Bachelor Information Security Management at the Hague University of Applied Sciences
Starting with a Master ‘ICT in Business and the Public Sector’ at Leiden University in September 2017
Being a security engineer at Guardian360 is very diverse. We have colleagues with a strong technical background, people that are focussed on the social side of security and everything in between. Really every security engineer is different. Personally I focus on both the technical and social side of information security. I like to work with a combination of both. I try to really incorporate both aspects as much as possible in the security solutions I develop. For example for our phishing as a service. With phishing as a service our technical solution provides human awareness. When clients come to us we sit down with them to find out exactly what goals they want to achieve and why. Based on what their goals are we explore what technical solution we can come up with in a positive way. At Guardian360 we don’t like the FUD approach (FUD is: Fear, Uncertainty and Doubt). I do the intakes with clients to find out what they need and am involved with the development of the technical solution. It’s really that combination that does it for me. Not just being busy with programming and developing but also sitting down with clients, have a coffee while they tell me what they’re looking for and how we can help each other.
We have, I mean, Guardian360 offers the product Network Security Audits, essentially a compliance module. What our module (in combination with our networks and software vulnerability scanners) does is detect and collect technical vulnerabilities on systems and networks. Sometimes the data this produces is hard to grasp. Our module translates these vulnerability reports to relevant standards, like ISO27001 for example. I have been involved with the development of this module from the start. Another thing I do is maintaining contact with clients and offer support when they need it. I advise them on vulnerabilities and what the implications can be for their product. At first the module was operated manually but we managed to automate the whole process. I think we’re the first in The Netherlands to have that, which is of course pretty cool if you ask me. I got involved in this process through an assignment at school. With two other students we worked on the project and quickly found out that the way they wanted to do it originally wouldn’t work properly. So we reported our findings and they said, ”ok, well if you think you can do it better than just do it.” We got to work and managed to figure out a better way pretty quick. When they noticed what we were doing we were all offered a job at the company.
It’s what I mentioned before, that combination between the technical and social aspects of information security that make this job so attractive to me. Not having to pick whether I want to be working just on technique or just on social but really combining those two is what makes it so much fun. Aside from that, security attracts me because you really have to think out of the box to come up with solutions. I really like that! It’s basically just messing around, trying things in different ways. If you’re supposed to get into something in a certain way, I like to try to get in another way too. This can be on the technical side with system hacking, or the social side like social engineering. That’s how I ended up doing what I do now.
One of my personal highlights was going to china for 6 months during my bachelor. I got to work on an assignment for a company doing research there. I was just 19 years old and working on my assignment at a company over there in China. They also need security specialist over there, like they are needed everywhere. During the first year of my study I said I wanted to go abroad for a longer period during my studies. When I was in my third year and looking for an internship my teacher said to me, “hey, why don’t you go to China like you said before?” The internet makes it really easy to go as there are no borders. It takes some time to find the right contact and prepare for the trip but it’s really worth your while.
I hope that the awareness on information security will increase in society and that it will lead to a more mature IT landscape. Also, I but also Guardian360 would like to see a more positive attitude towards information security. Show people that you can actually increase your cashflow and save money through implementing good information security measures instead of it being seen as a necessity that only costs you money. The link between people and technology will always be an important element and probably only become more important as technology evolves and the dependency on technology increases . And how do I keep up? I’m just finished with my bachelor and will move on to do a master. Aside from that I’ll keep doing side projects and working as a hobby. Trying new things is really easy and really helps you to improve your skillset.
Everyone will agree that there is a huge growth in this sector and that there are a lot of opportunities. I already have a job before I’m even finished with my studies. I would really advise people to choose for a career in IT security, you’re guaranteed to find a job you like because there are so many possibilities relating to the technology and social aspects of information security. But most of all you should do what you like though, that’s important too.
I just started my career so I don’t really have a golden tip. Do what you like, keep learning as you go. Everyday I’m confronted with the fact that I don’t really know much yet. Just keep doing what you do, try new things and see where it will take you. Also seize opportunities during your study, there is really a lot of room to enjoy your time as a student. It’s so easy, but such a cool experience to study abroad for example. Internet has made it so easy to find assignments or internships. For my assignment at Guardian360 I put a message on my LinkedIn saying I was looking for an assignment and actually found this one within 8 hours after posting the original message.