It has been a month since the National Cyber Security Centre (NCSC) launched the Cyber Advisor scheme with the aim of assisting smaller organizations in achieving essential cybersecurity controls and standards. As we reflect on the scheme’s launch, reception, and future prospects, we gather valuable insights into its purpose and potential impact.
The Cyber Advisor initiative primarily targets small organizations that may lack internal expertise or access to accredited professionals to bolster their network security.
Once qualified, Cyber Advisors will offer cost-effective advice and, when necessary, hands-on assistance in implementing the five Cyber Essentials Technical Controls required to obtain Cyber Essentials Plus certification.
Why is Cyber Advisor linked to Cyber Essentials?
The NCSC believes that enforcing the Cyber Essentials Technical Controls safeguards small businesses against the majority of low-skill, high-volume cyberattacks originating from the internet. Consequently, implementing Cyber Essentials Plus becomes one of the simplest ways to enhance security in the UK while instilling confidence in buyers regarding the adequacy of their business’s protection.
Under this new scheme, organizations with qualified Cyber Advisors on their staff can offer NCSC-assured Cyber Advisor services to their customers. This assurance provides customers with peace of mind and elevates the services offered by Cyber Advisor organizations above the unregulated landscape of nationwide cyber consultancy services.
The scheme has received positive feedback from stakeholders already involved in the Cyber Essentials ecosystem. There is now a desire to expand awareness of the scheme and to demonstrate its benefits to both cyber consultancies seeking Cyber Advisor status and small and medium-sized businesses in search of a trustworthy source of cybersecurity advice, endorsed and recognized by the National Technical Authority, the NCSC.
Currently, the Cyber Scheme is the sole Accredited Assessment Provider for this initiative, developed and delivered in partnership with IASME.
After a month of running assessments, the feedback from candidates (mostly MSPs) aspiring to gain Cyber Advisor status and the assessors involved in the scheme has been encouraging. The aim is to gradually introduce assessment provision nationwide, starting with Belfast and Manchester, and subsequently including Edinburgh, Cardiff, and London.
Initial candidate feedback suggests the need for a greater emphasis on providing learning materials with less technical complexity, more guidance on the consultancy reporting section of the exam, and a forum for queries, which would be well received.
In the coming weeks, the Cyber Scheme plans to implement an advice section on its website, as well as develop webinars and video resources to assist MSPs in deciding whether to join the scheme and aid small businesses in making informed procurement decisions.
The following quotes have been provided for editorial use:
Peter Loomes, Lead Cyber Advisor Assessor and Head of Training at The IASME Consortium, shares, “Throughout the past few months, while assessing candidates for the Cyber Advisor Scheme and meeting a diverse range of prospective advisors, I have been fascinated by the innovative advice provided in response to our scenarios. It clearly demonstrates the presence of genuine talent and a strong commitment to supporting small businesses.”
Chris Blunt, Cybersecurity Assessor at Blunt Security, expresses his initial skepticism and subsequent satisfaction, stating, “When I first heard about the Cyber Advisor scheme, I was excited but also doubtful. How could they capture the essence of a competent Cyber Advisor in a 2-3 hour exam? Well, they surpassed my expectations. The assessment effectively combines technical knowledge, non-technical explanations, and even conversations. It gives me confidence that we have a robust method to assess the competence of future Cyber Advisors, weeding out those who are not yet ready.”
About The Cyber Scheme: The Cyber Scheme provides the highest standard of government-approved examinations, essential for technical consultants aiming to obtain NCSC CHECK status, Cyber Advisor, and VA+ certifications. They also offer training for individuals aspiring to work in the cybersecurity industry. Furthermore, the scheme aims to support, educate, and recruit a new generation of talent that traditionally faced barriers to accessing careers in cybersecurity, addressing the current skills gap and ensuring a resilient cyber industry to safeguard the future of the UK.