‘Information security isn’t just hacking in hoodies’

September 25, 2018

Information security seemed incredibly mysterious when I was young. TV shows and movies always highlighted how the hackers knew the inner workings of any technology they touched, inside and out. With a few key strokes or an algorithm, they could seemingly do anything. I think the intrigue of that led me into studying programming at University. The course was interesting, but I realised that it wasn’t what I had really been enticed by. But what to do instead?

While researching options I kept returning to information – or cyber – security. The prospect of re-starting university was unappealing, so I thought an apprenticeship might be a good way to break into the field. Even better, it would provide me with a qualification along with the years of experience working in a company. I did some research, sent out some applications, and eleven months ago I started working at Nominet as a cyber security apprentice.

Looking back on those early days at Nominet is surreal now; the differences between the expectations I had and the reality I found are immense. It’s been far more compelling and varied than I could have imagined, but there has been an awful lot to learn, not least getting used to working nine to five after my years as a student.

Before starting my apprenticeship, I was nervous about how I would balance the practical work and the ‘school’ work of the training. Thankfully, apprentices at Nominet get the time we need for our studies – we are trusted to take responsibility in managing the work we need to do.

The great thing about being at a company like Nominet is that interesting opportunities come up frequently. I was able to visit CyberUK this year, which provided incredible insights into how the industry operates. My fellow apprentice Chris had the chance to go to Black Hat, one of the industry’s top information security events. Experiences like this are invaluable when you’re learning.

In the past eleven months, I have discovered that cyber security is a far broader industry than I realised. It touches on all areas of life, yet we rarely pay enough attention to it – and some of it is really fascinating. For example, social engineering is a part of information security and involves concepts that are used in poker or the deductions of Sherlock Holmes. Moreover, the concept of using confidence and a clipboard to gain access anywhere is all about utilising social engineering.

There are also sub-sections such as cryptography or networking, and security professionals constantly use techniques from all over the tech sector in their work, such as programming and data science. Cyber security affects every process in our modern world and is so important that it’s a major consideration in any project from the very beginning. Who wouldn’t want to be employed in such a crucial field?

Good security requires teams with a diverse skill set and so the sector needs people from every background. From the more mathematical or people-orientated workers, to those with managerial skills or talent in report writing. You also need an awareness of policy issues and regulation, as these impact on cyber security practices too. Unfortunately, I don’t think that many students or teachers fully understand what cyber security is or the roles available, and so it rarely gets considered as a career option. At school we’re taught subjects like history, science and computing individually, but security spans over all these disciplines. Perhaps this is why it gets overlooked?

Today, individuals and organisations are recognising the importance of good cyber security, but it’s still severely under resourced. Many businesses experience breaches and attacks, and the number of available roles in cyber security have been increasing rapidly. What we need now is a call to arms; we have to train up our students and the current workforce to be aware of security so that we can fill these roles and to ensure all of us are more secure, day in day out.

I don’t yet know what area of information security I want to specialise in after my apprenticeship, but I will certainly stay in the sector. It’s great to have such a variety of options available, and plenty of different paths to take if I wish. The most important thing for me is that I now know cyber security isn’t all about hacking in hoodies, nor is it all about programming. Its diverse, invigorating and interesting – with tantalising potential salaries to boot! I’m finding it to be a brilliant profession.

Read more from another cyber security apprentice here.