The U.K. Cyber Strategy: Developing Cybersecurity Skills, Knowledge and Culture

In the final installment of our five-part blog series on the U.K. Government Cybersecurity Strategy for 2022-2030, we spoke with Greg Day, Cybereason’s Vice President and Global Field Chief Information Security Officer (CISO) for the EMEA region, to get his perspective on the strategy's final objective: Developing the right cybersecurity skills, knowledge, and culture. 


  • Outcome 21: Government attracts and retains the diverse cybersecurity workforce it needs to be resilient
  • Outcome 22: Government continuously develops its cybersecurity workforce to ensure that it has and retains the skills it needs
  • Outcome 24: Government has a cybersecurity culture that empowers its people to learn, question, and challenge, enabling continuous improvements in behaviors and resulting in sustainable change

The global education system has struggled to keep pace with the ever changing cybersecurity landscape, leaving many organizations to invest in their own custom programs. Although such an investment can seem like a large cost (both in terms of time and money), it often proves extremely beneficial in the face of a 65% global cybersecurity skills gap.

One of the unintended consequences of these upskilling programs is that organizations end up with a retention problem due to losing newly-skilled talent to higher-paying jobs, according to Day. Developing a strong cybersecurity posture does not just mean investing in upskilling programs, it means investing in the people themselves. It’s important that organizations keep the work interesting and focus on personal and professional growth.

Beyond security practitioners, there should also be a culture of accountability for employees across an organization. Everyone has a part to play in the cybersecurity posture of their organization, Day said. 

“Culture has to be ongoing and everyone [should understand] why they have an accountable bit and what is expected of them,” he said.

Day also emphasized the importance of fostering an encouraging and empowering environment for the security of the organization. “A mistake that is often made is organizations embrace a culture of shaming those who might make a security mistake when instead the culture should be more about determining how to move forward together,” Day said.


  • Outcome 20: All government cybersecurity skills requirements are understood
  • Outcome 23: Sufficient cybersecurity knowledge and awareness across the government’s professional functions ensure that cybersecurity is actively taken into consideration

The culture of accountability mentioned above “only starts when you have a CEO and a board who say that cybersecurity is important,” according to Day. Senior-level executives must build out processes from the top-down where they are keeping security consistently top of mind. Organizations might check the box for developing a cybersecurity culture by hosting an annual security accreditation. However, Day recommends building culture in little ways where cybersecurity is emphasized in a consistent, frequent manner.

This downstream effort relies on a strong partnership between CISOs and other senior-level executives. Many times, there ends up being a disconnect between a CISO’s understanding of the top business priorities and a CEO/board’s understanding of the realities of the threat landscape. It is up to the CISO to ensure effective communication of threats within the context of the larger business processes. 


  • Outcome 24: Government has a cybersecurity culture that empowers its people to learn,
    question and challenge, enabling continuous improvements in behaviors and resulting in sustainable change

A common theme that connects the people and the process components above is effective communication. How do you get those who don’t work directly in security and higher-level executives to care about the importance of cybersecurity?

“If we want to build an ecosystem where we are building a cultural passion [for security], it starts with good storytelling,” Day said. “Effective storytelling can help to educate the realities of the threat landscape in a way that will resonate with those across an organization.”

The Cybereason XDR Platform has been purpose-built for effective storytelling. One of the central features of the Cybereason Platform approach is the MalOp Detection Engine. A MalOp, or Malicious Operation, ties together the attack chain in a complete end-to-end story of a cyber attack. Through advanced detection techniques, Cybereason recognizes when multiple suspicious activities are likely part of a single security incident, and generates a MalOp Detection which provides security analysts with a single point of investigation. 

This end-to-end story can be quickly digested by SOC analysts and communicated to other parts of an organization in a timely manner. A MalOp is designed so that it can be easily communicated to those who may not work in the security practice — as it clearly outlines the root cause of the attack, tools leveraged, affected users and machines, and all attacker communications.

In addition to MalOp Detections, the Cybereason XDR Platform works to correlate data across an organization’s endpoints, email, productivity suites, identity and access management, and cloud deployments. This enables higher-level executives to not only have visibility into what assets and machines exist within an environment but also how they all interact with each other. 

As Day recently explained in a World Economic Forum piece, a large part of accountability comes from improved visibility of data flows. Due to the ever-growing complexity of our connected devices, it becomes less obvious who owns the risks that may exist between devices.

Increased visibility of data flows provides the opportunity for higher-level executives to assign ownership of risk where necessary, Day said. “If business and security leaders can understand which entities are involved in the data chain of custody, organizations can identify the weak points and build resilience around them.”

Read previous installments of this blog series:

Part 1: Cybereason Support for the U.K. Cybersecurity Strategy

Part 2: How Cybereason Enables the U.K. to Defend Against Cyberattacks

Part 3: Detecting Cyber Events is Key to UK Cybersecurity Strategy

Part 4: Minimizing the Impact of Cybersecurity Incidents

Cybereason is dedicated to teaming with Defenders to end attacks on the endpoint, across the enterprise, to everywhere the battle is taking place. Learn more about AI-driven Cybereason XDR here or schedule a demo today to learn how your organization can benefit from an operation-centric approach to security.

Karishma Asthana
About the Author

Karishma Asthana

Karishma is a Product Marketing Manager at Cybereason. She was previously with Accenture Security where she worked as a penetration tester and was responsible for helping clients understand and manage their security vulnerabilities. Karishma is passionate about exploring large shifts in the cybersecurity industry from a technical and strategic point of view.

All Posts by Karishma Asthana