Are you an Ethical Cyber Security Professional?

15 Dec

There has been quite a bit of debate on the internet recently about professionalism in the cyber security industry.

Some well-informed, and some… well… interesting.

Starting with the interesting camp, apparently “Infosec isn’t a real profession”, based on the premise that we can’t quantify risk.

This fact was debated on the LinkedIn ISO27001 Group, which turned into a constructive debate about the balance between knowledge and experience.

Hacker silhouette on binary codesThe knowledge / experience debate tries to draw the line between a person that has read a book / done a training course / passed an exam (the CISSP model), versus someone that can show referenced examples of having undertaken good work in the area (the CCP model).

In reality a balance of both aspects is needed, as well as a programme of continuing professional development to keep both up to date.

The article “How do you define a cyber security professional?” reminds us of an important additional aspect in all of this – ethics and code of conduct.

It reminds us that as professionals, we build up a great knowledge set of the defences (and weaknesses) of our customer’s system, and must use that knowledge ethically.

Have you validated that the cyber security advisors working for your business have committed to a recognised code of conduct?

Please join the discussion, we welcome your views...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: