I am often asked; how do you build a career in cyber security? I’d like to believe it’s because the way I’ve described it has made it a super cool, growing and fascinating career to have. Or maybe everyone likes to think that they’ll get to come to work in a hoodie every day and sit real close to their keyboards and break into stuff. And while that will never be the reality, either way, the cyber security community needs more resources!By Nathan Morelli, Naval Group Australia
In advising someone on how to build a career in cyber security, I often recount my approach and some of those around me too. Personally, I graduated from a Master’s in Business Information Systems from UniSA, and in my final year, managed to remember to put in an application for a KPMG Graduate Role (on the night it was due) and snag a role in their IT Risk and Assurance team. Not quite ‘cyber’ but it was a start. From there, I managed to learn all about IT audits as part of an overall financial statement audit. Still, learning the approaches, the reporting, the attention to detail enabled me to understand that there were processes that drove the need to be more secure.
While in that role, I was lucky enough to be mentored by Alex Nehmy, who was leading the KPMG Penetration Testing team nationally from Adelaide at the time. Once I read ‘Hacking Exposed’ twice, passed three quizzes and could show intent to work hard, Alex gave me my first true cyber role. And that’s the beginning of my career in cyber security. From there, I worked hard, travelled and saw more sunrises that I can remember completing out of hours testing on client systems. It was a fantastic start to my career.
Almost 15 Years later, I’m now at Naval Group Australia – the international design and build partner for Australia’s $50 billion Future Submarine Program. As Cyber Security Specialist I am responsible for ensuring that Future Submarines meet the cyber worthiness criteria of the Royal Australian Navy – quite an evolution from IT auditing.
Not everyone snags a graduate role straight out of university, or has a want to work in a consulting firm. Some of the other great cyber security resources I have worked with have taken many different paths. Many have worked their way through IT teams from the Service Desk, learning customer services skills, incident handling and the impact of system outages that have enabled them to become some of the best security operation centre managers in the country.
Many have started in the network or server team of an organization and have used their position to learn about operational security and moved their way into cyber security roles after many years of managing implementations or upgrades over weekends when the rest of the workforce is offline.
Others have begun in application development, building applications, working with cyber security testers to make them more secure, and then becoming some of the best application security developers in large financial institutions.
Building a career in cyber security doesn’t start the same for everyone; there is no defined career path, no single certification that becomes your entry to the wonderful world of hackers and hoodies. The best resources have persistence, a willingness to learn, a natural curiosity to challenge the norm and the ability to communicate and understand that humans make mistakes. All of these skills won’t come from your first role, and that first role most likely won’t be a cyber-graduate position. They’ll come from the roles that you may have to work through in the lead up to moving into a cyber-security role and the mentors you choose to have around you on that journey.