Skip to main content
Search
MENU
What are you looking for?
Close

9 March 2023

Minutes of the Breakfast Briefing which took place on the 9th March.

Present:

Sanjana Mehta – (ISC)2

Trevor Louis - CyberVanguard

Lisa Konomoore – UK Cyber Security Council

Vanessa Henneker - UK Cyber Security Council

Andre Elliot - DSIT

Karis Bouher - PGI

Neil Williams – PGI

Dave Daly -  Coda Security

Patricia Barlow – BCS

Annmarie Dann - UK Cyber Security Council

Tara Wisniewski – (ISC)2

Steve Penny – Sans (Qualifications and Careers Working Group)

Helen Clarke - UK Cyber Security Council

Zeshan Sattar – Comptia (Qualifications and Careers Working Group)

Mel Turner – (ISC)2 rep (Qualifications and Careers Working Group

Clar Rosso – (ISC)2

Tom Morgan - UK Cyber Security Council

  1. Welcome, introductions and apologies

1.1.      Sanjana Mehta (SM) welcomed the room and ran through the agenda for the day.

1.2          Clar Rosso (CR) spoke to the room about her background and journey in to cyber and thanked the room for being involved in the conversation. Introduced ISC2 and a quick run through their membership.

1.3           Vanessa Henneker (VH) Gave a brief synopsis of the breakfast briefing and purpose of the meetings moving forward then introduced Lisa Konomoore (LK).

  1. Qualifications & Career WG – presentation overview from Lisa Konomoore
  • Max of 12 professionals from Cyber Security and/or education sectors in the Qualifications and Careers Working group:

List of members given

VH also touched upon the  output from the discussions the Council had recently with the Scottish Govt.

  • There are overlaps in qualifications. Looked at vulnerability management and how roles map.
  • Webinar focused on mapping and how the Council demonstrates how the mapping supports those working in the cyber profession
  • Mapping will always be ongoing as quals/certs develop
  1. Discussion and Q+A

Andrew Elliott (EL) we must show employers the entry routes into the profession.  Supporting apprenticeships is one thing, but we need to ensure the support is in place for employers to put the right services/actions in place and that opportunities are supported properly to grow the cyber security profession.

Steve Penny (SP) how do we ensure the mapping helps people get into careers and/or chartership?  Also, what about career changers – how does this mapping work support those people?  When we talk about 16 specialisms – how do we make this relevant to young people considering careers in cyber.

Vanessa Henneker (VH) went on to explain how the Council is developing a Youth Advisory Panel. Also looking at current people holding qualifications and how can people demonstrate existing skills learnt.

Annmarie Dann (AD) The concept of mapping certifications and academic qualification is important and mapping can demonstrate exemptions where relevant to enable someone to become chartered if qualifications partially meet the standards required. There are opportunities to reduce difficulties in making sure entry point for people are really clear and that the employers understand it.

Clar Rosso (CR) questioned, are the Council just mapping to align only with the CyBOK competence areas – surely this is limiting? Knowledge and competence are dynamic – CyBOK need to ensure their framework is real time which may not be the case so mapping using their framework across 16 specialisms may have considerable limitations.

Dave Daly (DD) commented on how inflexible CyBOK is. Cyber security is a young industry, knowledge and competence evolve and the industry struggles with keeping up with ever changing landscape.

VH explained it would be helpful to have a CyBOK here to explain how the competences are addressed across the knowledge areas. Technology and security are very fast moving but the Council has to start somewhere and knowledge mapping is a good place to start.

Mel Turner (MT) we have to start somewhere with foundation of knowledge. Security fast evolving and it’s important that everyone is bought into the journey.

Patricia Barlow (PB) core competences don’t change hugely even when technology moves forwards.  Can the CyBOK framework be used for the ‘core’ knowledge and core principles – and other frameworks/certifications then build on that aligned to the emerging technology that supports advances in the cyber security sector. Key focus must be on ensuring candidates/employers really understand what the core knowledge area.

Neil Williams (NW) the Council should not be mapping solely against the CyBOK framework – this is too limiting.

(SP) You can test knowledge against exams (certs/quals) but competence is gained via a mix of knowledge and application of that knowledge to practice. This is key.

Zeshan Sattar (ZS) An objective of the Council is to provide a Careers framework.  He understands the concerns about only using the CyBOK framework and the work is evolving in this career. What information do individuals and employers need to see? How can we provide relevant information to guide people into careers.

Patricia Barlow (PB) how do employers select competence staff and ensure we ask what their needs are for the different roles. Why, for example, do employers only select some certs eg CISP?  We need the insight from employers.   What roles map to what certifications  - this is essential if the Council are attempting to create a careers framework. Why don’t employers naturally veer towards apprenticeships or academic quals rather than relying on certifications?

VH what do we need to see in a  qualification framework to help inform people to make decisions about what to study and what roles they can move into?.

DD having the breakdown of core competencies and the level of how they are assessed. CCP at senior level you have to be able to demonstrate how you have applied and not just having the certificate.

NW as an employer we use SFIA as this is most applicable for us to recruit cyber staff.  But that on it’s own is not enough – candidates must demo how their knowledge has enabled their application to practice

CR how can an employer make sense of so many frameworks?

ZS  who are the Council web site users?  Who is knocking on our door asking for careers help?

Dave Daly (DD) Some of the best cyber professionals don’t have academic quals and this must be recognised

CR  so many employers are not good at writing job specs – we can help with this

SP  can the Council get out to Careers fairs please – this will help schools to provide the right career related info about cyber roles

PB can the Council get something set up to provide experience for school students to work in  cyber organisations so that they can see what roles are an option for them to consider once they understand what is needed.  Cyberfirst already do this, but it can be expanded by the Council

VH Council are mapping and exploring opportunities to support these areas via our outreach working group, considering developing off the shelf programmes to give employers a pack to help implement quality work experience programmes. We need to be mindful of all the  opportunities currently available such as Cyberfirst and ensure we are not duplicating but adding value.

AE can we publish the work the Council’s WG are doing please – to begin to show the industry what is happening.  LK confirmed we can add an update on this work to our web site.

LK closed the discussion and thanked everyone for their thoughts and ideas.

There being no further business the meeting was closed at 11.01am.