Cyber security concerns are now unavoidable in the development, maintenance and operation of software based systems, and such concerns lead directly to questions of skill and expertise in the workforce and what learning pathways are needed to deliver these skills. To support the development of such pathways it is necessary to have a clear understanding of the scope of the subject – what, in detail, is cyber security? In mature disciplines, including software engineering, the scope of the discipline is formally documented as a Body of Knowledge: foundation knowledge that is generally accepted as underpinning the discipline and is available in books, published papers, reports and standards. These considerations have resulted in an initiative by the National Cyber Security Programme to develop a Cyber Body of Knowledge, the CyBOK project, led by Prof Awais Rashid at University of Bristol. The project began with extensive consultation workshops and other data collection exercises, leading to a public document of scope which is already proving useful in providing ‘heat maps’ to distinguish professional and educational offerings. Subsequent iterative development is progressively delivering Knowledge Area descriptions for public review, comment, and use. This talk will describe methods used by the project, the progress so far, and highlight material which is already available for use and public comment.