Speakers
Synopsis
Cybersecurity is a relatively novel occupation that has evolved quickly from a narrow technical function to high-level government and business risk. There is much talk about professionalising the cybersecurity industry, but what does this look like, what should be done about it, and how will it add value?
Cybersecurity is commonplace in everyday life, something that politicians, public servants, business leaders, and the general public (of all ages) encounter in some form. However, cybersecurity's ubiquitous and increasingly complex nature leads to varying interpretations about what it means, varying assumptions about how to engage with it, and who should be involved. Consequently, cybersecurity is inherently interdisciplinary at the individual level and multidisciplinary at the team level.
The professional edges of cybersecurity bleed across many existing distinct, well-established professions. For example, engineering, medical, and accounting professionals have begun to frame how their profession’s knowledge, principles, practices, and skills need to progress and evolve, given the growing cyber-enabled threats. This knowledge and practice grows from a narrow and tactical base that does not necessarily leverage the best cybersecurity knowledge or practice.
In truth, cybersecurity is now a multidisciplinary endeavour that pulls in the expertise of a diverse range of professional disciplines. Positioning cybersecurity as a purely technical computing domain is no longer possible. Cybersecurity now includes traditional computing disciplines, operations research, artificial intelligence and data science, law, cognitive and behavioural science, communications, and government policy. Increasingly, there is also a need for greater maturity in leadership and management. A single individual working in cybersecurity may have knowledge and skills in some areas, but the diversity and number of disciplines preclude any individual from having a deep knowledge of all areas. Improved performance comes through integrated professionalisation, and this marks cybersecurity as a new form of profession. One that will grow and evolve in ways different from traditional professions.
However, understanding what it means to be a professional is poorly understood, and the educational structure and career paths to support cyber are immature and fragmented. Without this supporting workforce infrastructure, skills shortages, lack of diversity, and delivery turbulence will persist.
But, who can we turn to provide professional cyber security advice? We are faced with a spaghetti of unverifiable qualifications and experience that turns cybersecurity into the ‘Wild West’ for those seeking advice and support.
Similarly, those wanting to work in the field face unclear career pathways and impenetrable education and training choices. Market demand places barriers to entry-level employment. Employers engage in mercenary headhunting for existing skills and experience, which increases churn and inflates pay. Due to poaching, businesses and governments show little interest in investing in new talent. This entrenched behaviour creates a vicious cycle that exacerbates the skills gap and undermines overall delivery quality. How can cybersecurity break out of this cycle?
The presentation will examine what it means for cybersecurity to become a profession and why the traditional path to professionalisation may be wrong.
