Seven things I’ve learnt in my first year as a cyber security consultant

2018-09-07  Cyber Security

A colleague recently asked me for my advice for new cyber security consultants joining our company, which got me thinking about what I’ve learnt over my first year in the industry. Here are my seven top tips for those just entering the world of security consulting.

1. Get involved with different teams and projects

Probably the best thing about being a cyber security consultant is that there is always a huge range of projects going on within your company at any given moment. Your nine-to-five (or -seven) isn’t as predicable as it is for those in “normal” jobs. Take advantage of the variety and try new opportunities as they present themselves – you might find a new facet of cyber security that suits you perfectly that you never expected would become your favourite.

2. Communication is as important as technical knowledge

As I wrote a while ago, cyber security courses teach you a lot about computers and networks, but there’s a lot more to getting things done in an actual business. There are processes to learn and company-specific obstacles to overcome, and to get anything done at all you need to learn how to explain your technical ideas and what they mean to your client’s business – whether that’s verbally, in an email, or as a presentation – if you want to get anywhere.

3. Pay attention to the details

Detail is everything in consultancy, whether it’s in the wording of an email to your client, the code in the script that you’re writing, or the layout of a slide you’re working on for a presentation. There’s no way you can know everything immediately, but pay attention to what others are doing, take on the feedback you receive, and always make sure you give your work an extra read through before sending it on to anyone else.

4. You can’t say yes to everything

Before entering the cyber security industry I worked as a journalist. I had one job, one boss, and one overall objective – to write great content that would get people to visit our website. When you work for a consultancy things are completely different, and you may have multiple clients, managers, and internal projects at once. You can’t do everything and you’re the only one with a view of your entire workload, so if you’re already at capacity and someone tries to add something else to your to-do list, it’s important to know how to say no.

5. Don’t be afraid to ask your colleagues

Although you should be making an effort to learn (more on that in a moment), cyber security is a huge sector and it’s impossible to know everything. If you’re faced with a task you’ve never done before or a question you don’t know the answer to, checking with knowledgeable colleagues is always a good option. After all, while your own contribution is important, your clients are also paying for the support network of experts behind you at your company.

6. Make the most of travelling time

The nature of the work means that many consultants spend much of their time on the road, whether that means staying overnight in hotels or a long daily commute to a client office. All this time can be put to good use if you put some cyber security ebooks on your phone or tablet. You’ll be surprised how much you can read each week this way, and it always feels great when some knowledge from your reading is useful for a project at work.

7. Don’t get too bogged down in admin

Some important admin is unavoidable as a cyber security consultant – expenses, timesheets, and compulsory internal training all need to be dealt with regularly – but if you let them then your administrative and project management duties could easily take over your professional life. Do what you need to, but remember what your goal is and why you’re interested in the industry – I, for example, try to make sure I do or learn something technical each day. After all, the key to enjoying what you do is to keep doing what you love.

Photo from Pexels

Looking for the comments? My website doesn't have a comments section because it would take a fair amount of effort to maintain and wouldn't usually present much value to readers. However, if you have thoughts to share I'd love to hear from you - feel free to send me a tweet or an email.