I got my first glimpse of cyber security through a friend, sheer curiosity made me probe deeper into the field and it wasn’t long before I developed a deep rooted interest in it.

Before then, I have had no interactions with cyber security beyond articles in the news relating to cyber attacks. I have also heard of people falling victim to various forms of attacks ranging from internet banking fraud, identity theft and the likes.

The thought of how this is possible and how it is been checkmated formed the basis of my interest in cyber security as a profession. I began taking more interest in news bordering on cyber security and cyber attacks. I saw the attacks as mindless acts that could take individuals and organisations from lofty heights to ground zero within the twinkle of an eye. I reasoned that I could be of help and maintain a sane cyber space from the comfort of my personal space. I put in for some cyber security courses and thus, began my journey into the world of cyber security.  Now 5 years later and I have achieved my Masters Degree in Cybersecurity and my CISM qualification and I am a Security Consultant at one of the greatest cyber security films, CyberCX.

As a Security Consultant, I conduct authorised tests or simulated cyber attacks on network systems and applications to expose any security weaknesses that cybercriminals may exploit.

I remember when I was about 14 years old in the days when you had to access the Internet using a dial-up modem (a Racal Datacom ALM 3223 to be precise) and mobile phones barely existed. The Internet was a fascinating new world to explore, and this was where I first came across the term hacker and the associated (sometimes illegal) hacking activities of the computing underground.

At about this time, the existence of the esteemed 2600: The Hacker Quarterly Magazine appeared on my radar, and a subscription was eagerly sought. Being headquartered in New York, USA it took a while for the first issue to make its way to my door in the UK, however it was worth the wait. The content inside was captivating and full of ideas, with a good mixture of computing and electronics information, and some political commentary thrown in for good measure. It never occurred to me that ‘hacker’ could be a job title, however, as is often the case, real life took over and this initial excitement faded and was largely forgotten.

Fast-Forward 15 years and I am a CCTV engineer, working in customer service, travelling around the UK to customer sites, more often than not, replacing hard drives and rebuilding RAID arrays, however, little did I know, I was developing some valuable life skills here (but more on that later).

It wasn’t long before the limits of being a CCTV engineer were reached and I was looking for something more fulfilling, wanting to go back to my ‘roots’ and a more pure computing role, the job of ‘penetration tester’ sounded fancy and just the sort of challenge I needed.

The next few years were spent building up the necessary skills to get some qualifications that I hoped would be enough to land me a pentesting job despite not having worked in the ICT sector at all. Not wanted to return to my old job was a strong motivator to succeed and after a lot of hard work I passed the exam.

With my OSCP certificate in hand I went on the hunt for my first job, again, I wondered, who is going to employ me with no experience? It’s at this point where I want to return to the ‘life skills’ I mentioned earlier and let you in to a secret. You see, it wasn’t the technical knowledge that I learned during my studies that got me my first cyber security job, it was perseverance and people skills!

The job of a penetration tester is not only a technical one, no, it’s much more than that, it’s about understanding people, communication, working as a team, with colleagues and customers towards an outcome where both are satisfied. Yes, you need to have a good level of technical knowledge, but that’s not where the story ends.

Success means different things to different people, but I’m pretty sure for most people they want a job that is reasonably interesting and for the most part enjoyable, and this is where the job delivers. The job is as wide as it is deep and there is always something new to learn, it is not for everyone and different to what you might imagine, in a good way. Satisfaction for me is delivering a high quality, bespoke report and getting some good feedback from the customer, knowing I have done my job well and the customer is happy because we have exceeded their expectations.

When you say Cyber Security to people, the first thing they say is “…isn’t that just about IT?”.  My answer to that is it most definitely not.

The definition of cyber security (as stated by Wikipedia) is the “protection of computer systems and networks from theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide “and is a combination of understanding what that risk is and then having the ability to provide the solution to minimise it.

The complex, technical side of creating this protection, is to me like speaking a foreign language and best left to the IT techie gods.  My contribution of utilising my skills and in-depth knowledge of governance, risk, and compliance means I can play a pivotal role along-side IT technical knowhow, so we can jointly come together to provide this protection.

My legal career has provided me with a wealth of real-life situations and understanding of potential harmful and dangerous risks associated with the loss of company and/ or personal assets. Understanding the legal implications of a data breach, knowing the rules, practices, procedures, laws, and regulations, means I act as the glue between helping a client and providing the correct information to the IT technical teams for them to deliver robust systems to protect the confidentiality, integrity, and availability of data.

So, my advice is when it comes to considering Cyber Security as a career choice, don’t be thinking it’s just all about IT systems.  Instead, you can be the one providing the golden nuggets and playing that pivotal role.  You simply cannot do one without the other.

Coming from a background in finance, I never imagined myself to end up in the field of Cyber. As a fresh graduate, I was eager to explore any opportunity that came my way. I applied for a consultant position to be part of a team dedicated to business continuity management.

A year and a half in, I found myself very comfortable in this field but not entirely satisfied as I continuously sought out challenges. Observing other teams, specifically the cyber team, I grew curious as to what projects they were assigned to and what type of work they were delivering. I mustered up the courage to approach the cyber team’s manager and asked if I could shadow one of his projects. He agreed, and soon after I found myself attending a meeting and realizing how clueless I was about what is being discussed. This did not discourage me at all, on the contrary, I now wanted to be part of the cyber team and found myself dedicating a lot of time self-studying and reading materials to help me with taking that first step in joining the cyber team.

During that time, I realized that cyber was broad and not restricted to a certain group of individuals. You don’t need a degree in digital forensics or computer science, you simply need an interest in that field with the right tools and direction to get you started. Two and half years later, I am working in a field that challenges and excites me and I continue to do my part in pursuing certifications and proactively studying. The field of cyber is broad and ever-growing and there will always be something new to learn and a place for anyone to take part.