I am the Executive Director for Cybersecurity Consulting and Assurance with Synergy, a consulting firm located in Canberra. Primarily Synergy provides services to the Federal Government, with some exposure to critical infrastructure operators.

What does a typical workday look like for you?

As with all cybersecurity professionals, my day can be incredibly varied. On the day that I replied to this survey, I performed:

• Review of a suite of security documents prepared for a Federal Government information management system, central to social support services relied on by millions of Australian citizens each day.
• Risk assessment of nation-critical infrastructure operations, to determine which threats should be considered during system security design.
• Guidance workshop with Federal Government Dept on the Optus data breach, and discussion of lessons that can be learned from a whole-of-Enterprise perspective.
• Completion of a solution design for an Incident Response Management process, defining strategic objectives, technical security inputs, and key responsibilities.

What education or training did you complete?

Surprisingly, I had no formal qualifications on my commencement as a cyber security professional – but this hasn’t stopped me from learning on the job, and from gaining key accreditations! I have gained or participated in:

• SANS Institute – two proficiency certifications.
• ISO27001 lead auditor certification.
• ISC2 – my CISSP study is underway, and I expect to this complete soon.
• Assorted workshops on machine forensics, risk analysis, and incident response.
• Online courses in data governance and offensive security (penetration testing).

What do you love about working in Cyber Security?

I genuinely enjoy my job; the gains individuals receive from working in cyber security are significant and sustained. Things I love include:

• Every day presents a new opportunity for learning on technical security, security program management or technology capabilities.
• New challenges continually emerge, both tactical and strategic, meaning work consistently feels fresh – and I always get to try new things.
• Working with consistently talented peers means I am exposed to perspectives, passions and interests that are not my own. This is both inspiring and educational, and you rarely work with someone that is just “marking time” – you work with people who have a genuine desire to perform well in what they do.
• There is a vast range of areas in which to explore my proficiencies – depending on what I want to do, and what my needs are at time, there is lots of opportunity to shift career focus. I’m not restricted by my job.
• The cyber community is supportive and active, much more so than other professional communities that I have historically been a part of.
• This is a field in which all the mountains have not been climbed – you have a legitimate chance of being the next innovator, presenting the next big solution or solving the current big problem. Several people I have worked with now run their own companies delivering new solutions and solving problems that were around for years.
• Flexibility! You can work in lots of different places, for different companies, for different industries. Some of my colleagues work internationally, others regionally, some purely from home.

What advice would you give to new students just starting out?

• Follow your passions. This is a field with lots of potential for personal growth.
• Be prepared to be a life-long learner. You need to stay current.
• Degrees and accreditations give you legitimacy – while real life experience can replace formal education, gaining a few certifications on your journey will help you be recognised as a professional.
• Remember to learn from others – whilst you may become an expert, you’ll be working with people with extensive and applied experience. Be open to the fact that you may not be the best at a particular security domain.
• Consider at least trying non-traditional pathways like GRC and audit. These are the business streams that ensure your work meets core standards, and appreciating what they are will make you a more rounded professional.
• Network well. You can’t learn everything, be everywhere – so meet people whose strengths counterbalance your own.