TARGETjobs black logo
Deloitte banner


How I started my cyber security career as a Deloitte graduate

Caitlin’s first graduate job was in engineering but it wasn’t for her; instead, she investigated cyber careers with Deloitte and found a job she loves.
Working life as a cyber consultant at Deloitte: graduate Caitlin Smith reveals all
Caitlin Smith
Job title: 
Consultant in the cyber incident response team

2010–2014 Studied for and graduated with a first class MEng in chemical engineering at Newcastle University. 
2013 Captained one of the university tennis teams and gained a summer internship in the oil industry.
2014 Won the ‘best design project presentation’ award at university; the research of which contributed to a patent.
2014–2016 Worked as a chemical engineer in the oil and gas industry. 
2016 Joined Deloitte in current role.

The first time I responded to an incident, I got a real buzz

I started working as a chemical engineer in the oil and gas industry around the time when oil prices plummeted. There wasn't much work on and I wanted something that would be more exciting. A school friend worked at Deloitte and suggested that I look into the cyber roles offered by the firm. I must admit that I didn't know Deloitte even did cyber!

The idea of working in cyber intrigued me. My friend put me in touch with two colleagues in the cyber team to find out more and I found them inspiring. I liked the idea of working within a constantly changing industry, where there would be lots of opportunity to learn, with the changing threat landscape. I went away and applied to the graduate programme.

A great start

I didn't know much about cyber when I joined; I'd gained logical thinking skills from my engineering degree, but I didn't consider myself to be a 'technical' person. At Deloitte I have access to so many learning and development resources, which is really valuable. If you want to do some training, you put forward a business case with your justification, for example why it may be beneficial for your role, and more often than not you'll receive the approval to go ahead.

At the start of the graduate programme, we had six weeks of training, which included two weeks away in the Cotswolds and two weeks in Windsor. There we were taught the cyber security fundamental skills, as well as the core Deloitte skills and processes, which I've been able to build on over my time here. We had presentations from partners in charge of different cyber capability areas, going through the range of opportunities available within the cyber team. There were a number of teambuilding exercises and various games too – even a murder mystery event. It was a great introduction to work, to my peers and to the extended Deloitte team.

A thrilling response

I'm part of a team that a client calls in when there has been a cyber incident, such as a data breach. I help to advise clients on how to respond to incidents if they happen, taking them through hypothetical scenarios. The first time I responded to an incident and had to travel immediately to the client site, review what had happened and work out the forensics, I got a real buzz. It's not your average desk job and that suits me. I've learned that I like new challenges and I love my job. In cyber, you are placed on a project with a client for a certain amount of time; since starting I've been on at least ten different projects. My first project was based outside of London at a client site.

As part of a team of four, you're pretty much thrown in the deep end from day one. What I found then, and since, was that I wasn't treated as the 'newbie' or as a 'graduate'. My team offers me a lot of support and everyone is willing to help me learn, but I never feel as if I am at the 'bottom of the food chain', so to speak. When I worked in engineering I felt hidden away from clients, but this is not the case here. The clients we report to are often senior executives and, sometimes, I can't quite believe I'm part of the team presenting to them. I think 'I only have a year of experience behind me but I have contributed to my team's recommendations. Wow!' It's a bit disconcerting, but really cool and my team is encouraging and supportive.

An inclusive culture

I have a strong support network, which I think is really special. I've been given a coach to help guide my career progression. I am also part of the 'Women in Cyber' team, which is led by some great female role models in the team and is an initiative that aims to increase gender diversity in cyber security. I really enjoy it. They bring in a range of external speakers to come and inspire and educate our team. It's lovely to feel part of a network and I'm motivated by our speakers. There are other groups across the firm, too, and Deloitte is big on encouraging inclusion and diversity.

I've also got involved with the charity work that Deloitte supports: I've just achieved a place on its sponsored bike ride from Land's End to John O'Groats. If you'd said to me three years ago that I would be working in cyber security and cycling 969 miles, I'd never have believed you. In fact, the firm supports you in doing lots of activities to help the community outside of your core role. Every month, I am doing something, such as going into schools to help with STEM initiatives. I love it. For me, it's one of the selling points of Deloitte, but I don't think it is something that many applicants are aware of.

A successful application

In your application and interview, don't be afraid to let Deloitte know if you've done something special. There's a fine line between selling yourself and boasting. The key is to pick out two or three achievements that are relevant to the role you are applying for – relevancy is essential. However, before you apply, research the job role. It's important to know what the role actually involves to see if it suits you. I've always been an advocate of changing a job if you don't like it – life is far too short – but for now I am perfectly happy. I have a great team, great friends and I really enjoy what I do.

Exclusive content for The UK 300 2018/19. Copyright of all material written by TARGETjobs lies solely with GTI Media.