Wednesday 17 May 2017 @ 00:00
National Cyber Security Centre
Printable version

Certifying the professionals

We had a number of great questions during CyberUK2017, and some of those were about the future of Certified Cyber Professionals (CCP). Was the scheme still wanted? Would it continue to be supported by government? Will it be made more applicable to the private sector? If you stayed and listened to Ian Levy's closing keynote you will have heard him clearly reaffirm our commitment to improving professional skills, as well as identifying those skilled cyber security professionals who can help our customers with their particular cyber security challenges. So CCP is not disappearing.

This doesn't mean that CCP is perfect. It is 5 years old and continuing to grow, and as with most growing things changes need to happen for it to flourish. We've been listening carefully to the feedback from users and participants in CCP, and know some areas where we need to make improvements. For instance, the application process is too time-consuming, the role structure is too prescriptive, and we need to ensure that the NCSC is providing the right level of support to the assessors to ensure they can continue to do their jobs effectively as the scheme evolves.

So what are we doing? For a start, we’re considering how to change from assessing people against role definitions to certifying people in cyber security specialisms (eg risk, architecture, audit & review). This will enable the process to focus on the skills that really matter. We are working with the Certification Bodies (CBs) on this. We'll also work with them on how to streamline the evidence requirements for the specialisms, as well as recognising existing qualifications as part of the assessment process.

This will all take time but we'll make sure that as and when the assessment criteria change, people who are certified will be given time to transition into the new process.

We're committed to CCP. It’s here because we need it. CCP is a demonstration of competence and as such is a much-needed benchmark for what is good in cyber security practice.

We'll keep you updated as things progress.

See Anne W and Jon L's blog 'Putting the NCSC's badge on it..' if you want to learn more about what is happening with NCSC's assurance work.

Here is more information about the Certified Professional scheme.

 

Channel website: https://www.ncsc.gov.uk/

Original article link: https://www.ncsc.gov.uk/blog-post/certifying-professionals

Share this article

Latest News from
National Cyber Security Centre

NCSC enters new partnership for PDNS delivery

17/04/2024 13:05:00

The National Cyber Security Centre announces new partnership to deliver the Protective Domain Name System (PDNS) service.

UK holds China state-affiliated organisations and individuals responsible for malicious cyber activity

26/03/2024 10:31:00

UK calls out pattern of malicious cyber activity by Chinese state-affiliated organisations and individuals targeting democratic institutions and parliamentarians.

NCSC and partners issue warning about state-sponsored cyber attackers hiding on critical infrastructure networks

08/02/2024 11:05:00

GCHQ’s National Cyber Security Centre and partners share details of how threat actors are using built-in tools to camouflage themselves on victims’ systems.

Business leaders urged to toughen up cyber attack protections

24/01/2024 13:12:00

New guidelines to help directors and business leaders boost their resilience against cyber threats.

Exploitation of vulnerabilities affecting Ivanti Connect Secure and Ivanti Policy Secure

15/01/2024 10:15:00

Organisations are encouraged to take immediate action to mitigate vulnerabilities affecting Ivanti Connect Secure (ICS) and Ivanti Policy Secure (IPS) gateways (CVE-2023-46805 and CVE-2024-21887), and follow the latest vendor advice.

UK exposes attempted Russian cyber interference in politics and democratic processes

08/12/2023 10:29:00

The UK condemns Russia’s sustained attempts at political interference in the UK and globally.

UK and allies expose Russian intelligence services for cyber campaign of attempted political interference

07/12/2023 14:25:00

The UK and allies call out the Russian Intelligence Services for a campaign of malicious cyber activity attempting to interfere in UK politics and democratic processes

NCSC launches Cyber Incident Exercising scheme

06/12/2023 15:25:00

New CIE assured providers give organisations support to create structured table-top or live-play cyber incident exercises.

UK and Republic of Korea issue warning about DPRK state-linked cyber actors attacking software supply chains

23/11/2023 16:05:00

Joint advisory observes cyber actors leveraging zero-day vulnerabilities and exploits in third-party software.