The paths into cyber security consulting

Wednesday, 5 July, 2023

decorative image: staircases in a modern building overlapping

At Cydea, we’ve all taken different approaches to get into cyber security consulting. Cydea’s approach when recruiting has always focused on demonstrating your passion for positive security and your drive to help clients, it’s not about being the “finished article” or having followed what’s considered the ‘traditional’ path into cyber security. I knew I wanted to work within the area but my knowledge was much more around network technology, web development and software engineering than cyber security.

What was my experience before Cydea?

My university course provided limited knowledge within cyber security, however the jump from university into my professional life wasn’t too intimidating considering I undertook a placement at another company during my studies. What was more daunting was the switch – I was going from an operational security role to being on the other side of the fence… identifying issues in how clients manage their security and providing consultation.

Although my prior ‘year in industry’ gave me a reasonable technical background of cyber security, my exposure to a range of security products was somewhat limited. Sometimes with clients at Cydea I heard of software I was familiar with, but other times I was learning of new vendors that supplied a product with similar, or in some cases, different features.

Speaking to Cydea clients helped me to understand I wasn’t as far behind as I thought in my technical knowledge, but also to better identify the weaknesses in it.

“How many years of consulting experience do you currently have?”

If the answer is none, then it doesn’t mean that you’re not the right fit.

My limited experience was from a consulting module at university with external clients. This wasn’t something that was dwelled upon during my interviews at Cydea and through my interview we explored hypothetical consulting scenarios – focusing more on my approach to a problem, not the technicalities of my knowledge.

Taking the job, I was assured I would have time to develop myself professionally and work on my consulting skills.

What would my development look like?

Investment in personal and continuous professional development is something Cydea excels at. Within two months of joining, I spent four days on a training course. Only weeks later, I was applying what I had learned to a client’s project to help them in their process of achieving certification in ISO 27001.

Not only is Cydea a member of the Chartered Institute of Information Security (CIISec), but individually many of us are members at various membership levels. Through a CIISec development programme, I have developed my technical knowledge in different skill areas and am able to assess myself against their framework to understand how, or what I need to demonstrate, to continually improve.

My soft skills have also been developed through group training or individual coaching sessions. Individual sessions have enabled me to focus on areas where I know I can improve on and break down any obstacles I’m facing.

Not all paths are created equal

It’s fair to say that we all come from a variety of backgrounds, particularly as our team continues to grow. Jamie’s blog post on “Starting a career in the world of cyber security”, is proof of this.

The point is, it’s not just about skills and experience if you want to work here. Although having skills and a vast amount of experience is important, and may be useful in helping you settle in faster to your role, it doesn’t always mean that you have passion.

Both skills and experience can be developed in time, but passion is much harder to teach.

Photo by Victor Charlie on Unsplash