Cyber attacks and cyber security have had a high-profile couple of years, so it seemed fitting for TARGETjobs IT & Technology to ask an expert about her role, the latest developments in the industry and why graduates should think about cyber careers...
How did you get your current role?
I’m a cyber security consultant, which means that I work with clients advising them on cyber security issues. I started as a business analyst, but pretty soon got into security work. I’ve done all sorts of projects: product evaluations, running security tests, and reviewing new designs and writing strategies.
I work for a technical consultancy where I’m a senior manager as well as a consultant, so I also manage junior consultants, interview new candidates, present on topics of interest and run a women’s security network.
What is cyber security?
Cyber is a broad term, but I would define it as referring to the digital world, ie private and public networks, user devices, and the information on it and people interacting with it. Security is about managing risks to the level that we’re comfortable with and, in the case of cyber security, we’re talking about the risks to businesses and people that come via the cyber world. We try to understand the information and the service that is being used, what could go wrong (and how bad it would be if things did go wrong), and mitigate the risks that we’re really worried about.
Companies are investing heavily in cyber security right now, and it features frequently in the media. Why?
I think people now understand more about what happens when there is an attack, and so they are better able to understand the nuances of individual stories – especially when there’s a political backdrop. Also, a wide range of cyber attacks have been showcased now, such as big customer data leaks, denial of service and state-on-state espionage, which make good stories when you consider the motivations and context of the attacks, even if you don’t understand the specifics of how they have happened.
Will the ‘cyber security hype’ die down?
Good question. It doesn’t show any signs of doing so. As cyber attacks continue to evolve and create ever scarier impacts (when people get physically hurt, for example, or there is a tangible effect such as a failure of a mechanical system or an explosion on a power plant) – the media interest will keep going. That’s good as we want people to understand what could go wrong, although I really disapprove of scaremongering, which is irresponsible journalism and counter-productive. Of course, the recent allegations of hacking on the political scene in the USA and France are raising the stakes again, and so whenever I say I work in cyber security, someone will say ‘how topical’. Everyone is becoming aware of hacking with malicious – and political – intent.
What are the top trends in the sector?
In some areas, like finance, we’ll be going towards increasing compliance and monitoring in the wake of fraud and internal misuse scandals. In consumer energy, there’s a move towards increased connectedness, the Internet of Things, so the security around the user and their home life is interesting. And of course there’s the increased use of cloud services – working out how to trust the new supply chain.
As cyberspace continues to evolve, we get more small groups and single hackers who can leverage the work of others and carry out serious attacks, and new capabilities coming online all the time, which gives us increased uncertainty. As we continue to connect with each other and communicate about ourselves, there’s a continued erosion of physical boundaries and changes in the expectations of privacy.
BAE Systems is among the companies investing heavily in cyber security. What does this mean for students and graduates?
BAE Systems is an engineering group and the part I work in is the cyber division, part of a technical consultancy. Within this division we have some really interesting technical and analytical roles in cyber security – generating threat intelligence, designing and testing our new platforms and products, or working with clients to solve their trickiest problems. I have already seen an increase in our numbers over the last year or two and it’s exciting to see the potential of the new graduates and interns.
What do you enjoy most about your job?
It’s a problem-solving business that we work in; it’s very logical. Understanding the technical infrastructure and what is happening on it, and isolating the weak point, is usually quite interesting, particularly as new problems are coming up all the time. Figuring out how to solve a problem can be quite a creative process as well. There’s usually more than one way to close a gap, and it might not be a technical solution – it might involve changing what people do. I’ve always worked very closely with clients as well, and I really enjoy working in a team. Within my division of BAE Systems there are lots of internal activities we collaborate on as well, which is great because everyone has strengths they can contribute. I’ve been studying for a masters part time for the last two years and the company has been very supportive, allowing me to work flexibly to accommodate my studies.
What words of career advice would you offer young people who want to enter the profession?
Well, first I’d totally recommend a career in cyber security. It’s growing in size and opportunity year on year, it incorporates lots of different skills and has variety – there are many different career paths, as well as the opportunity to specialise in highly skilled areas if you want to, such as ethical hacking or forensics.
Secondly, take advantage of being new and junior and ask lots of questions. Recognise what you don’t know and don’t get stuck on the gaps in your knowledge, but don’t pretend you know everything. That’s how you learn!
Follow us on Twitter @TjobsEng_Tech.