Cyber security as a formalised profession is a relatively new concept. For example, the UK Cyber Security Council, a professional body, was created in 2021, and Ghana’s regulation of cyber professionals was introduced in 2020. These initiatives, intended to organise and manage the cyber security profession in their respective countries, are among the strongest national actions taken to formalise the profession, yet are both less than five years old. Compared to other recognised professions such as accountancy, medicine, or engineering, which have decades or even centuries of professional history, cyber security is only in its infancy of professionalisation.
However, the idea of cyber security professionals is not new. People have been working to secure technologies and data long before “cyber security” entered the professional vocabulary. Industry veterans recognise terms like “IT security” and “information assurance” which were associated with cyber-like roles. Meanwhile, the US National Institute of Standards and Technology has had a computer security programme since 1972. Cyber security therefore has a rich history of practice to draw on in developing its profession. So while the role of protecting digital and physical assets is not new, cyber security does come with a lexicon which is perhaps more nuanced than its predecessors and this language is new to many business leaders who seek to understand the relevance and impact of cyber security in their organisations.
The nascency of cyber security as a distinct profession offers an opportunity to create common understanding through a shared glossary of terms. The international community would be well-served by an agreed list of terms that underpin the profession. This glossary is not intended to define technical cyber security terms, but instead clarify shared understandings of terms related to professionalisation, such as “skill”, “role”, and “accreditation.” The glossary will enable people working in cyber security or looking to work in cyber security, as well as those designing training courses and educational programmes, to draw on the same building blocks regardless of what country they are operating in.