The cyber security sector is experiencing unprecedented growth, driven by the increasing reliance on digital systems and the ever-present threat of cyber attacks. Among the initiatives at the forefront of this expansion is the Cyber Essentials scheme, a UK Government-backed program designed to help organisations protect themselves against common cyber threats. As more businesses recognise the importance of Cyber Essentials certification, the demand for qualified Cyber Essentials Assessors has surged. However, a significant challenge has emerged: the requirement for Assessors to have at least three years of experience in IT or cyber security has created a bottleneck, limiting the pool of eligible candidates and slowing the growth of the scheme.
This challenge is not unique to Cyber Essentials; across the cyber security sector, there is a well-documented skills gap. Employers struggle to find experienced professionals, while many talented individuals with cyber security qualifications but little or no experience face significant barriers to entering the field. This disconnect has created a pinch point, where the demand for skilled professionals far outstrips the supply, leaving many aspiring cyber security experts unable to secure their first role.
Piloting a New Entry-Level Role
To address this issue, the UK Government, through the National Cyber Security Centre (NCSC), partnered with IASME to explore new ways of bringing fresh talent into the sector. A new entry-level pathway known as the Trainee Cyber Essentials Assessor program has been designed to attract individuals with no prior experience in IT or cyber security and equip them with the skills, knowledge, and mentorship needed to launch successful careers in the field. By creating and piloting this new role within the Cyber Essentials ecosystem, the program aims to diversify the talent pool and provide a structured pathway for aspiring professionals to enter the cyber security sector.
The pilot program saw an impressive 69 trainees participating in the initiative that emphasised practical, hands-on learning. Trainees began with a two-day, in-person ‘Cyber Basics’ training course, which introduced them to fundamental cyber security principles and practical skills. During this course, participants worked directly with IT equipment, such as laptops and mobile devices, to gain hands on experience in securely configuring systems. It covered knowledge and skills required by any front line IT worker and prepared candidates for the half-day ‘Cyber Basics’ assessment. Both the Cyber Basics course and the assessment can be used widely in the industry, testing a candidate’s understanding of basic cyber security concepts through both practical exercises and multiple-choice questions.
A New Role and a New Pathway for a New Era
Once a candidate has successfully completed the Cyber Basics assessment and also the one day Cyber Essentials Assessor training, they can be employed by a Certification Body (CB) as a Trainee Cyber Essentials Assessor. Under the supervision of an experienced mentor, Trainee Assessors can gain hands-on experience conducting Cyber Essentials assessments. While the responsibility for the work remains with the mentor, the Trainee is actively involved in the process, allowing them to build their skills and confidence from day one.
The Trainee Cyber Essentials Assessor role is not just a job; it’s the first step on a structured career pathway in cyber security. After being appointed by a CB, Trainee Assessors are encouraged to enrol in an apprenticeship or other further training in IT infrastructure at Level 3 or higher. With several more years of training, a Trainee Cyber Essentials Assessor can gain the knowledge and experience needed to take the assessment to become a full Cyber Essentials Assessor.
But the journey doesn’t stop there. Becoming a full Assessor opens the door to a wide range of career opportunities within the cyber security sector. For example, IASME is developing training in vulnerability scanning, which can help individuals progress from Cyber Essentials Assessor to Cyber Essentials Plus Assessor. From there, they can explore specialised roles such as penetration testing, Cyber Advisor, or other advanced cyber security disciplines. By the time they reach these stages, they will have several years of hands-on experience, making them highly sought-after professionals in the field.
Addressing Diversity and Inclusion
One of the most exciting aspects of the Trainee Cyber Essentials Assessor initiative is its potential to increase diversity within the cyber security sector. Currently, the industry faces significant challenges in this area, with low representation from certain groups. This lack of diversity not only limits the talent pool but also impacts the effectiveness of the sector, as diverse teams are better equipped to tackle complex challenges.
To help promote diversity in the cyber security workforce, IASME is planning to offer free Cyber Basics training to a limited number of individuals from underrepresented groups. These groups may include people with disabilities, individuals from areas of high unemployment, or those transitioning from other sectors. While the program is small in scale, it aims to reduce financial barriers and provide targeted support to help make cyber security more accessible to a broader range of people.
The Bigger Picture
The introduction of the Trainee Cyber Essentials Assessor role is more than just a response to the immediate needs of the Cyber Essentials scheme. It represents a broader effort to rethink how the cyber security sector attracts, trains, and retains talent. By creating accessible entry points and providing clear pathways for progression, this scheme can help the industry address its skills gap while also fostering a more diverse and inclusive workforce.