Developing the

Cybersecurity
profession -
2023 and beyond

Ian McKay, MSc, MBA, MCIIS

About me
• Vice President of Global Security Transformation

• Worked globally in various industry verticals including

engineering, B2B retail, Financial services, and HR.

• Have been responsible for large scale global security and

resilience initiatives

• Provide advisory services across technology and Governance

(GRC) areas including global standards.

• Completed my MSc and MBA with a focus on Information

Security, Forensics, and Technology Management

• Currently working towards a Doctorate with active research

projects around business resilience and socio-technical impacts
of cyber risk.

• Active committee member of the Chartered Institute of

Information Security (CIISEC) in the UK
 Future of cybersecurity
70% of CEOs will mandate a culture of
organizational resilience to survive
Modern privacy laws will cover the threats from cybercrime, severe weather
personal information of 75% of the events, civil unrest and political
world’s population. instabilities.

2023 2024 2025 2026

60% of organizations will use The percentage of nation states passing

cybersecurity risk as a primary factor in legislation to regulate ransomware
conducting third-party transactions and payments, fines and negotiations will rise
business engagements. to 30% by the end of 2025, compared to
less than 1% in 2021.

Gartner Cybersecurity predictions, 2021

 Automation Cloud Security AI / ML

Trends in Advanced
More
Connections
More Privacy
& Cyber laws
Threat actors
industry and Data globally

Higher GRC and Security to be

minimum Certification critical to
standards focus tenders
 End Client

• Roles will have more of a focus on GRC and

management of Projects & MSP’s in smaller to mid size
organisations with large organisations building out
small teams to focus on critical areas to the business
• BCP and Crisis teams will become more of a hybrid
function across key business areas

How will this MSP

develop? • Roles will allow people to focus on specific areas like

SOC, Threat Intelligence or forensics and work with a
list of clients whilst giving clients cost effective 24/7
coverage.

Contractor

• Freelancers will further develop their skills for specific

areas and be able to work with both end clients and
MSP’s to deliver value.
 • Business aware cyber professionals are critical
(BISO)
• Deeper understanding of the how
• More technical / architectural or GRC roles
(repetitive roles will be lost to AI or MSP’s)
• Barriers to entry may get tougher and change
dependant on route
What's on the • Continued issue with expectations for roles and
lack of understanding at a board level
horizon? • Government standards may dictate qualifications
and certifications for “accredited roles”
• Focus on GRC internally to manage compliance and
posture with the ability to engage 3rd party MSP’s
for specific functions
• Requirements for business related qualifications in
strategic roles.
Professional
Development areas

(ISC)2 Cybersecurity Workforce Study, 2021

What do
hirers look
for?

(ISC)2 Cybersecurity Workforce Study, 2021

Certification
Landscape

(ISC)2 Cybersecurity Workforce Study, 2021

 GRC & MSP Sales tool

In conclusion. Higher
minimum Understanding
What does this all standards
mean and what do
we do?
Business focus