We had a number of great questions during CyberUK2017, and some of those were about the future of Certified Cyber Professionals (CCP). Was the scheme still wanted? Would it continue to be supported by government? Will it be made more applicable to the private sector? If you stayed and listened to Ian Levy's closing keynote you will have heard him clearly reaffirm our commitment to improving professional skills, as well as identifying those skilled cyber security professionals who can help our customers with their particular cyber security challenges. So CCP is not disappearing.
This doesn't mean that CCP is perfect. It is 5 years old and continuing to grow, and as with most growing things changes need to happen for it to flourish. We've been listening carefully to the feedback from users and participants in CCP, and know some areas where we need to make improvements. For instance, the application process is too time-consuming, the role structure is too prescriptive, and we need to ensure that the NCSC is providing the right level of support to the assessors to ensure they can continue to do their jobs effectively as the scheme evolves.
So what are we doing? For a start, we’re considering how to change from assessing people against role definitions to certifying people in cyber security specialisms (eg risk, architecture, audit & review). This will enable the process to focus on the skills that really matter. We are working with the Certification Bodies (CBs) on this. We'll also work with them on how to streamline the evidence requirements for the specialisms, as well as recognising existing qualifications as part of the assessment process.
This will all take time but we'll make sure that as and when the assessment criteria change, people who are certified will be given time to transition into the new process.
We're committed to CCP. It’s here because we need it. CCP is a demonstration of competence and as such is a much-needed benchmark for what is good in cyber security practice.
We'll keep you updated as things progress.
See Anne W and Jon L's blog 'Putting the NCSC's badge on it..' if you want to learn more about what is happening with NCSC's assurance work.