Now is not the time to introduce professionalism standards into the rapidly changing and diverse field of cyber security, especially given the current staffing shortages in the field, according to a new report by the National Research Council of the National Academy of Sciences.
The report, Professionalizing the Nation’s Cybersecurity Workforce? Criteria for Decision-Making, concluded that while the field of cyber security requires specialized knowledge and advanced training, it’s still too young and diverse to introduce professionalization standards.
According to a report from NextGov, the report notes that the diversity of jobs in the cyber security field requires a careful analysis of whether and how professionalization should be implemented, taking into account the responsibilities and context of a particular job. In addition, the certifications and other requirements that come with professionalization status may “provide useful tools for vetting job candidates, but over-reliance on these standards may screen out some of the most skilled experts, particularly the ‘self-taught hackers,’” the article states.
The report notes that more work needs to be done to determine what the ethics of cyber work should look like before a professional code of ethics can be established.
One cyber security sub-profession that could be considered mature enough for professionalization is digital forensics, which is relatively stable in the level of skills required, the report states.