By Sean McCormack, Operations Director at The Cyber Scheme
I attended the CyBOK Showcase event on the 28th of February at the Science Museum in London. The event was chaired by Dr Yulia Cherdantseva, with presentations from members of the CyBOK team such as Professor Awais Rashid and Professor Steve Schneider.
The first presentation was a roundup of exactly what CyBOK is by Professor Awais. The Cyber Body of Knowledge is ‘a comprehensive Body of Knowledge to inform and underpin education and professional training for the cyber security sector.’ It’s not all the knowledge that is out there on Cyber Security, but the well understood fundamentals and established knowledge. The aim of the project is to codify the knowledge that exists in literature, textbooks, academic research articles, technical reports, white papers, and standards.
There are 21 knowledge areas that comprise of 1000 pages of knowledge, which have been developed since 2017 by 115 experts from around the World. It’s a free resource that the industry uses to map training programmes and certification programmes to it among other things. CyBOK is also frequently used by universities to help design their cyber security courses. The body of knowledge is currently on version 1.1. The next phase of the project will focus on disseminating and promoting of CyBOK, as well as evolving and maintaining the existing 21 knowledge areas.
Professor Simon Hepburn described the work going between CyBOK and the UK Cyber Security Council (UK CSC). Over the next three years the project will move under the auspices of the UK Cyber Security Council. As the project continues to build the knowledge, the Council are building the professionals alongside this.
The UK CSC operate under 5 pillars: Professional Standards, Professional Ethics, Careers & Learning, Outreach & Diversity, and Thought Leadership and Influence. The UK CSC is working at pace to raise awareness of the profession and is also building relationships with other peer organisations throughout Europe; for example, ENISA (European Network & Information Security Agency).
The UK CSC has divided the industry into 16 specialisms and is currently working on piloting ‘Chartership’ (and the associated professional titles of Associate and Principal) in 3 of these specialisms. It is the only organisation able to Charter cyber security professionals as individuals, and these pilots will result in professional recognition which is of incredible benefit to those currently working within cyber security or hoping to in the future.
CyBOK Industry Champion Peter Loomes presented his observations on the words used in job vacancies in The Cyber Security Industry. He illustrated this by showing examples of real adverts which were non-sensical. The adverts asked for mixtures of knowledge and skills that were either almost impossible to possess or would only be possessed by a few individuals Worldwide – thereby further mystifying the access route to a career in Cyber Security. CyBOK’s knowledge areas may hold the key to simplification of the descriptions used in the industry that would be of use to recruiters to help them write sensible job adverts.
CyBOK also funds academic projects throughout Europe and there were a number of presentations from institutions in USA, Europe, and UK. The one that particularly caught my eye was from Leeds Beckett University, who have developed freely available learning resources in the form of a framework that creates randomised virtual machines, meaningful security challenges and capture the flag scenarios, all mapped to CyBOK.
Learn more about CyBOK here
