Joining the new Ambassador Scheme, ISC2 will promote secure-by-design software practices and adoption of a shared national baseline for software security

London, UK., 15 January, 2026ISC2 – the world’s leading nonprofit member organisation for cybersecurity professionals – today announced it has joined the UK government’s Software Security Ambassador Scheme as an Expert Advisor, a new year-long voluntary initiative launched by the Department for Science, Innovation and Technology (DSIT) in partnership with the National Cyber Security Centre (NCSC). A vital step in incentivising organisations to improve their software security, the Ambassador Scheme supports the adoption of the Software Security Code of Practice introduced in May 2025, which sets out voluntary principles defining what good software security looks like across the entire software lifecycle.

According to ISC2’s 2025 Supply Chain Risk Survey, more than half (51%) of respondents report that software vulnerabilities in supplier products are the most disruptive cybersecurity threat to their organisation’s supply chain - a growing threat as more services globally are digitised and reliant on third-party providers. The Code responds to this challenge by setting clear expectations and best practices for technology providers and organisations that develop, sell or procure software. The Code covers secure design and development, build-environment security, secure deployment and maintenance, and transparent communication with customers.

“Promoting secure software practices that strengthen the resilience of systems underpinning the economy, public services and national infrastructure is central to ISC2’s mission,” said ISC2 EVP Advocacy and Strategic Engagement, Tara Wisniewski. “The Code moves software security beyond narrow compliance and elevates it to a board-level resilience priority. As supply chain attacks continue to grow in scale and impact, a shared baseline is essential and through our global community and expertise, ISC2 is committed to helping professionals build the skills needed to put secure-by-design principles into practice.”

By joining the Scheme as an Expert Advisor, ISC2 is committing to a process of transparency to help develop and improve the Code of Practice while leading by example. ISC2 will actively champion the Code by embedding its principles into education, professional development and engagement with its more than 10,000 members and associates in the UK, and wider cybersecurity community of more than 265,000 globally.

ISC2 will help drive adoption by:

  • Promoting awareness through educational and thought leadership content
  • Referencing the Code in relation to certifications, training and guidance that support secure software development
  • Engaging with stakeholders and organisations across the software supply chain to encourage practical implementation
  • Incorporating the Code into expectations for relevant partner organisations

While the Code is designed to be flexible and scalable, effective implementation depends on skilled professionals who understand secure software development throughout the lifecycle. ISC2’s globally recognised Certified Secure Software Lifecycle Professional (CSSLP) certification supports incorporating better security practices into each phase of the software development lifecycle (SDLC), including secure software design and development and maintenance. ISC2 aims to further advance the skills, knowledge and capabilities required to implement the Code effectively.

Organisations that join the Scheme commit to becoming Ambassadors of the Code of Practice. They will lead by example in implementing the Code, promote awareness and adoption, and share real-world success stories and use cases.

Learn more about the Software Security Code of Practice here: https://www.gov.uk/government/publications/software-security-code-of-practice/software-security-code-of-practice

About ISC2

ISC2 is the world’s leading member organisation for cybersecurity professionals, driven by our vision of a safe and secure cyber world. Our more than 265,000 certified members, and associates, are a force for good, safeguarding the way we live. Our award-winning certifications – including cybersecurity’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cybersecurity profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, the Center for Cyber Safety and Education, helps create more access to cyber careers and educates those most vulnerable. Learn more, get involved or become an ISC2 Candidate to build your cyber career at ISC2.org. Connect with us on XFacebook and LinkedIn.

© 2026 ISC2 Inc., ISC2, CISSP, SSCP, CCSP, CGRC, CSSLP, HCISPP, ISSAP, ISSEP, ISSMP, CC, and CBK are registered marks of ISC2, Inc.

Media Contact

Kiri O’Leary
Corporate Communications Professional
ISC2
koleary@isc2.org