Starting out
My journey into security started back in 2012. At the time I was working as a web developer within a large financial organisation. As part of the companies Payment Card Industry (PCI) compliance program, I along with the wider team were required to undertake developer security training. This was the catalyst that began my InfoSec journey.
This initially started out with me undertaking training in defending and hacking of web applications. This became a passion and I quickly found that I was the go to person for security across development. As a result, I started to get recognised within both my own and wider teams. This in turn led to considerable engagement with the Information Security team.
Within a relatively short period of time I went from having a role as a web developer to a team lead and application security specialist. This role involved me providing security training to the development team, documenting and helping to integrate security into the Software Development Lifecycle (SDLC) and taking ownership (and often coding) for the mitigation of penetration test findings.
On my one-year anniversary in the role the Information Security Officer in the company position became available. Having been actively encouraged by a number of my colleagues I decided to take the plunge and give it a go. So, in 2013 I took over management of an Information Security team and haven’t looked back. Since 2013 I’ve held 4 different roles leading me to my current role as Global Head of Information Security Governance that I moved into in 2019.
Starting your journey
Everybody’s journey is different and each person has varying experiences / skill sets that they can bring into the role. Traditionally the role was seen as IT Security focused with the majority of people coming from an IT operations role.The industry has gone through a sizeable shift with many of the new entrants coming from very different backgrounds. It’s also becoming a much more diverse area to work in but still has some way to go.Looking beyond the job specification
An example of which is a junior position asking for a candidate to have a CISSP or CISM full qualification. These typically require candidates to have a minimum of five years’ experience. That level of experience would be seen as at least a mid-level role and I’d expect them to be paying a substantially higher salary!
Don't be afraid to apply
It is a greater risk to turn up opportunities than to embrace them. Be willing to apply for roles where you don’t meet all of the job specification requirements or even if you’re not sure if you’re ready.Given the number of candidates going for every role you will get setbacks. These should just be seen as a bump in the road. The more roles you apply for the higher the chance you have of being successful.
Interview insights
I’ve spent a lot of time actively recruiting for roles within information security. I’ll give you a bit of insight into what I look out for within new recruits.Passion
People that have a passion for security. What do I mean:- Do you actively read any blogs, articles?
- Have you done any relevant training or qualifications?
- Are you a member of any communities / groups?
It’s not just about what you do in your 9 to 5. Those that are passionate about the role are more likely to go onto to great things.
Keenness to develop
The security landscape is changing at a rapid pace. You need to have a desire to challenge yourself and grow with the role.Willingness to adapt to change
The role is about facilitating change securely rather saying ‘No’. The demands and expectations within the role have changed a lot even in the time I’ve been doing it.Be honest
Don’t be afraid to say: ‘I don’t know’ or ‘I’m not sure’. I would much prefer people to be honest. If you say: ‘I’m not sure but I think it relates to’, you are much more likely to be well received. The security field is vast and its not feasible to know everything.I’ve had some individuals dig some big holes for themselves by not being honest.
Your journey
I hope this will provide you with a useful insight to start or even progress along your own personal journey. As you progress building experience and becoming qualified so will your potential earnings. Good luck and remember to enjoy yourself on the way.Let me know about your own personal journeys.
No comments:
Post a Comment