Careers in Cyber Security and Professional Development Planning

As someone who has been directly involved in cyber security training for the last decade, when running workshops at cyber camps or speaking at conferences, I am always surprised when I ask the same question “who in the room has a high quality professional development plan”, and not a single hand is raised. The fact is that people do not have a good overview of the industry or even knowledge of the wide range of job roles that are available in both the public and private sectors.

Add to these the lack of knowledge about the skill set and skill levels that are required for these roles and there is no wander why people have problems planning their careers and the professional qualifications that will help get them from A to B.

I am often asked “Which professional certificate should I be taking or which professional membership should I maintain?”. My answer is always the same. I ask, “Where are you now and where do you want to be in 1 or 2 years’ time?”. It is surprising how many people don’t know what skills they have or what skills they need to acquire the target job role. I point people to the UK Career Paths diagram as a starting point, which provides a birds-eye-view of the industry, just to put things into perspective. The next step is to create a high quality professional development plan.

A high quality Professional development plan should be carefully considered and researched in order to be able to make an informed decision. You need to know:

  • Where you are now, i.e. what is your current skill set and skill levels (A)?
  • Where you want to be, i.e. what is the skill set and skill levels of the target job role (B)?
  • What are the skill gaps between A and B?

Knowing this, you can then create development goals with attached activities to fill those skill gaps over time in order to qualify for that job role. Of course you are also accruing valuable experience throughout the process.


Organisations have been creating job profiles forever and even list the professional qualifications and experience they expect candidates to have but they haven’t really gone into the detail regarding the skill set and the skill levels required because there wasn’t an easy way to access and use the various frameworks used throughout the industry in order to build a detailed skills profile for that role.

Enter the re-vamped IISP Skills Framework which provides a high level structure of competencies expected of information security and information assurance professionals, used to support professional career development. Using this framework an individual can build a skills profile for their current skills and skill levels (A) and if a target job role had a skills profile (B) then you could compare A to B to identify any skill gaps that need to be filled. The IISP Skills Profiler is a self-assessment tool designed to help individuals understand their skill set and skill levels to inform decisions on professional development and training and provides easy access to and use of the IISP Skills Framework. The resulting digital skills profile can then be compared to multiple target profiles and skill gaps are highlighted allowing you to make informed decisions about what you need to do in order to get from A to B.

If every organisation defined their job roles using the IISP Skills Framework then every job vacancy could have a detailed skills profile attached, against which applicants could compare their profile, identify any gaps and then at least know what they need to do to achieve that role. CESG, the UK’s National Technical Authority for Information Assurance, issue skill profiles for roles under their CESG Certified Professional (CCP) Scheme and now that the new IISP Skills Framework is more accessible and easy to use for individuals and organisations alike, through the use of the Skills Profiler, we can standardise this part of the hiring process and be one step closer to professionalising the industry.

Terry Neal, CEO
InfoSec Skills Ltd.


Arrange a Conversation 


Article by channel:

Read more articles tagged: Featured

Cyber Security