Multi-pronged approach to cyber security professional development
As cyber threats evolve, indications are that security professional development needs to focus more on meeting business needs rather than adding technical qualifications. Alternatives include simulated disaster management, which enables seasoned professionals and interns alike to acquire and hone practical capabilities. Certifications and a working knowledge of security basics, however, remain important.
At an industry level, (ISC)2 launched a Professional Development Institute in February 2019 to provide free continuing education for members, while at a UK level, an alliance of 15 cross-sector organisations is working to help government develop a national professional body for cyber security. But firms also have a role to play by investing in skills development. However, this is often patchy, even within single organisations like the NHS.
As a result, organisations lack basic prevention, detection and response capabilities. While mastering security basics should always be a top priority, the challenges in securing critical infrastructure and the internet of things provide ample opportunity for further professional development.