top of page
Search

On becoming a profession



Over the weekend, I've been quietly contemplating the meaning and implications of cybersecurity becoming a 'profession' rather than a hobby, specialism, tradecraft or whatever.


What is 'a profession' anyway? What does it really mean to be 'professional'? We use the terms informally in reference to formality, competence, maturity and so on, but I wonder about the more formal linguistic interpretation ... so out comes my favourite Collins English dictionary, millennium/4th edition from 1998:

Profession: 1. An occupation requiring special training in the liberal arts of science, especially one of the three learned professions, law, theology or medicine. 2. The body of people in such an occupation. 3. The act of professing; avowal; declaration. 4 . Also called profession of faith, a declaration of faith in a religion ...

Whereas 'faith in a religion' seems irrelevant, there is a depth of belief and passion in many information risk and security professionals. Reference to 'the three learned professions' may be simply an acknowledgement that people have specialisted in those areas for hundreds or thousands of years, but I'm surprised not to see 'accountancy' in there, or 'engineering', 'teaching' or 'business' ... in fact, thinking about it, I would argue there are many more than three widely acknowledged professions today: so are they not 'learned'? What does that mean?

Learned: 1. Having great knowledge or erudition. 2. Involving or characterised by scholarship. 3. (prenominal) A title applied in referring to a member of the legal profession, especially to a barrister.

Most accountants, engineers, teachers and business managers are scholarly in the sense that they study hard at university to degree level, while some achieve post-grad qualifications that involve in-depth academic studies to reach expert status ... so are they not just as learned as legal, theologic or medical professionals?

As to cybersecurity, although there are some uni degrees, masters and doctorates in that area, a fair proportion of us woud be considered practitioners with qualifications such as CISSP, CISM and CISA supplemented by practical experience ... so despite having completed 'special training' and gaining 'great knowledge or erudition', maybe we are not so learned and hence not professionals after all. Hmmm.


OK, back to the Collins:

Professional. 1. Of, relating to, suitable for, or engaged in as a profession. 2. Engaging in an activity for gain or as a means of livelihood. 3. Extremely competent in a job etc. 4. Undertaken or performed for gain or by people who are paid. 5. A person who belongs to or engages in one of the professions. 6. A person who engages for his livelihood in some activity also pursued by amateurs. 7. A person who engages in an activity with great competence. 8. An expert player of a game who gives instruction, especially to members of a club by whom he is hired.

That is much broader, more inclusive than 'profession', creating a linguistic conundrum: doesn't every 'professional' work in a 'profession', by definition? Oh well, that's a puzzle. Maybe there are 'cybersecurity professionals' despite it not being a profession. Or maybe my much-loved dictionary is 27 years out of touch.





 
 
 

Comments

bottom of page