Cyber attacks are on the rise and the methods used by hackers are constantly diversifying. Businesses across industry have a duty to protect the sensitive data in their possession, yet in many cases are facing a cyber skills gap leaving them short of the specialists they need. In many cases individuals looking for a career in cyber security simply don’t know where to start. IRM’s Technical Consultant, Tambie Gumbo gives an insight into his experience within the Cyber Security industry and the steps that led him to the world of ethical hacking.
Where did it all begin for you?
I graduated in 2011 with a business information systems degree. The reason for doing this degree rather than an outright computing degree was that it focused mainly on the movement of information from one system to another, the ethics surrounding information gathering and distribution, and lastly how this data can be compromised if systems aren’t set up properly, or so I thought. However, fast forward 3 years after my degree finished and I’m still looking for my first IT related job mainly because of lack of experience. I therefore decided that I needed a way to get into the industry.
How did you get a foot into the industry?
Cheltenham General Hospital offered me a position as a Reporting analyst, within 6 months I was promoted twice to an IT systems analyst and 6 months later I was promoted to a data warehouse developer, assisting in managing the ETL processes for the whole organisation. However I felt I couldn’t improve my technical skills due to the lack of variation in the work and the job felt increasingly restrictive.
In order to improve my skills I joined IRM and the software development team as an SQL Reporting Analyst. Despite the lack of experience in the private sector, I was keen to find new ways of working and pushing my abilities further. I knew IRM as a cyber security company and knew it would be a great opportunity to join a growing company working in the booming side of the industry.
How did you make the move from software into cyber security?
The decision to change from software developer to technical consultant happened quite early on. In my new role I was already doing more than I had previously but naturally I am a person who enjoys learning about computers and wanted to learn as much as I can about how everything works. I was always in communication with the Technical Consultants asking them about different aspects of their work and trying to ingratiate myself with them on a social level.
How do you measure your success?
As a Technical Consultant there are exams I can take including CSTM, CEH, OSCP etc. that cover most aspects of computing in general and require knowledge in web development, networking and infrastructure security. The opportunity to develop my skills, test myself, and improve was the key driver behind my move from software.
What does your role involve day to day?
On a day to day basis my role involves catching up with my line manager and setting tasks for the day. Every day is different, one day testing a web application, the next a networking infrastructure, making the role both varied and fulfilling. I regularly have to recall knowledge from my previous roles to achieve a task or use some of my web development skills, but my ability to adjust to different ways of working has helped me take on this role. In my time as a Technical Consultant I’ve found the role rewarding due to the chance to learn various technologies and certifications.
Are there specific areas of cyber security you’re interested?
Whilst having a focus does give you some perspective as to where you want to be in your career, web and networking technologies are always changing, therefore I don’t want to limit myself to one aspect of pen testing. My main area of focus was getting my accreditation for CSTM and now OSCP qualifications and some server side programming languages. Since gaining CSTM accreditation I have a renewed focus and I’m looking to add to my knowledge by studying for OCSP, leading me onto CSTL accreditation. Programming skills aren’t necessary, however they are useful, and if the opportunities arise, it would be beneficial to practice these skills in order to gain an understanding of how software and applications are built.
What skills do you think are important to succeed in a career such as this?
The most important skills are communication and organisation. I need to be able to converse with the team at any level in a professional and social environment and manage my time to complete the tasks I’m given. You also need to be willing to do your own research and study away from work. That’s how you’ll improve.
Are you interested in a career in cyber? A range of IRM Academy courses can be found here.
Alternatively, if you have a question for a member of the team, you can reach us here.