As businesses face growing cyber threats, governments in the UK and the US are making strides in the professional development and recognition of information security practitioners. This qualitative research provides the first academic investigation into the attitudes of these practitioners towards their professionalisation. Despite the push towards establishing their industry as a professional field, practitioners exhibited varying levels of endorsement for further professionalisation. They showed a clear cautiousness towards complete regulation and licensing, and outrightly rejected the concept of an elitist and exclusive professional model. Interestingly, while the UK Government aims to attain ‘professional’ status to attract new entrants, those already in the field did not view this status as particularly significant. The study also identified notable discord between managers favoring a business- and human-centric approach to security, and those focused more on technical implementation of policy. These findings suggest that governmental efforts to force the professionalisation process may be premature.
Critical success factors for security education, training and awareness (SETA) programme effectiveness: an empirical comparison of practitioner perspectives
Cyber security has never been more important than it is today in an ever more connected and pervasive digital world....