The professionalisation of information security: Perspectives of UK practitioners

In response to the increased “cyber” threats to business, UK and US Governments are taking steps to develop the training and professional identity of information security practitioners. This qualitative study is the first empirical academic work investigating attitudes to that professionalisation amongst information security workers. Despite the movement to establish professional status for their industry, practitioners showed mixed levels of support for further professionalisation, with a distinctly wary attitude towards full regulation and licensing and an explicit rejection of elitist and exclusive models of profession. Whereas the UK Government looks to establish “professional” status in order to attract entrants, such status was seen to be of little import to those already working in the area. In addition there are significant tensions between managers embracing business- and human-centred security and those more interested in the technical practice of executing policy. The results suggest that state attempts artificially to catalyse the professionalisation process for this group would be precipitate.