The UK Cyber Security Council has launched the first phase of a certification mapping tool designed to help developing cyber professionals map all available security certifications onto 16 previously identified specialisms – which are collectively based on the Knowledge Areas contained in the Cyber Body of Knowledge (CyBOK).
At launch, it includes at least one certification per specialism, and the Council hopes to be able to add many more options over the course of time. Ultimately, it wants to deliver a “comprehensive resource” guiding security pros to options of value whatever path they are following through their careers.
The latest resource addition follows the recent launch of a career mapping tool that helps budding security pros set out along the initial pathways into the 16 specialisms. Once complete, the Council hopes the two tools will work together to provide a centralised resource for people to roadmap their security careers.
“There are so many different certifications within cyber security, which makes it difficult for candidates to know where to start,” said UK Cyber Security Council CEO Simon Hepburn.
“We know that there are multiple perceived barriers to a career in cyber, and at the Council we want to make sure that certification is not one of them.
“People spend time and money on getting certifications, and it’s important that they do so knowing the level they achieve is aligned to the specialism and role they want to secure,” he said.
“Starting out, a junior cyber professional may see senior people with multiple certifications – likely because they have acquired them throughout their career as different employers have required different skills. This can be overwhelming for new candidates, who may not realise they don’t need all of these certifications straight away.”
Hepburn added: “We are developing a solution to this problem by providing clear advice on what certifications are necessary for each specialism, along with course costs and known providers. Once you’ve identified your specialism through our career mapping tool, we want to ensure the next steps are as straightforward as possible through our certification mapping tool.”
The current set of specialisms are as follows: cryptography and communications security; cyber security audit and assurance; cyber security generalist; cyber security governance and risk management; cyber security management; cyber threat intelligence; data protection and privacy; digital forensics; identity and access management; incident response; network monitoring and intrusion detection; secure operations; secure system architecture and design; secure system development; security testing; and vulnerability management.
The full framework can be accessed here, and the Council is also inviting security professionals to come forward with feedback or further questions.
Home grown accreditations
Alongside its new tools, the Council is developing its own set of professional accreditations, to be awarded on three levels – associate, principal and chartered – against its professional standard, which will supposedly provide security practitioners with an independent seal of approval.
The UK security profession faces a shortfall of nearly 15,000 per annum, and the Council believes the sector will benefit from aligned professional standards, and a chartered model – something it has been working towards since its foundation in 2021.
It also recently teamed up with professional association ISACA on an audit and assurance scheme for security professionals, which will see ISACA act as the awarding body for professionals in those areas.