The UK Cyber Security Council – the charitable, self-regulatory body for the cyber security education and skills sector has given its nod to the findings from the diversity and inclusivity (D&I) report.
In its response to Decrypting Diversity, a report by the National Cyber Security Centre (NCSC) on in the cyber security sector, Simon Hepburn – CEO of the UK Cyber Security Council said: “First, we warmly welcome and applaud this second annual report by NCSC and KPMG. Solidly researched again, it makes concrete recommendations that will move the sector towards ensuring there are no barriers to entry to it.
D&I is one of the four key pillars of the UK Cyber Security Council, the organisation that was commissioned in 2019 by DCMS to be the governing voice for the cyber security profession and launched in the spring of 2021. NCSC’s report, written by KPMG, contains six recommendations to improve the D&I performance of the sector.
“The sector must succeed at this. It’s vital not just to help the sector fill the tens of thousands of vacancies that exist, but for the sector and the UK to benefit from the wider range of abilities, improved creativity, different thinking and alternative contributions of a truly diverse, inclusive cyber security workforce. The Council and the NCSC are in lockstep over the D&I objectives for the sector and, to that end, we also welcome and agree with the conclusions of the report,” stated Hepburn.
The 2nd joint report between the NCSC and KPMG UK benchmarks against the 2020 findings to gauge what progress has been made. “We’re very aware that the recommendations in the report are – as they must be in such a report – largely about what needs to be done, and we’re conscious that little may change unless the sector proceeds to address how to do what needs to be done; programmes will need to be devised and executed,” said Hepburn.
More Inclusive approach
A more diverse and inclusive team is a more innovative team. The cyber security industry is a significant employer in its own right and the diversity and inclusion of its workplaces affect many thousands of people. What’s more, with ever-growing demand for cyber security experts and well-publicised skills shortages, attracting a wider range of talent into the industry has become critically important.
“The Council will therefore play its full role in devising, driving and supporting D&I programmes, through the Council membership which we are at the start of building. I encourage cyber-related organisations that want to lead the way in D&I, and which want to show the sector that they’re leading the way, to join us without delay. There is much to do.”
The Council is cited specifically in two of the conclusions of the Decrypting Diversity report. For starters, there is a need to publicise the success stories. The UK Cyber Security Council should produce a series of case studies and career journeys that show the breadth of routes into cyber and the diversity of professionals in the industry today.
Individuals need to understand how they can join the cyber security industry and the variety of opportunities available, including at entry level. There should be no barrier to entering the cyber job market based on demographic characteristics, noted Hepburn.
Then there is a need toap out the roles and skills. the UK Cyber Security Council should produce cyber roles and the skills required in order to develop a framework to describe cyber roles and skills consistently. Job descriptions and adverts for cyber roles need to be clear and accessible, to ensure they are inclusive, and focused on aptitude and skills. The industry should support this by, providing information on the cyber roles and skills they require.