8
“ Hello, I am really glad to have this opportunity! How can you develop your career in cyber security? ”

Ioanna G. asked a question
during the live chat Deloitte Cyber Security Live Chat
to Deloitte UK Recruitment Team

17/02/2017
741
19 Live chat
I applied for the grad program "Risk Advisory - Cyber - Technical" as I saw it is focused in the penetration testing area! I am really excited with the possibility of being part of that and learn new things. I would like to ask what are the possible ways to grow your career through this choice.
17/02/2017
Senior Consultant, Deloitte

Hi Ioanna, thank you for your question - I joined the penetration testing team from a non-technical background and I have had numerous opportunities to grow and expand my knowledge. One big opportunity is training and qualifications as well as learning in the role.

So, I have worked on mobile application penetration testing projects and I undertook some training to support this. In addition, I've studied for and completed the CREST CRT (Registered Penetration Tester) exam.

17/02/2017
Ioanna G.

Hi Caitlin! If that helps you I have a degree in Computer Science and Engineering and I am currently doing an MSc in Cyber Security and Management.

17/02/2017
Senior Consultant, Deloitte

Have you any experience in pen-testing itself? One of the great aspects that i've found is you get to view security from the first hand perspective of an attacker, which offers you a perspective on cyber security that many people don't have.

And I've had the opportunity to work on a very broad range of projects for many different clients, including web app testing, infrastructure testing, build reviews as well as the mobile testing I mentioned.

17/02/2017
Ioanna G.

No I don't have and this is why I selected to apply for the specific position! I want to learn, be trained and experience new things. My goal is to experience exactly what you described in order to create better defensive systems!

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

Hi Ioanna! So I joined from a very non-tech background. But I think I've started to find my feet after just a few months. My advice, if you're keen to hit the ground running, start looking out for online CtF (capture the flag) challenges.

17/02/2017
Wenjing W.

What is online CtF? Could you elaborate it a bit?

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

There are lots of great online resources where you can get stuck into, like vulnhub, where you can create virtual environments and get to know the pen testing tools (in a legal and safe way).

Hi Wenjing, online ctf's are challenges that revolve around different areas of exploitation and technical knowledge.

17/02/2017
Wenjing W.

Thanks for your answer!

17/02/2017
Ioanna G.

Thank you for your answer David! I already knew vulnhub but I am not informed about the ctf.

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

For instance, you will get a short brief about the challenge and a few files (whether that is source code, images or text files) and you have to solve the challenge and read an embedded flag.

17/02/2017
Ioanna G.

It sounds really good! I am going to try it! David may I ask something else?

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

Deloitte hosts a semi-annual ctf event for university teams, which is really exciting to take part in, but if you can't make time for that, you can find a few vulnhub challenges based on CTF's like "hackday Albania" which happened a few months ago.

Ioanna, go for it!

17/02/2017
Ioanna G.

Thank you! Where do you see your career going in the future? I just want to know how a choice like this can affect my professional future! If this is something that you can answer of course!

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

Personally, as I'm a bit of a nerd, I'm really happy digging further into the nitty gritty of machine-code exploitation, potentially even injecting malware into firmware. To get there, I'm studying for my CPSA / CRT, then I will focus on my studying for my OSCP and then hopefully go for the more advanced "simulated attack specialist" qualifications.

On the way, I'll build up my broader consulting skills, focus on my people-skills, build relationships, and invest into a more Chartered approach to being a pen tester.

17/02/2017
Ioanna G.

I know what you mean, I really enjoy all these myself too! Do you think that risk management can be a choice for me after some years? I mean, is it possible to do that?

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

Are you referring to specific cyber-related risks?

17/02/2017
Ioanna G.

Yes!

17/02/2017
Consultant - Cyber Attack, Deloitte LLP

So whilst our focus (in cyber attack) is to do everything we can to poke holes in software, infrastructure etc; an equally important part is how we guide our clients to a solution. Project by project, you'll gain insight into different real-world risks and have to research the solutions and recommendations to overcome them.

17/02/2017
Ioanna G.

Thank you David! You've been really helpful!

Deloitte UK

Deloitte is the world leader in consulting and auditing. With over 15,000 employees in the UK, it assists both big names in the industry and provides services to SMEs or small dynamic start-ups.

Deloitte intervenes on various issues, ranging from the reliability of financial information to the support of its customers on their strategic development. The objective: to ensure the smooth running and the durability of its customers, whatever their size and the sector in which they operate. Each area requires high expertise, strong multi-disciplinarity and the excellent ability to assemble a range of skills.

With a network of member firms in more than 150 countries, Deloitte combines world-class expertise with a high-quality service to help clients meet their most complex issues.

Our 264,000 professionals are driven by the same goal: to make Deloitte the benchmark for excellent service.

Expertise: Audit, Advisory and Risk Advisory, Financial Advisory, Chartered Accountant, Legal and Tax Advice.

Visit website