‘All the elements of cyber security that I liked came together in security monitoring

’

Bryan Beekhof

Product Manager Cyber Security

Education

ICT beheer (MBO)
Particulier digitaal onderzoeker (MBO)

 

Product Manager, what does that mean?

As a Product Manager I am responsible for various Security products. Based upon trends in the market and customer needs I introduce new products and adapt current products to these customer needs and new trends. I develop Product Plans for my products and try to respond to our customers needs together with a team of operations employees. There are various reasons for adding a new product to our portfolio. At KPN we find a secure network the absolute prerequisite for our customers to safeguard their privacy and prevent misuse of their digital identity. We feel it is our responsibility in this digital world to improve online security and to empower our customers in coping with and responding proactively to online security and privacy issues. KPN is the largest Managed Security Provider in The Netherlands and has extensive knowledge about ICT Security, but not all customers in every segment are aware of this. There are competitors who have been offering this service for years. But we would like to convince our customers that we are the best partner to combine the delivery of connectivity and security from the experience that KPN has in protecting vital communication infrastructures for decades. Since 1852, KPN Netherlands has continued to provide the latest technology at the moment. From telegraph to 4G, from telephone operator to telephone exchange and from state-owned company to commercial group.

The product manager creates individual building blocks first and then puts them together in order to satisfy our customers’ needs by offering a more complete product. Offering a more complete product also eliminates competition because your offer stands out from the rest. This helps KPN to stay and to grow as a key player in the market.

By creating a modular but integrated portfolio KPN shows it understands customer’ needs. We have to think for example what a secure workplace exactly looks like and how our customers would like their employees to securely use their workspace. We can offer a product that is intended to make life easier and give them security by design for our clients. We think that the way we build our products will make a difference for our customers.

Our goal in the end is to become the go-to security partner for every organisation. Whether you are buying an internet connection or a secure workplace. The product managers help by contributing to the Strategic roadmap and provide input on a tactical level.

What kind of projects are you involved with?

At the moment I am working on integrating our security portfolio with other KPN products and use the concept of ‘security by design’. Security should not just be a point solution, but it should be built into every product. My contribution in this process is translating customers’ needs into products. One of my personal strengths is the interaction with customers and the technical integration of their needs. The goal, like I said, is integrating security into our whole portfolio. Making security our core business by weaving security solutions into all the products and services we offer. To get there we need the building blocks to feed our core businesses with security.

Why did you pursue this career?

I have always been trying to hack things as a kid. So when I had to choose an education I started with network/system management in IT. From an early age I had to care for my mother at home and starting an HBO bachelor was not an option because I just didn’t have the time and concentration.
At that time a new MBO 4 programme, Private Digital Investigator had started. This education was all about hacking, digital forensics and fraud investigations. It got my attention because I was already into hacking. During my education I did an internship at a private detective company that focussed on fraud and digital investigations. After my internship I got into IT and security monitoring and from there moved on to cyber security. I worked for an international consultancy firm for a while and noticed that all the elements of cyber security that I liked came together in security monitoring. It has elements of identifying risk, protecting the organisation, detect threats, responding to threats and recover if needed. You have to decide what to monitor, what risks you are monitoring, and when something happens you have to dive into that specific case. So first I worked in jobs that covered one aspects and found a place where all those elements came together in the SIEM/SOC environment of security monitoring. I got to work on some big projects, setting up monitoring environments and developing relevant use cases. After doing that for a while they asked me for the role of product manager to help them further develop and position the security services that KPN offers.

In the beginning of my career I was offered a job because I had a relevant diploma. But in recent years I have been recruited based on the experience that I built up over the years. I got offered new positions based on the roles I had before and the kind of projects I worked on. People with an MBO background are people with a hands on mentality and a Security Operation Center environment is perfect for these people because you work on the operational side of the business. They are often more attracted to the technical aspects and less to the business side of things. My experience is that if you want to grow in an organisation to the business side, you really have to prove yourself when you have an MBO education. Being passionate about your work is necessary if you want to grow, and more important is how to get there through education, training etc... I really like my job and cyber security in general is also my hobby in my spare time as I like to read articles and whitepapers about subjects I work with. It influences me to work on innovation, trends, partnerships and what the market wants and where they stand on maturity. You need to keep up, IT is a dynamic environment and it helps me to become better at what I do in my work.

Can you name a milestone in your career?

That would be my employment at a large consultancy firm by passing the HBO assessment and going to the OHIO business course in the USA, and after that the big projects I did. They only used to hire people with an HBO or higher level of education. I only had my MBO diploma and still they employed me because they believed in me, which gave me a lot of confidence. I was working with clients at their offices and I was their primary contact. I learned a lot during this time and worked on various projects for different types of clients. I got the chance to gain new experience and to improve my skills which boosted my career and myself.

I believe that if you want something you have to work hard for it and you have to invest time in order to grow. I think how I grew up has made me competitive in that way. Sometimes I overdid it though, at a certain point in time I was getting a new certificate every week. But now I have found a better balance, working on a job level I wanted to and just get the certificates I really need or want.

I started working in an internship when I was 21, switched a couple of jobs and became a product manager at KPN at 27. I would like to advise everyone who wants to work in IT to start with consultancy. You will gain so much experience in such a short time that you will grow really quick. You see so much different environments and projects, that really helped me a lot to choose my career path. It gives you a lot of insights and experience on what you like or don`t like.

How will your industry or job in particular change over the next few years? How do you keep up?

I see a lot of processes being automated with BI (Business intelligence) and a lot of innovations are shaping cybersecurity. The protection of data will become very important, because so much new data is becoming available. Another thing is the Internet of Things and how we deal with the growth and subsequent security risks of that. Privacy will be an important subject when the GDPR will come into force in 2018. I think security by design should and will become the standard. New products will be developed with security built into it instead of being added in a later stage. Products will have to be developed with security in mind from scratch. This will need some time but you will see that security is everywhere in a few years. There is already a lack of specialists and that will only increase over the coming years.

I could say that I keep up by getting the right certifications, but that is not really true. You can pick up a lot of theoretical knowledge on certain subjects that way, but I believe that you have to keep up with all developments and trends to stay ahead of the curve. Getting to know the landscape you work in from a helicopter perspective is more important. How is everything related to each other and how to secure it. Getting your certification will then become more a thing you do afterwards to confirm you know all about it and proofing you are a specialist on a certain subject. To keep up I basically do what I always have been doing: Reading as much as I can and keep track of all kinds of innovations and understanding the “Why” and “How” from strategic to operational perspective levels. My colleagues experience me as a very curious, social and eager guy in the work field.
I always try to look at how innovations influence our products and how we can adjust to these innovations. What are the missing links in the portfolio of KPN that we need to be able to stay ahead of the curve. With IoT for example KPN has been able to do a lot because we anticipate on these innovations.

How did finding a job after your study go?

Back in 2009-2011 there were not that many cyber security related jobs like today. There was more focus on risk management side and that was a lot of business driven security. The private digital researcher programme was developed to anticipate on an expected growth in the future on operational and IT processes. I got the unique chance to work at a private detective firm. That wasn’t at all a sure thing for my fellow students. It was hard to find a job in Cyber security back then. There was a lack of definitions on the type of role/function in shaping perspective. A general job in IT did it better for most graduated students, because a lot of companies didn’t know how to deal with full time security jobs and you had to explain how important this was for the company. But security has definitely grown in popularity and also in number of jobs. I think right now the people following an education in cyber security will most likely find a job without much problems as the demand for experts is growing faster than the supply. Most companies now know how to fill in the roles because of the latest breaches and hacks.

Do you have any tips for up-and-coming talent?

Keep a broad perspective and don’t focus to much on one aspect of cyber security. Doing a great job at one aspect doesn’t mean you have to forget the whole landscape. You have to be ready if someone asks for help, and you need to understand their question and how security can help their problem from another point of view. SOC is really diverse with a lot of relevant technologies and processes. If you have no knowledge or experience of one part of it, it’s hard to fully comprehend it. You need to be able to oversee the whole process like the kill chain and threat landscape. I had the chance to develop myself in a very broad set of disciplines. If you don’t get that chance it’s still important to keep learning new things and keep a broad perspective. You don’t have to be a specialist in every discipline. But you need to be a specialist in the discipline you’re good at and meanwhile keep an overview of the whole domain and make sure you don’t forget what’s outside of your comfort zone. Because the IT landscape is wide and everything hits security.