Blog post

Who are the cyberists?

Created:  21 Jun 2017
Updated:  21 Jun 2017
Author:  Chris E
Part of:  New talent
Cyberist's brolly

You’ll have noticed that as part of the CyberFirst initiative we’ve been using the term ‘Cyberist’ to describe who we are to the next generation of cyber professionals. I thought I’d use this blog to explain our rationale, and start a debate about what we want to be called (or indeed whether what we are called really matters).

I’ve been in this business nearly 30 years and I still struggle to explain to my family and friends what I do. Over the years I’ve been described as a technician, a computer security person, an information security geek, an information assurance expert, and now a cyber security professional. But none of these terms really describe what I do, or what the job’s about. They almost certainly won't inspire the next generation to think of cyber security as a career. And when you add to this how cyber security is portrayed in films, on TV and the Internet  (it's usually boys or men in darkened rooms, wearing hoodies and full of malevolence), you'll appreciate that we at the NCSC are faced with quite a challenge.

Our CyberFirst programme of activities, aimed at 11 to 18-year-olds, has been designed to counter these stereotypes. For example, we hosted the final of the CyberFirst girls competition at Lancaster House (which you can see in the photo below) is an amazing venue full of light and colour. The setting was a deliberate departure from previous locations which have included the Cabinet Office War Room and HMS Belfast. Both of these are stunning locations in their own right, but they are also quite dark and claustrophobic.

CyberFirst finalists at Lancaster House

Similarly, we've chosen the term 'Cyberist' to describe -  in a more positive light  -  the role of someone who works in the cyber security profession. Far from being a shadowy figure, a Cyberist is someone with a dynamic career who plays a vital role in the community and wider society, protecting the information and systems we care about and rely on in our daily lives.

That said, it’s been clear from the response that this is quite an emotive subject. One of the immediate lessons we’ve learnt is that you can’t just invent a new word (or re-purpose an existing one) and expect everyone to accept your definition. We asked the target audience what they thought of the term, and received some positive responses, but this was only a small sample. So we'll use our summer courses to get a much broader view, and maybe discover some alternative suggestions that we can put to a vote - at the risk of course of getting egg all over our 'Cyber McCyberface'.

In the meantime, if you've any thoughts on the term 'Cyberist', or what we should be using to inspire the next generation of cyber security professionals, feel free to comment below.

Chris Ensor

Deputy Director Cyber Skills & Growth

Topics

14 comments

Lindsay - 21 Jun 2017
Great to see cybersecurity being promoted at a fulfilling and noble career path, our deficit in the industry needs to be filled, but more importantly, we need to weave cybersecurity into the entire architecture and design of businesses. CybSafe is helping is this regard to educate non-IT employees in protecting themselves and their firm's data, because ultimately we want to be at the stage that cybersecurity is not a separate subject, but intrinsically part of who we are and what we do. Thanks Chris!
a cyberist - 21 Jun 2017
sounds too similar to terrorist. I would expect people to associate this term as a shortening of cyber-terrorist

seriously, someone is being payed to come up with such ideas?
Steven Murdoch - 21 Jun 2017
I agree that branding for professions is important to consider, and think it is a great idea to consult more widely. I can't however say I'm a fan of cyberist.

One title that isn't mentioned in the post is "engineer" and this would actually be my preference for most cyber security professionals. Security problems can often be traced back to poor systems engineering, and if we can address this problem then not only will our security be better but systems are more likely to be fit for purpose and delivered on time. Focussing on the "security" and "cyber" aspects would I think be more likely conjure up the unhelpful image of a loner in a basement hacking into computers.

Engineering comes with its own baggage of unhelpful stereotypes (heavy machinery and grease-covered overalls) but these are being changed - see for example the work of the IET. However it is an existing profession, and the values it embodies are what we need more of in cyber security. Engineering is about developing innovative solutions to important problems facing society and delivering these through teamwork, while demonstrating integrity, excellence and personal responsibility. Adopting the engineer title puts these values foremost, rather than the focussing only on the cyber security specialist skills that are being developed.
Alun Jones - 23 Jun 2017
"Engineer" is a term I'd avoid for a couple of reasons:
1. Many people in the profession aren't actually doing anything like engineering - compliance professionals, policy writers, etc.
2. "Engineer" implies a professional qualification. Information Security is full of people who are skilled, capable, and leaders in their field, but have no formal qualification that says so. In some parts of the world, you're not legally allowed to put "Engineer" in your job title unless you have a specific qualification - even where no such qualification exists. As a result, "Information Security Engineer" is not a job title you can carry throughout the world.
Ashley Smith - 21 Jun 2017
You say "none of these (terms) describe what I do", but they describe roles within the Cyber Security profession far more clearly than this made-up "cyberist" word. I have been a huge fan of the excellent work that the NCSC has been doing since it's launch, but this attempt to invent a word is embarrassing and beneath you. Please please stop!
Martin Bonner - 22 Jul 2017
Here here! The problem is not that you are using the wrong word to describe your job, the problem is that your family don't understand what your job entails. A new word that nobody has heard of before won't help with that.
David - 22 Jun 2017
I often describe myself as a technologist rather than a software architect or engineer, because while the more specific terms describe what I might do on any given day, I have a broad set of technology skills I'll apply in different ways throughout my career. I also know people who are nervous about 'engineer' as a title because of friends/colleagues who are certified engineers, and not wanting to be percieved as an imposter.

So I have some sympathy with {broad term}ist construction, but Cyberist doesn't quite ring true to me.
A security engineer - 22 Jun 2017
I am a cyber security professional and a chartered electronic engineer and much prefer to describe my work as 'security engineering'. However I also recognise that engineering is only one of many disciplines needed for cyber security or indeed any kind of security. As such I believe it would be counterproductive to coin a single new term like 'cyberist' that still nobody understands, rather we need to use a variety of terms to properly reflect these different disciplines. Perhaps the effort would be better placed on finding novel ways of educating the general public and the next generation of cyber security professionals on how disciplines like science, engineering, maths, psychology, law, business, etc... are all important for and can lead to rewarding careers in the field of cyber security?
Not a cyberist - 23 Jun 2017
This is genuinely disappointing stuff Chris. The NCSC shouldn't be inventing words to try and make careers in cyber security look cool. If you can't make them sound interesting by simply describing what they involve, maybe have a hard think about why that is, rather than spend tax payers' money on this.
Pete - 23 Jun 2017
I think that one of the problems facing our industry is the divide between physical security and infosec. Every time you use cyber in anything it reinforces that view. Cyber is real world now; hospital operations get cancelled due to malware, heating systems in buildings are held to ransom by hackers, cars can be crashed remotely, terrorists can be faught over the internet. We are security professionals, not cyber geeks from the eighties.
Darren - 23 Jun 2017
Sorry, but 'Cyberist' is just plain silly - Lets not speak of that again please. I really don't understand the need to have the word 'cyber' stuffed into everything to do with infosec.

I'm still not really comfortable using the term 'Cyber Security' but you can only swim against the current for so long. In my opinion, the obsession with the term 'cyber' is an attempt to make what we do sound sexy but in actual fact, for me, it's an annoyance - It doesn't cover a large number of the roles and kind of infers a focus on the Internet.

It seems to me that however we refer to ourselves, it must be seen to be sexy. I think the first thing we could do is stop obsessing about this 'cyber' word. I don't see what's wrong with Infosec Professional to be honest with maybe some sub-categories to adequately cover the wide range of roles such as engineering, operations, assurance/consultancy, physical security etc. It's simple, but then I never did see what was wrong with CESG either, apart from it not including the word 'cyber'.
David Booth - 23 Jun 2017
I'm not a Cyberist, Chris, never have been, never will be. Terrible title (sorry, no offence intended). Nor will those who have commented so far. We are data security engineers or managers. I'm aware there's a 'political' split in UK government between NCSC (technical) and CPNI (the rest), but it's irrelevant outside HMG where security is much more holistic.
Alun Jones - 23 Jun 2017
I strongly dislike the word "cyber", or anything derived from it. I interviewed a person whose resume had the title "Cyber Planner" on it, and had the worst time keeping serious while not picturing a Doctor Who villain when he talked about his "Cyber Team" and "Cyber Director". The etymology of "cyber" is tenuous, and where it traces back through to the Greek "kubernetes", is more about automated control than about safety and security. The use of "cyber" in a speech is a sign of a military background, and tells me this is not about commercial or business security or public safety. "Cyber" is about policy made by people who don't understand technology or the necessary hashtags.
I'm fond of "Information Security" as a title for the field. Shorten to "InfoSec" if you must. Tell relatives you're "in cyber", and they don't have the first clue. Tell them you're in "Information Security", and they at least start with "oh, you keep my credit cards from being stolen".
If you need a term for people in the field, try "InfoSec Workers" or "InfoSec Professionals", and you can divide them as "InfoSec Engineers", "InfoSec Advisers", etc.
Neil R - 23 Jun 2017
I think this blog post undermines the credibility of the NCSC somewhat. Trying to encompass the complexity of the roles and skills that are needed to successfully prosecute cyber security to a single term demeans the profession. I cannot understand why you would think a potential recruit would find being labelled a Cyberist inspirational and it would seem to bracket the profession with Detectorists, who aimlessly wander the fields with metal detectors with fruitless results...

Leave a comment

Was this blog post helpful?

We need your feedback to improve this content.

Yes No