Insights into the cyber-security industry from some of Hivint’s junior bees
While tertiary institutions around Australia are striving to produce an increasing number of students equipped with cyber security expertise, the industry is often referred to as being in the midst of a ‘skills shortage’.
Meanwhile, Hivint has been in a period of substantial growth, with the team quite literally doubling in size from January to December of 2016. As part of that growth, we’ve brought on a number of graduates and industry newcomers with a variety of backgrounds and skill sets, who have quickly become an integral and valued part of our team.
With cyber security increasingly being seen as a desirable pathway for many of the brightest and best students in Australia (and around the world), we thought it would be apt to get an insight from our new recruits about what it took for them to be successful in joining Australia’s fastest growing cyber security consulting firm, the challenges they have faced, and advice they have for other people aspiring to pursue a career in cyber security.
Justin Kuyken — GRC Advisor
After 12 years cleaning swimming pools, I went back to university part time to study computer science at LaTrobe University — something I had an interest in since my school days. 6 years later in my final year, a network security subject piqued my interest, and after graduating I started absorbing as much information as I could find on this new-found passion.
After another year of reading all the books and using all the tools I could find to expand my knowledge in the area, I still hadn’t had any luck with my efforts to get a start in the industry. Finally, the persistence paid off when I heard back from Hivint, who spoke to me about joining their team as a graduate-level Governance, Risk and Compliance (GRC) advisor.
While this was not what I originally had in mind, after some research, the role appeared to be an even better way into the industry as a beginner and to get a better understanding of how the security world really works.
During the recruitment process, the Hivint team was impressed by the dedication and commitment I had displayed in my own knowledge development, having shown a clear passion for developing my own knowledge about any and everything security-related. They decided to bring me on board, and I have not looked back. I have loved my time as part of the company, despite not being the ‘1337’ hacker I originally thought I would be when I started out on this whole path!
In summary, my advice to other aspiring graduates looking for a start is to show initiative to prospective employers — find a way to demonstrate that you are passionate about joining the industry and about continual improvement (e.g. through independent studies and learning), as these are valuable skills even on the job. In addition, be persistent about looking for opportunities — it may take some time, but the payoff for me by getting a foot in the door at Hivint has been well worth it.
Lumina Remick — GRC Advisor
After completing a Masters in Project Management at Bond University, my original plan was to return to working with circuits and microprocessors given my original background in Electronic and Communications Engineering. Little did I know an interesting career change was waiting for me.
In the final semester of my studies, I interned for an asset management company. My job primarily focused on implementing and tailoring their risk management policy and procedures to suit their business needs. However, I also had the opportunity to work on their IT security policies. This experience — together with my interest for risk management — piqued my interest for a career in cyber security.
Coincidentally, the company I worked for was Hivint’s client, so I had a sneak peak of Hivint’s work even before I became a part of the Hive. I believed the right place to further my new-found interest was at Hivint, so I religiously started following them on social-media platforms looking for a way in.
When they advertised for a graduate GRC advisor role. I jumped at the opportunity, and there has been no turning back.
As a beginner, this role has been an amazing way into the industry and a great learning experience. I’m constantly learning new things and have come to realise there is no such thing as ‘knowing it all’ in security. I must admit that Google has quite often been my best friend through the whole experience.
Working with some of the best people in the industry has inspired and made me love my time at Hivint.
My advice to any aspiring graduates is to do your research on who are the companies in the industry hiring, and then make sure you know as much as you can about them and keep a regular eye out to see if they are looking to fill new roles. The fact you have done your research and shown an interest in them will stand you in good stead should you land an interview!
Sam Reid — Technical Security Specialist
I took the common route through university, completing a Bachelor of Science in Cyber Security at Edith Cowan University. The first thing I’ll say is that working in the industry is more about client relationships and working with clients (particularly to help them understand their security risks and which ones are appropriate to accept, and which ones are not) than I originally thought. Those boring risk and standards units at uni turned out to be important when assisting clients manage their exposure!
Penetration testing is the real deal and it’s seriously cool. The exposure and range of things you get to test and ‘break’ to help clients identify security holes will live up to your expectations — guaranteed.
My advice to aspiring grads — with the constant stream of new information, trends and events in this industry — from new vulnerability disclosures, ongoing data breaches, growth in IoT devices, and DDoS attacks, it’s easy to be left behind when you’re starting out. Try to keep your passion up by doing security-related things you enjoy in your own time when you can. Capture the Flag (CTF) events, security research, bug bounties, secure software development not only keep you interested — they keep you interesting! A challenging CTF you recently completed could make a great story to tell during an interview.
As a case in point, I was hired as a junior security analyst straight from university and while I hadn’t heard of Hivint (they were only 12 people back then), the regional director had heard of me having attended a presentation I did on identity theft at a local security meetup. In my opinion, engaging with the community and making yourself known in the field (for the right reasons!) can really kick-start your career and put you ahead of the other graduate job seekers.
Oh, and lastly, be mindful of how you refer to your occupation as a ‘penetration tester’. My Mum proudly told the extended family that I was a “computer penetrator” last Christmas. No Mum. Please don’t ever say that again.
John Gerardos — GRC Advisor
I always knew I’d enroll into a Computer Science degree and work in technology. I originally worked primarily in support/systems administration and network engineering. My last few years as a network engineer had me either living in datacenters or designing and installing wireless access across large campuses in preparation for the explosion of BYOD (bring your own device) policies.
It very quickly became apparent that securing networks from the risks inherit in BYOD as well as the emerging Internet of Things was going to be a very interesting and expanding area. After working closely with the security team on several projects, I decided that is where I wanted to move my career.
So back to university I went! Along with my usual studies at the Masters of Applied Science (Information Security and Assurance) at RMIT, I learned about Ruxmon, a free security meetup that was run once a month on-campus. I immersed myself in the “Security Scene”, began attending Ruxmon, assisting with the organisation of the meetup as well as stepping up to lead the Information Security Student Group at RMIT University. I made it my goal to attend as many security meetups as possible and learn from the experts, which I found very rewarding and something that also helped cover and re-enforce some of the material learnt in my studies.
My university often ran industry networking events and I happened to bump into a couple of Hivint people at one I spoke at. I had not heard of Hivint at the time but it very quickly became apparent that it would be a cool place to work — so I kept it in mind and was excited when I saw them advertise for a graduate role.
The past 6 months on the Hivint team have been amazing! While I already had industry experience, this was my first consulting role and I had to very quickly learn how to manage my time across clients and get up to speed with the IT infrastructure of each client that I was working at. I also quickly found out that it’s not just the technical skills that are important — you need to be a great communicator and take the time to understand each individual client’s business so that you can tailor a solution for them.
My advice to students looking to enter the industry is to network with others and immerse yourself in the field. We are lucky that there are so many high quality free security meetups around the place — make the time to attend the ones that look interesting to you and have a chat to the people there. Follow up by doing your own research on anything that sounded interesting during the meetup, as well as joining in on relevant CTF events. Security people are happy to share the knowledge around and the best way for a student to learn outside of university is to be active in the community, attend relevant meetups and engage with the experts.