Brett Smith MSc PGCE sat down with Comfortably Dumb to talk about his impending move into the cybersecurity sector - and how his journey has been going so far. His story proves that you do not necessarily need the "perfect storm" of circumstances, to make a jump into this industry. He's a great guy with a lot of interesting things to say, and I highly recommend getting in touch with him. His LinkedIn profile can be found here.
What were you doing before you decided to go into cybersecurity?
"It has been a long-term commitment to achieve the academic qualifications that could provide theoretical principles and knowledge in the broad, diverse, and sometimes overwhelming area of computing – this learning process began with a BSc in Sound Technology - and as the saying goes ‘the best way to learn is to teach’.
Thus, this led me to acquire PGCE teaching qualifications for both Secondary and Further Education (FE) in Computing. The academic attainment has been coupled with practical teaching and lecturing in Secondary Schools and FE Colleges in both England and Wales.
Recently, I graduated with an MSc in Computer Forensics and have been spending my personal time building on the skills required for a role in cybersecurity – the justification, to have wider visibility and comprehension of attackers and defenders in these inter-related fields."
For you specifically, dive into some of the cool jobs and projects you got involved in.
"I have been fortunate to have exciting and open-ended projects as a technical specialist in a global steel company. The senior management in my department value innovation and encourage individuals to have the autonomy to provide solutions for high impact projects.
One particular project required creating a ‘Re-application tool’ for the resale of rejected coils.
This was an ideal project for a person new to the steel industry, with little to no knowledge of steel production. The tool extracts data from legacy data sources – from data points that were isolated and unused. The project consisted of building a new application with the use of WebFOCUS, SQL, DBMS, and C# programming – some of which were learnt ‘on the job’ and expected outcomes grew, as projects often do. The application is now being used on a daily basis and is contributing to a significant reduction in lost revenue.
The recently completed MSc in Computer Forensics consisted of undertaking a thesis and I saw a great opportunity to merge the computer forensics specialism with my background in Sound Technology – thus, I conducted research in the area of Voice Biometrics with a thesis titled ‘Voice Biometrics is a Robust Method for User Authentication‘.
This research focused on Automatic Speaker Verification (ASV) systems, with the aim to test voice biometrics for its reliability for single-factor authentication. The two ASV systems used within the study included: Microsoft Project Oxford and VOCALISE.
The research used original voice utterances to test text-dependent ASV systems against known threats – these threats included: Audio Splicing, Synthesised Speech and Replay Attacks. The results produced from the experiments exposed the vulnerabilities that exist and how to mitigate the false acceptance rates (FAR) that were prominent in the study.
Following the study, I was thrilled to be invited to test an ASV product of a well-known company within the field of telecommunications. This consisted of being granted the permission to carry out tests against their ASV system using the same methodology of the study."
Technical experience you had before you joined.
"As previously mentioned, I have a strong background in a diverse range of areas in computing. This includes the current awareness and up-to-date knowledge of technologies in specific areas – for example, I have technical skills in programming, database management, web development, networking, computing hardware and software, computer forensics, cybersecurity – all of which are attributed to having the opportunities to allow me teach these topics and perform practical tasks in industry-led roles."
Why did you decide on cyber specifically?
"Although I have a broad knowledge within computing, I acknowledged that I needed to evaluate which area(s) aligned with my personal interests, whilst simultaneously providing plenty of challenge to facilitate a prolonged interest – one of my greatest fears is ‘to plateau’.
I have high expectations to continually move-forward in the pursuit of knowledge and despite it being an over-whelming field with many facets - that is the greatest appeal of cybersecurity."
Courses, resources and the providers of them - if they were good, say so, if not, say so!
"The MSc Computer Forensics degree at the University of South Wales (USW), which is certified by the National Cyber Security Centre (NCSC) and GCHQ, provided a dense and worthwhile learning experience.
There were numerous aspects of the course that I considered critical for venturing into this domain – the course consisted of a balance between in-depth theoretical knowledge and practical assessments in the areas of Incident Management and Incident Response, Security Management, Network Security, Forensics Techniques and Data Recovery – which made use of wide range of industry standard software applications, such as Encase, FTK, Autopsy, SAN SIFT, Wireshark etc.
In addition to performing computer forensics with command-line tools, such as Linux ‘dd’, Volatility etc. The well-thought out practical assessments provided opportunities to conduct ‘real-world’ forensic investigations."
What was your job search/interview process like?
"I have always been very fortunate in this area – I tend to do well in interviews and have been successful in the last few interviews – this is partly accredited to my experiences as a confident teaching practitioner, but also, the attitude I have at interview.
I see it as an opportunity not only for the interviewer to make judgements of whether I am suited for a specified role – but also, do I think the company is right for me?
This allows me to take a form of control at interview. My philosophy is – if it does not feel right, then it probably is not right!
In the next few weeks, I will officially be working within the cybersecurity domain, in a lead role for a threat management company."
Any setbacks/low points?
"I recall a few years back not being able to articulate a starting point and spending far too long on particular areas with little to no direction. This consisted of reading relevant technical books, watching some online videos, but without a sense of set aims or learning outcomes.
I felt the learning was too sporadic or not structured enough. In retrospect, I should have reached out to the community sooner, as there are some amazingly friendly individuals that I have encountered over the last 18 months.
They are keen to share what they know and provide valuable insights into how to get into this field. So my advice would be – ask!
It is sometimes the hardest thing to do. But, as you probably already know, you need to narrow the scope to be able to set goals that are realistic and timely. Yes – we all have this urgency to want to learn it all NOW! But, learning takes time and by asking the right people, talking on the right forums, that time can be spent in a meaningful way towards what it is you want to achieve and what career path you would like to pursue!
Matthew Twells covers this in his book ‘Cybersecurity Field Manual’ and by having a specified role in mind, this narrows that learning gap tremendously."
Editor's Note: Legitimately, did not ask him to say that, haha!
What is your job actually like? Good AND bad points.
"My current role as a technical specialist has been fantastic for being able to develop certain skills that are deemed desirable/essential in the realms of cybersecurity, which include competency in programming languages, such as Python, C#, database knowledge etc.
The role itself is very complex and the diversity of projects provides on-going challenges; however, the exposure to computer forensics and cybersecurity has been enough to compel me to leave my current role."
What's your end goal for your career?
"I do not plan too far ahead, as I like the prospects of the unknown and the different pathways and opportunities that can arise.
Although, if I had to picture a goal in a general sense – it would probably consist of being in a senior management role or to be an independent consultant for my own private company. At present, I am more than happy to accept that acquiring specialist knowledge and experience takes patience and time."
What are you working on right now?
"At present, I have a few projects that I am eager to explore – one consists of the amalgamation of original music that I have composed with the band ‘Heroine Lullaby’. As a singer/songwriter and keen writer, I would like to publish a book where each chapter of a book links to a particular song that I have written.
In terms of professional goals, I aim to complete CompTIA Security+, CySA+ and the OSCP certifications within the next 18 months."
Brett will hopefully be writing more often for Comfortably Dumb in the future - looking forward to seeing what he puts out in the next few months!
He's a fascinating guy with a lot of interesting things to say, and I highly recommend getting in touch with him. His LinkedIn profile can be found here.
Commentaires