Dr Claudia Natanson MBE
I have been a cybersecurity professional for two decades, delivering, overseeing and advising on cybersecurity transformations globally, in the UK, across diverse industries, government, and private sectors. The one constant I am proud of is being known for and enjoying an unwavering passion for cybersecurity. I am now acting as the CEO of the UK Cyber Security Council, which allows me to be part of the "engine room" and responsible for the many delivery areas the Council is undertaking. The role is also an outlet for the visionary and thought leadership areas cybersecurity professionals must use to form meaningful collaborations vital for executing effective cyber programs across business, functional, and operational lines in small or large organisations.
All cyber security professionals will want to ensure their organisations have the standards to benchmark and evidence "what good looks like" for security maturity and cyber resilience levels. The Council is the self-regulatory body for the cybersecurity profession and must produce the highest cybersecurity standards. The Council works with the National Cyber Security Centre (NCSC) as the technical body, ensuring the quality of our standard and specialisms. The Council also works with external technical volunteer specialists and licensing bodies responsible for testing the competence of cyber security professionals who receive titles for our specialisms. The Department for Innovation, Science and Technology (DISIT) remains our funding partner, providing support and oversight and allowing us to grow and be ready for sustainability in April 2025.
As the Cyber Security Council, we hold a unique position as the only organisation of our kind globally. This distinctiveness drives us to constantly learn and refine our strategies, particularly in engaging and utilising volunteers and maintaining the highest levels of evidence in our deliverables.
Our work is guided by a steadfast commitment to ethics and integrity in everything we do and deliver.
Similarly, medical, legal, and engineering bodies are our go-to learning points. Still, we are also cognisant that most of these bodies are decades and, in some cases, centuries old. Still, we are studying many areas of their operations, pricing models, and membership programs.
We are working with both UK and US-based organisations that deliver globally. I have decided to build a small group of cyber professionals from the US and the UK to provide evidence of the breadth of collaboration for thought leadership, implementing the standard, and specialisms. Working for years at both business, executive, and implementation levels has taught me the challenges and focus areas cyber security professionals can face.
For this reason, my focus as interim CEO is not only on the OUTPUT of our deliverables but, even more importantly, being able to evidence our OUTCOMES, for example, the impact of good cyber security standards when in place.
I am now looking to see how our newly titled cyber security professionals can implement their specialisms at the required levels to improve cyber resiliency.
With my professional lens on, we know that cyber security is a "change management" process. Change for cyber security will mean influencing an organisation to demonstrate how it operates as a cyber-aware organisation. The latter is much more easily achieved if that change is evidenced and led by an organisation's top and executive levels. Leading by example is also part of global standards and, in that way, becomes part of strategic plans. Many organisations have adopted an IT "Cloud First" position to enhance technological and strategic planning to release efficiencies.
It's high time to adopt a 'Cyber Security First' position. This approach not only endorses a 'security by default' and 'privacy by design' stance but also helps mitigate the high cost and negative business impact from areas such as ransomware attacks.
With the increasing attacks aimed at government departments and security-vulnerable organisations, a Cyber Security First approach and a strategic imperative are necessary. The sooner we adopt this culture, the better we can manage risk in supply chains.
As the Council, we must be able to demonstrate, using our core standard and specialisms, how cyber can seamlessly integrate into business requirements. This integration is not just an outcome but a pivotal strategy to dispel the perception that security is a barrier, not an enabler, to business endeavours. The increasing ransomware attacks, cost, and impact on businesses and organisations should easily support the need for seamless cyber security integration across functions, operational and business lines.
Our ultimate goal is to elevate the standards for cyber security professionalism across government departments and their supply chains.
This includes ensuring adequate cyber security controls to measure progress in increasing cyber maturity and resilience levels. As the Council, we are committed to maintaining the highest standards, which is crucial for the growth and sustainability of the cybersecurity profession.
My final focus is to ensure that we are cognisant that while, on the one hand, we are trying to attract and grow the cybersecurity profession, we are also losing many due to stress and burnout. Losing our cyber security professionals is also why the call for cultural change led by the top level of an organisation will lead the way for supporting those who need to implement and protect with cyber security. We must collaborate externally with our newly registered professional members, organisations, and volunteers to conduct a concerted awareness campaign and help increase cyber security awareness.
One of the most important ways to attract potential cybersecurity professionals is to do a better job of advertising and educating people about cybersecurity. At times, media images show 'breaking in' visuals and fewer visuals of the people executing the preventative side of cyber security.
Creating more diverse visuals allows people to see how diverse the areas of expertise in the cyber profession are, which means there are more ways, not just technical, for folks to enter, support and contribute meaningfully.
All professions rely on softer skill sets and other skills. The fact that we live in a data-centric world, which is a driving force for new and revised technologies, means that reskilling and new skill sets will continue to play a crucial part in all professions. Continuous Professional Development is now more than ever a must for all professionals.
With a Council staff and volunteers whose passions remain high, the Council is in an excellent position to continue to grow and be ready for its latest sustainability progress in April 2025 and beyond.