Cybersecurity consultants identify problems, evaluate security issues, assess risk, and implement solutions to defend against threats to companies’ networks and computer systems. They deal with many variables when evaluating security systems and craft layers of protection in a fast-changing IT landscape.
Additionally, they may provide training to staff and stakeholders on best practices for cybersecurity. A cybersecurity consultant plays a crucial role in protecting organisations from cyber threats. They are responsible for setting up cyber governance, risk and controls for business and technology solutions.
To become a cybersecurity consultant, you will need a degree in computer science, information technology, or a related field followed (ideally) by postgraduate studies or a short course in cybersecurity. Next, you will need the relevant professional certifications, such as CompTIA Security+, CISSP, CISM or CEH. Knowledge of cybersecurity laws and regulations is another requirement. Building up several years of experience in cybersecurity - including consulting and risk assessment experience - will help you advance your career and increase your income.
Computer Applications Technology
University of Pretoria - School of Information Technology
BSc Computer Science
BSc Computer Science
BSc Computer Science
IIE Bachelor of Computer and Information Sciences in Application Development
Why did you choose this profession?
As a child, I took to my parents’ computer with my full curiosity, playing games. When I grew older, I started wondering about how they become “programmed” and how this programming works. Later, I realised there was a way to not only build programmes but break them and make them do things they are not supposed to! At university I began to explore the flaws and strengths in algorithms even more deeply and started training myself in cybersecurity.
What training did you undergo?
I studied computer science, but for security and computer hacking in general there is no specific background required. There are many people working at places like Google, Twitter and Microsoft who didn’t study computer science or any other deep scientific field.
Describe a typical day
Clients and research decide how my days go. I could be flying to another country for a security test, security conference talk or to do. When I’m not travelling, I’m either meeting with clients to discuss results of tests and make sure they understand how to fix and prevent the flaws we discover, or testing and doing research on how to uncover new vulnerabilities and better ways to detect and prevent old ones.
What do you enjoy most about your work?
Working as a security consultant gives me access to some of the deepest realities of how software works and, more interestingly, how computers become accessible and how they affect people’s lives. I also get to test software inside a variety of interesting businesses.
What don’t you like?
Working with people who are not equally as passionate about software and understanding it.
What’s been the highlight?
I would be tempted to say when I discovered a bug in some software, and it was really dangerous. But honestly, the best moments have been discussing my deepest theories on the future of software and computation with other hackers and thinkers.
What are your future goals?
I’d like to get a degree in philosophy, maybe an art degree as well. Perhaps one day publish some papers in a computer science journal, write my own operating system and contribute to the Linux kernel!
Experience vs formal training?
There’s no such thing as formal training for hacking. If you are training to become a hacker, all of the training is practical, even the theory.
Is there a type of personality best suited to this work?
The more personalities involved in security, the better we can understand and communicate with the personalities that depend on our work. I think that good information security work requires nothing of the people who do it except patience, passion and curiosity.
What advice would you give to someone starting out?
Your curiosity is your greatest asset in this field: be as vulnerable to your own curiosity as you can. Analyse and investigate everything. Think about your curiosity as a muscle and exercise it as hard as you can. Also, remember that everything succumbs to the principles of language in computers – they are both profoundly empowered and deeply flawed because of it.
Your job in three words
Be very curious!
Interview date: May 2018