Introducing the Cyber Incident Exercising Coordinator role
IASME has been working with the Scottish Government to develop a new pathway to bring applicants into cyber incident exercising roles.The cyber security skills gap
Due to rapid global digital transformation, the cyber security sector is booming, and the demand for skilled cyber security professionals has never been higher.
It can be difficult for people without technical degrees to break into cyber security and there is a distinct lack of entry-level roles where employers can put early career cyber security employees into revenue generating positions. This contributes to a problematic skills shortage in the cyber security industry.
According to the UK Department for Science, Innovation and Technology (DSIT) cyber security skills in the UK labour market 2023 report, there were 160,035 cyber security job postings in the last year which is an increase of 30% on the previous year. There is an estimated shortfall of 11,200 people to meet the demand of the cyber workforce and this is in the UK alone. According to the 2023 Official Cybersecurity Jobs Report, there are 3.5 million vacant cyber security jobs globally, a number that they predict to remain stable through to 2025.
The same DSIT report estimated that half of all UK businesses have a basic cyber security skills gap, while a third have an advanced cyber security skills gap and the cyber security breaches 2024 survey reports that half of all UK businesses suffered some sort of cyberattack or data security breach in the last 12 months. The lack of skilled, cyber security professionals is not just a problem, it is a ticking time bomb.
The Cyber Incidence Exercising scheme
The frequency and sophistication of cyber attacks have increased to the point that, for most organisations, it is not a case of if, but when an incident will occur. The National Cyber Security Centre (NCSC)recommends that all organisations prepare themselves for the worst by creating and practising an incident response plan.
Skilled cyber security professionals can help organisations ‘exercise’ their cyber incident response plan and make improvements before a cyber attack occurs. From what we’ve already heard, it is not surprising to hear that the industry currently appears to have a particular shortage of skilled people to carry out such exercises.
Last year, the National Cyber Security Centre developed the Cyber Incident Exercising (CIE) scheme to help a wide range of UK businesses find a high-quality provider to help them rehearse, evaluate and improve their cyber incident response plan. As one of the NCSC Delivery Partners, IASME assures that such providers have a team with sufficient skills and experience of running table-top and live-play cyber exercises for organisationally significant events (those with the potential for a serious operational, financial, or regulatory impact on your business). In most cases, each provider will need a Team Lead who has at least three years’ experience in a role where cyber incident exercising for external clients forms a key part of the job.
IASME has worked with our partner, CYSIAM to develop an optional new ‘Team Lead’ exam which is one way for an individual to demonstrate the experience and expertise required for the team lead role as a provider of cyber incident exercising services. The introduction of this exam provides an entry point for individuals who have less than the required three years’ experience in incident exercising but can show they have the skills to fulfil this role.
The Scottish Government, through the Scottish Cyber Coordination Centre (SC3) have recently identified a need to improve the capability of Scottish public sector organisations to carry out cyber incident exercising within their organisations to test and improve cyber response planning.
Building an inclusive new cyber role
IASME is committed to making the cyber security landscape more equitable and accessible. We are breaking down barriers for small organisations to access good cyber security and for individuals from all backgrounds and neurotypes to enter and pursue a career in the cyber security industry.
We considered whether the Cyber Incident Exercising Team Lead role would be useful to address the problem presented by the Scottish Government. However, we concluded that this specification would be too high for an entry-level role. This led us to take the next step to consider how to create an equivalent entry-level role called Cyber Incident Exercising Coordinator. This role is aimed at people who may have transferable skills from their experience of working in other sectors but are new to cyber security. They need just enough training and the relevant skills to start doing incident exercising within their own organisation. The entry-level role would not require a specific number of years of experience. Once a person has attended the training and passed the assessment, they would receive a certificate verifying their role.
In March 2024, the Scottish Government through the Scottish Cyber Coordination Centre funded a successful pilot training program and assessment process for Cyber Incident Exercise Coordinators.
“The pilot process is a great way to test new ideas with minimal risk, whilst learning a lot along the way. Using Scottish public sector organisations as our beneficiaries, we tested how people with limited or no cyber experience can be trained in a few days to take basic Cyber Incident Exercising roles within the organisation. The two-day training course was well received and the assessment process was largely successful with the majority of participants achieving scores above the suggested pass mark of 80%. We look forward to seeing the positive impact the attendees will have on their own organisations and have established a forum for their continued mutual support as they carry out their first exercises.”
Keith McDevitt, Incident, Vulnerability & Exercising Coordination Lead at The Scottish Cyber Coordination Centre, Scottish Government.
IASME would now like to roll out the training and assessment process to a larger audience of people and ultimately to form a career path in incident exercising that brings a diverse group of people into the cyber sector. We welcome enquiries from potential partners who might benefit from the scheme to help further develop and refine the process.
You can find a list of NCSC Assured Cyber Incident Exercising providers here.
If you are interested in working with us, please get in contact with our team [email protected]