It has been one month since the National Cyber Security Centre (NCSC) introduced the Cyber Advisor scheme, aimed at assisting smaller organizations in achieving essential cybersecurity controls and standards. As we reflect on the scheme’s launch, reception, and lessons learned, we gain insights into its purpose and potential benefits for stakeholders.
The Cyber Advisor initiative primarily targets small organizations that may lack internal expertise or access to accredited professionals to secure their networks effectively.
Once certified, Cyber Advisors can offer cost-effective advice and, if necessary, hands-on assistance in implementing the five Cyber Essentials Technical Controls required to obtain Cyber Essentials Plus accreditation.
Why is Cyber Advisor linked to Cyber Essentials?
The NCSC believes that implementing the Cyber Essentials Technical Controls safeguards small businesses against the majority of high-volume, low-skill attacks conducted over the internet. Consequently, aligning with Cyber Essentials Plus becomes one of the simplest ways to enhance security in the UK and instill confidence in buyers regarding their level of protection.
Under the new scheme, organizations with qualified Cyber Advisors on their staff can provide NCSC-assured Cyber Advisor services to customers. This assurance lends legitimacy to the services offered by Cyber Advisor organizations and distinguishes them from the unregulated “wild west” of cyber consultancy services available nationwide.
The scheme has been well received by those already involved in the Cyber Essentials ecosystem. There is a growing desire to expand awareness of the scheme and highlight its benefits for both cyber consultancies seeking Cyber Advisor status and small to medium-sized businesses in search of reliable sources of endorsed and recognized cyber security advice from the National Technical Authority, NCSC.
Currently, the Cyber Scheme is the sole Accredited Assessment Provider for the scheme, developed and delivered in collaboration with IASME.
After one month of running the assessments, the Cyber Scheme has received positive feedback from candidates (mostly Managed Service Providers) aspiring to attain Cyber Advisor status, as well as from the assessors involved in the process. The aim is to expand assessment provision nationwide, initially in Belfast and Manchester, and subsequently in Edinburgh, Cardiff, and London.
Initial feedback from candidates suggests the following:
- There should be a greater emphasis on providing learning materials with less technical complexity.
- Additional guidance on the consultancy reporting section of the exam would be beneficial.
- The establishment of a forum for queries would be well received.
In the coming weeks, the Cyber Scheme will introduce an advice section on their website, along with developing webinars and video resources to assist Managed Service Providers in deciding whether to participate in the scheme and to aid small businesses in making informed procurement decisions.
The following quotes have been provided for editorial use:
Peter Loomes, Lead Cyber Advisor Assessor and Head of Training at The IASME Consortium, shares, “Over the past couple of months, while assessing candidates for the Cyber Advisor Scheme, I have encountered a wide range of prospective advisors. I have been impressed by the innovative advice they have provided for our scenarios, showcasing genuine talent and a commitment to supporting small businesses.”
Chris Blunt, Cybersecurity Assessor at Blunt Security, expresses his initial excitement and subsequent confidence in the Cyber Advisor scheme, stating, “When I first heard about Cyber Advisor, I was really excited. It addresses a significant need within the cybersecurity industry. I was also skeptical about how they would evaluate the essence of what makes a good Cyber Advisor in a 2-3 hour exam. Well, they nailed it. The exam captured the technical knowledge, combined it with non-technical explanations and conversations, giving me confidence that we now have a robust method to assess the competence of future Cyber Advisors. I truly believe the process will filter out those who are not yet ready.”
About The Cyber Scheme: The Cyber Scheme offers the highest standard of government-approved examinations, essential for technical consultants aiming to attain NCSC CHECK status, Cyber Advisor, and VA+. They also provide training for individuals seeking to work in the Cyber Security industry. Additionally, their goal is to support, educate, and recruit a new generation of talent, particularly those who traditionally faced barriers to entering the cybersecurity field. By addressing the current skills gap, they aim to ensure the UK has a resilient cyber industry capable of safeguarding its future.