Skip to content

Cyber security spotlight on... Alastair Revell, Institution of Analysts and Programmers

Joining the profession

08:00 Thursday, 07 October 2021

UK Cyber Security Council

It's Cyber Security Awareness Month. To help mark it, we're talking with several individuals from cyber security organisations or cyber security backgrounds. The first of these is the Director General of the Institution of Analysts and Programmers (IAP), Alastair Revell, who's worked in IT since 1985. With the IAP actively promoting ‘security by design in code’, we asked him where cyber security is at now, in 2021.

What are the most exciting and most frustrating parts of your job?

Helping to lead the development of the profession and feeling that security is often an afterthought.


I’ve been working in IT since 1985 and security has always been a concern. I don’t think there was a specific starting point; security issues have grown over time and have occupied more of my time professionally. The term cyber security is fairly recent!

Did anyone particularly inspire you?

No one person particularly stands out, although I think Robert Schifreen's exploits in 1985 demonstrated that security was an important issue that was going to become a significant factor as my career progressed in IT.

What advice would you give to somebody considering entering a career in cyber security?

I’d advise them to start working towards chartered registration in IT. Society is waking up to the fact that IT (in the widest sense) not only presents fantastic opportunities but also tremendous threats. The public will increasingly seek assurances that organisations, especially those that they entrust their data to (and in some cases their lives), are actually engaging IT professionals who can substantiate their claims to be working to the highest of ethical and professional standards.

What do you think are the biggest cyber issues now, in 2021?

Insufficient boardroom understanding of the cyber threat, the growth in ransomware attacks and the skills shortage. We need to convince business leaders in large, and particularly small, business that cyber threats are very real. We are not very far advanced on this. For instance, very few business schools give the topic much more than a passing glance, so the next generation of business leaders are ill-equipped. They are the future leaders who will be allocating resources in a much more difficult cyber security environment than the one in which we operate today. They need to understand the threat properly and how to address it.

What steps would actively strengthen cyber security skills within the UK?

Expanding schemes like Cyber Essentials would strategically drive demand and increase awareness at the same time. The consequence would be more investment in training to meet the demand for cyber security skills, actively strengthening them.

What is the most common misperception that people have about working in cyber security?

The most common misconception about working in cyber security is that it is a 'negative' profession. We have a boardroom reputation for saying 'no' and articulating the threats rather than the opportunities. We need to push the positive aspects of being secure.

The Institution of Analysts and Programmers (IAP), a professional membership body for software developers, was one of the founding members of the Cyber Security Council, having been involved in the formation project from the start.