From Lecture Halls to Client Calls: Getting Started in Cyber Consulting
Academia to Consulting
Transitioning from the academic world to a consulting role in cyber security was a leap into the unknown. Fresh out of university, with no prior experience in the working world, I embarked on a challenging yet exciting journey. I’d like to share my path from lecture halls to client calls, and how I navigated the shift from academia to a consulting role in cyber risk.
Before I delve any further, I should give you a brief summary of my academic background. In university I studied Computer Forensics and Security at Leeds Beckett University which gave me practical insights into forensics of computers, drones and other technologies. In addition to this, the security element focused on developing my skills in building and securing devices. This was heavily practical-based and I was able to work with industry tools to create secure systems, reverse engineer malware and much more. (Though many of the people I work with come from a variety of backgrounds!) There were also some elements of writing essays and sitting exams which equipped me with the necessary skills to transition into consulting.
Why Cyber Security?
This might sound like a very common statement made by most professionals in our industry, but since a young age my interest has always been in technology. I recall having a boxy Dell monitor and desktop in my living room, and everyday I would excitedly come back from school to play around with it. During my early years of nursery, the first thing I used to run to was the computers, and during the later years of primary school, I was the ‘demonstrator’ for all our IT lessons.
Although I don’t recall the change from dial up to broadband, over the past twenty years technology has advanced rapidly requiring IT professionals to constantly adapt to new infrastructure. It was seeing this that really opened my eyes to a career in ‘IT’. In recent years, I noticed how the ‘traditional’ crimes of bank robbery etc, were reducing, and how cyber attacks were increasing. Therefore, a career in cyber security would allow me to pursue my passion and use my knowledge/skills to make the world a better (and safer) place.
Why Consulting?
Upon completing my masters degree, I had the opportunity to create and present basic cyber training/awareness presentations in Canada and America. Although this only covered basic cyber security, it was beneficial to hear positive feedback from attendees and project managers. My reflection on this journey allowed me to realise that helping/educating individuals was where my passion lies, and consulting in cyber security would allow me to pursue this. The opportunity to work with different clients across multiple industries would allow me to learn a lot within a short space of time, but also give me the satisfaction that I’m actively solving problems for clients and helping the wider community.
Initial Thoughts
Whilst moving from a practical-heavy background into a consulting role was slightly difficult at first, I felt that my practical knowledge was helping me to improve in this role. When speaking with clients, I was able to consider the implementation costs and time required for a solution prior to advising the implementation of controls. This therefore allowed clients to maximise their time and reduce costs in order to lower their risk.
The exposure I am getting to industries in a consulting role is truly amazing. For someone who’s just completed a degree, having the exposure to numerous clients across different industries was eye-opening. One of the first projects I worked on was related to a Critical National Infrastructure organisation. This is where I saw the potential direct impact cyber attacks could have on these organisations and their customers – all of us! Alongside this, other projects I worked on allowed me to pick up on common cyber insights across an entire portfolio of companies across multiple industries.
You might think problem solving sounds quite simple, but this is a crucial part of any consulting role and requires a unique skill to master. While hands-on at university, when I faced a dilemma it was vital that I stopped and took a step back to fully understand what was going on and find a solution. Similarly when working in consulting, it’s important to problem-solve in order to reduce the client’s cyber risk while considering implementation costs, time and client specific knowledge.
Juggling multiple projects and tasks at one time is one of the many joys of consulting. However, producing high quality work across multiple projects at once requires time management. Luckily for most academics, this is something which is required in order to gain a degree! Due to there being multiple modules carried out at the same time, time management is key. This involved planning around deadlines to ensure the workload is distributed appripriately and can be completed within the given time without having an impact on other modules. This was something which became very useful when joining Cydea as there are times when you are given multiple tasks and are required to manage your time effectively to ensure all work is completed.
Essays to Reports
The shift in style from writing essays to reports was something I did not expect, and I’m presuming I wasn’t the only one. I quickly realised that there are many differences between writing an essay in academia to writing professional reports.
One of the key things I noticed when writing a report was the structure is completely different to writing an essay. Typical essays are structured using an introduction, literature review, analysis and conclusion. Whereas, when writing a report, the structure is usually flexible but covers an executive summary, findings followed by recommendations. This shows that during university you’re trained to walk the reader through your research/topic, which then leads to a conclusion. Whereas when writing reports, usually you’re expected to start with your broad findings (executive summary) followed by your findings in detail.
Initially, this was something I wasn’t fully prepared for, however I soon realised the structure in reports makes a lot more sense from a business perspective. Reports are meant to be concise and focus on delivering actionable insights. A report shouldn’t require the client to sift through pages and pages in order to find the meaning of the report. It shouldn’t also be so short that the client is left confused as to what and why recommendations were made. Finding the balance between the both is vital to ensure the appropriate information can be easily found.
Client calls
More than half of my time at university was during the dark era of COVID-19, which meant there was a rapid change from in person teaching to online. For a theoretical course, this would’ve been an easy change, however for a course which has been running for over 15 years and is heavily practical based, this was a huge challenge for staff and students. However, a great skill which was acquired during this change, was being able to master the art of video conference calls which proved to be quite beneficial for remote working. However, being able to interact with clients, no matter their technical knowledge or role can be quite difficult. There are multiple adjustments which need to be made which include the communication style and the approach. In client calls I noticed that there may be times where complex ideas need to be communicated in an effective manner which can be understood without losing the crucial meaning. In addition to this, client calls focus on gaining a greater understanding of the clients requirements and practically breaking this down in order to find a solution. As with everything, this can be challenging at first, however with a bit of practice it becomes easier.
Still considering the move into consultancy?
As someone who’s been in a consultancy role for nine months shortly after finishing university, I would recommend anyone considering this path to make the move into consultancy. Once an individual solidifies their foundational knowledge in their area of expertise, transitioning into consultancy offers opportunities for growth, diverse experiences and the chance to make a tangible impact on various clients and industries. It may seem daunting at first as you may feel you lack specific knowledge, but most companies (such as Cydea) offer bespoke training to suit your needs alongside having a supportive team to help you further your knowledge and succeed. This ensures you have the resources and guidance necessary to thrive in your new role.
We are always on the look out for the next generation of cyber security and consulting talent. Please check out our Careers pages for more information on roles we have available and what it’s like at Cydea and follow us on LinkedIn or our other social media profiles for the latest.
Photo by Social Cut from Unsplash