead from the front and drive innovation in the Identity & Access Management (IAM) space? We’re looking for a seasoned CyberArk Architect who has CDE-CPC ideally or experience with privilege Cloud, someone who can lead with vision, execute with precision, and inspire teams to deliver excellence. As a key leader in our organisation, you’ll bring your strong business acumen and a technology-focused, innovative mindset to the table. You’ll be driving strategic initiatives, shaping transformation programs, and empowering teams to think big and deliver even bigger. Acting as a subject matter expert in CyberArk Leading strategic transformations in: Identity Governance Privileged Access Management (PAM) Access Management Customer Identity and Access Management (CIAM) Building and maintaining strong, collaborative relationships within the team Communicating clearly and confidently — both written and verbal — to deliver updates, raise potential issues, and share insights If you are interested in the above position we are looking for people with: deep expertise and a successful track record in IAM strategy, delivery, or assurance with CyberArk Hold relevant certifications such as CDE in Privileged Cloud or Guardian Have experience in a client-facing role (preferred, but not essential) Thrive in a hybrid working environment and are available to work from our or client London office three days a week Lead with clarity, communicate with impact, and adapt quickly to changing priorities