Sophie can usually be spotted sitting awkwardly in a chair somewhere with her nose in her laptop or a book. In her spare time she plays D&D, bakes an excessive amount of cakes, and games (badly). Ask her nicely and she’ll more than likely produce coffee and brownies from a bag or drawer.
Question: Sophie, what does a normal day look like for you in Novosco?
Sophie: No two days have looked the same so far, with Novosco's Security Operations Centre (SOC) being a relatively new addition to Novosco’s security capabilities. There’s been a lot of learning and development which has been exciting as we’ve been able to be really involved with developing the processes and growing with the work. We have monitoring systems in place that allow us to check for alerts as they occur and establish if they need escalated or if they’re legitimate traffic being falsely flagged, and the nature of that means the environment we’re working in is always changing and being fine-tuned.
Q: What made you want to get into cyber security as a specialism?
Sophie: I didn’t really know where I wanted to go after my degree, and in my last position had a long conversation with my manager about what I wanted from a career if I couldn’t narrow down to a specialisation. I decided I wanted to do something that made a difference to people’s lives, no matter how small, and something where I would constantly be learning and improving. I grew up in a family full of IT professionals and had always been interested in tinkering with computers on my own time, but a lack of education stopped me applying for roles. A few days later I saw the opportunity to join the Cyber Security Academy and took the plunge.
Q: And what was the Cyber Security Academy like?
Sophie: Intense, but a fantastic experience. Starting as someone who had only an idea of what a star topology meant and ending with a set of industry-recognised qualifications was amazing. We had a great group of people who banded together really quickly, as well as endless support from the College and the companies involved. Many of us had no IT backgrounds and for someone to take the chance on training us in a very technical industry was a wonderful opportunity to have been granted.
Q: How has your time at Novosco been so far?
Sophie: Everyone has been so friendly and helpful, the culture we were told about was apparent from the first day we walked in the door. It’s the biggest workplace in terms of people I’ve ever worked in, and yet it doesn’t feel like working for a large organisation (in the best way). I’m really enjoying it, and I don’t only say that because of the free coffee.
Q: Training has obviously been a large part of the process, how has that experience been?
Sophie: Through the Cyber Security Academy we took the Microsoft Technology Associate exams in Networking and Security Fundamentals to get the foundation, before advancing to the Cisco Certified Network Associate in Cyber-Ops. Along the way we did smaller modules in Linux and Cybersecurity to give us a bit of breadth in areas many of us were unfamiliar with. There were even sessions on presentations and a week of design thinking. Novosco have provided us with further training opportunities, from the Certified Ethical Hacker course to application-specific qualifications. I’ve also had time to learn Python which has been something I’ve wanted to try for a while. I’ve never felt particularly disadvantaged for not having a technical background as we’ve been supported and helped every step of the way.
Q: Cyber Crime is a constantly evolving threat landscape, how important is it for people to stay aware of the latest developments?
Sophie: Very. For most people it’s simple things we all know that make the biggest differences; making sure all your devices are up to date with patches, having strong passwords, being careful about where you enter your details, etc. With the internet being so integral to everyone’s day-to-day now, having a level of wariness and education on how to keep yourself safe is important to make sure you’re not vulnerable to people who want to take advantage of naivety. Overly technical language and walls of text can be intimidating and even alienating when news about breaches or vulnerabilities break, but it’s important to make sure that we all know what we can do to help ourselves and our workplaces to stay safe. Knowing what the latest cybersecurity news is can help you stay a step ahead of cybercriminals, and even help you establish flaws in your own environment or behaviours that you didn’t realise were leaving you open to an attack. Everyone thinks that they’re not interesting enough to hack, but that’s never the case.
Q: Are there any particular aspects of cyber security that interest you?
Sophie: Possibly very predictable, but penetration testing. Hacking is intriguing as a puzzle – pushing boundaries and seeing what you’re capable of. Penetration testing allows you to do that as an ethical actor, someone who is helping a company find their flaws and fix them. I found the physical/human side of it particularly interesting; the sheer amount of attacks that only work because we’re inclined to trust people is staggering. There are some brilliant talks on YouTube by people whose jobs consist of testing the physical security of a building, from befriending the night guard to posing as elevator repairmen. We often feel awkward challenging people who act like they’re supposed to be in the building, but these show just how important it is to do that.