Focus on a Chartered Security Professional: James Bore
Cyber security consultant
In our ongoing series of profiles on Chartered Security Professionals, we interviewed James Bore, a cyber security consultant:
Can you summarise your career so far, including why you chose cyber security?
It’s a slightly challenging one to answer. When I began my career, the Data Protection Act 1998 was only a couple of years old and I started out providing management for school networks, which meant that the new data protection legislation and the idea of information security was taken seriously.
I often joke that the school where I worked was the perfect environment to learn security. It was massively under-resourced (being a team of two at the time, with no real budget), had a reasonable-sized network (200-odd computers), and a huge pool of motivated attackers constantly trying to find ways around our security (2,000-odd students, and some teachers).
That started me on the technical side of things, and over the years I jumped into different areas of IT, gradually sidling closer and closer to the security side of things and away from the technology side.
There are a couple of people in particular who gave me encouraging kicks at the right time in my career, and really helped shape it, although they may not be aware of this. One was one of my earliest managers, who not only gave me an opportunity to get into virtualisation, but also simultaneously gave me the chance to learn the importance of governance and risk management. Then, almost a decade later, my boss at one of the larger Telcos really kicked things up by introducing me to the importance of people skills, networking, and communication to get things done – lessons that I took to heart and really set my feet on the path I’m still walking now.
A few years ago, I decided to link together my rather eclectic experiences, and went down the route of a part-time MSc in cyber security with Northumbria University. This gave me the opportunity to round off the edges of my knowledge along with picking up some foundational skills to develop further on. Finally, a while after that, I had a good enough relationship with my employer at the time to take a chance, and went fully independent to run my own company just after the start of the pandemic.
As a cyber security consultant, what made you decide to become a Chartered Security Professional?
One of the things that I will preach about given the slightest opportunity is the idea that security is the discipline, the skillset and models we use to look at the world, and cyber is just one of many domains where it can be applied. That’s not to say that the technology doesn’t matter, but the security skills and tools that we develop around risk management, threat modelling, governance, policies and procedures, and everything else that makes up the security world are independent of the cyber side of things.
For years I’ve been attending and speaking at physical and hybrid security events, and becoming a CSyP seemed a much better fit with my view of security than taking a more technology-focused option to professional accreditation. It also sets a high bar for standards, while most of the certifications which exist in the cyber security industry assess competence with multiple choice quizzes. A Royal Charter is a long-established and legally recognised standard for professional achievement.
What difference has it made?
I haven’t been on the Register for long which makes this difficult to assess. At the very least though, it has led to some very positive conversations with clients and colleagues about the role of cyber in security which. given government consultations coming out, seems timely.
How will it help in your next steps?
It gives many of my clients a degree of confidence and reassurance that they are getting the guidance that they are looking for and that I am required to remain current in the field. Given how quickly the cyber security field changes, and how quickly most certifications go in and out of fashion, it’s a mark of competence that stands aside from any vendor certificates or similar.
What guidance would you give others working in cyber security who are thinking of applying?
For those in cyber security in particular, it is a very different process to any professional certification you’ll be used to. There are no multiple choice tests, or courses to cram in order to pass the assessment. I would very much recommend going to one of the application workshops to start out, and speaking with other CSyPs to get their thoughts on ways for you to apply, and the experience you’ll need to demonstrate.
For more information about becoming a Chartered Security Professional please visit www.charteredsecurityprofessional.org