With a postman the newly crowned UK cyber security champion, there’s hope for other hobbyists to make it to the big time. We talked to Dan Summers about turning his hobby into a career.
How have you become a self-taught cyber expert?
By reading blogs written by experts in their respective fields, watching YouTube video demonstrations of techniques and reading any relevant books I could get my hands on. A good example would be reading this source on forensics and then following off-site links to other authorities. The Cyber Security Challenge really encourages hands-on use of the tools of the trade. Many of the finalists use Twitter to follow what's going on in cyber security.
What’s your ambition?
I want to move my skills up to a professional level so that I can make a contribution to the industry and the people it serves. I'm particularly interested in the security of home and small business users as they generally have the least access to protection and knowledge of security best practices. As the threats evolve I believe taking a pro-active approach to safeguarding our digital life is vital and I really want to be part of the solution.
How do you plan to develop your skills?
The SANS course will allow me to fill in the gaps in my knowledge by training with the best. Hopefully I’ll become Giac certified while CREST will test my practical vulnerability assessment and pen-testing skills. An Open University module will further strengthen my security research and reporting skills. I'm sure the BCS, IISP and ISSA memberships/affiliations will provide the opportunities I need to access mentoring, discuss the latest issues and develop my career in the right direction.
What tips do you have for other hobbyists wishing to progress?
I've always found that passion makes time; if you're anything like me you'll find you're reading about how the internals of the Windows Registry works, then realise it's 2:20am in the morning. Sure, you're tired the next day but no more than if you'd spent a night on the tiles!
What the sponsors and industry experts say
What aptitudes are the most important?
Some of the more obvious aptitudes would be problem solving, looking at security issues holistically and having a strong technical knowledge base. In order to be as effective in the role as possible you also have to be able to communicate the risks, issues and how to overcome them clearly and concisely to all levels of a business. It is good if someone has acumen of a business to understand the why people carry out cyber attacks. Putting oneself in the other person’s shoes allows a security professional to pre-empt attacks and try and mitigate the effects.
What did the cyber challenge reveal about UK talent today?
There is a wealth of untapped talent out there and not always in the areas that you would expect. Take the winner of the first Cyber Security Challenge – a postman, not a job that you would associate with cyber security. Other competitors who fared well were students and one of the candidates was an actor. The challenge is a realistic stepping stone to enter into an industry by proving yourself in a forum of your peers.
Bryan Lillie, head of the cyber security customer solutions centre, Cassidian
What sort of skills do you recruit for the cyber department?
A strong technical capability in some area, general technology competence and awareness and ability to discuss and influence the way IT is changing security. We need security professionals who have a range of skills including the technical skills but also the ability to apply these to the business context. Security professionals also need to stay ahead of the technology and threat trends. There is also a security mentality of spotting opportunities that attackers may take advantage of and then creatively problem solving ways to stop attacks.
What's more important, certification or real experience?
There is rarely a substitute for real experience. Certifications and competitions such as these play an important role in setting and raising standards. We at HP has been keen to encourage initiatives such as the IISP (Institute of Information Security Professionals) that help develop the profession and provide competence based certifications.
Simon Shiu, senior security researcher, HP Labs Bristol
How do you convert a cyber hobby into a career?
It’s actually simpler process than many people think. Cyber security has a reputation of being inaccessible for the average person. However with initiatives like the Challenge which show people what these jobs are like, and flexible learning available through institutions such as the Open University, people are starting to break down those barriers.
Are there career myths hobbyists should be beware?
Many of the students I came across, working in IT but wishing to move into cyber security, believe they need to commit to a full time four year course to make the jump across. In fact for the majority of them, their interest and enthusiasm for the subject means they already possess a lot of the technical skills.
The Open University
Search CWJobs for Security jobs and 1000s of IT vacancies