The professionalisation of information security: Perspectives of UK practitioners

As businesses face growing cyber threats, governments in the UK and the US are making strides in the professional development and recognition of information security practitioners. This qualitative research provides the first academic investigation into the attitudes of these practitioners towards their professionalisation. Despite the push towards establishing their industry as a professional field, practitioners exhibited varying levels of endorsement for further professionalisation. They showed a clear cautiousness towards complete regulation and licensing, and outrightly rejected the concept of an elitist and exclusive professional model. Interestingly, while the UK Government aims to attain ‘professional’ status to attract new entrants, those already in the field did not view this status as particularly significant. The study also identified notable discord between managers favoring a business- and human-centric approach to security, and those focused more on technical implementation of policy. These findings suggest that governmental efforts to force the professionalisation process may be premature.