Following an industry placement during his degree, Andy worked his way up from an analyst to a senior security consultant. Read on to see how he did it...
How did you get your current job?
Part of my BSc Forensic Computing sandwich degree at Staffordshire University was a year-long industrial placement at a key financial services provider. When I graduated they let me know about an analyst vacancy, which is generally the first rung of the ladder for a graduate starting in information/cyber security.
I applied and was successful and in the last five years I worked my way up in the company. After this I was approached regarding a senior security consultant position at Whitbread, which I was successful in achieving.
security is a growing specialist niche which needs good critical thinkers, problem solvers and, very importantly, good communicators
Describe a typical day...
My day usually begins with internal staff meetings regarding projects and ad-hoc queries. I then get on with designing and reviewing technical and procedural solutions for cyber security issues arising from ongoing monitoring, new projects or customer issues.
Participation in new company projects also forms part of my daily activity: having to highlight and define the security issues around a chosen product or direction.
As senior consultant, I train and mentor junior personnel within the team. It's a rewarding aspect of daily activity as it opens me up to other insights and views, as well as providing key experience for my career ambition to manage people within my field.
How has your role developed?
I began as an analyst, processing access requests to various secure systems. As I became more experienced, I was given larger issues to overcome.
Eventually, my work developed into full-time project security consultancy and solution design. As time went on I was able to learn more soft skills, achieve various vendor and process certifications and prove myself to be an integral and flexible member of the team, so when I applied for an internal security and risk consultant vacancy I was successful in getting the promotion.
Overall I plan to continue on this path to hopefully become a CISO (Chief Information Security Officer) with a department of my own.
What do you enjoy about your job?
Cyber security is a fast-paced industry with interesting technology and processes that are always surprising: whether it's building a simple database to record permissions, implementing and managing a vulnerability management tool or configuring full public key infrastructure (PKI) systems.
If you keep updating your technical knowledge and skills you'll rarely get bored because by the time you get used to something, it has evolved. While this is true in most technical fields, security is a growing specialist niche, which needs good critical thinkers, problem solvers and, very importantly, good communicators.
What are the most challenging parts of your job?
A common challenge with security is user engagement: if the business doesn't fully understand the implications, and the role of the security department in solving potential problems.
It's sometimes difficult for a business to see the benefit of security and the input of the department: sometimes we're just seen as an obstruction.
One of the most challenging, and yet also one of the most rewarding, things about my job is getting to the true source of a problem or security risk. This tells me that I fully understand what I'm working with and can then overcome it and use it to my advantage.
Any words of advice for graduates who'd like to get into security?
There's a growing need to have good, technically competent people who can analyse and investigate, as well as to be reflective when proposing solutions.
There is an important need to balance this with good communication skills. You need to be able to respectfully convince people of your findings and your proposed solution to get them to help you reach that finished solution.
Being able to communicate your purpose effectively can encourage others to work with you to achieve what you need to do.