Who Am I?
I’m Mike and I’m an information security analyst, working for a mid-sized UK based telecoms and internet service provider. My career contains a lot of variety, so here in my first post, I’d like to share some of that journey.
I began my first ‘real’ job in the very early 90s as a sort of office boy / telesales guy / credit controller, working for a distributor of electronic and electrical equipment to various industry sectors. This ranged from literally bus bar rails through to PLCs, inverters and SCADA (in the context of technology security, think Stuxnet, as the kit I worked with was mostly Siemens).
As a bit of an opportunist, I’ve always sought out the means to advance both ways to enjoy my work experience and of course increase my earning potential. I’m still like this. This led me to becoming a sales engineer, focussing mostly on factory automation and brought me into the realms of hardware configuration and software development.
I cut my teeth building logic controllers, writing logic and creating dashboards for operators to monitor and control processes. The industries I served ranged from the manufacture of doughnuts, through to the handling of reactor cooling rods in nuclear power stations. Pretty diverse.
Anyway, I did this for the rest of the decade, before taking a punt on running my own business. This failed, not down to technical incompetence, but more the problem of taking on more work than it was physically possible to deliver. A different incompetence. Lesson learned and as a result, I left the industrial automation game.
In 2000, my career took a new path – I became a business analyst / programmer for a large local authority in the North of England. Opportunity knocked once more. My work involved analysing the organisation’s information management problems (there were many) and not just recommending solutions, but delivering them. This started with basic things like a unified but accurate contact system, so that staff knew with confidence that they had information about the right people to speak to across the City, across services. This then led to a full intranet that was information rich and to an extent changed the way the authority did its business.
I loved it. I found or was presented with a problem and I solved it. No one asked to inspect the wiring under the board and gratefully accepted the product, as it was always better than what they currently had.
For a long time, it remained my favourite job.
Winding forward a little, I left that position to pursue a more consultative one with a large professional services provider, offering better pay and a car allowance. It sounded good on paper and most definitely felt good on payday, but curiously it drew me away from the opportunity to identify problems and solve them.
It didn’t last, but I had officially become a full-time business analyst / systems analyst (N.B. very different disciplines).
My ability to identify business problems and gaps in systems served me well across a few roles working in diverse sectors, including vehicle fleet management and the UK’s National Health Service. It paid the bills, however the constant issue still niggled; I wasn’t involved in the work to solve problems.
Then, another opportunity came knocking… I became a record label owner and rock band manager. No, really.
For a year or so I abandoned all sensibility and got involved in the music business. I might blog about this another time, but suffice to say it was a departure from anything I ever knew, into a world full of craziness and crazy people. It was good fun, and I learned a lot about the finer mechanics of things like negotiation, assertiveness and whatnot. It was also hard work, with success and failure rocking up in equal measures. There were plenty of good times though and frankly they outweigh the tough ones, in terms of how the whole experience made me feel.
Nevertheless, it taught me plenty, not least how to be pragmatic, accept things for what they sometimes immutably are, take things on the chin and move on.
Which is what I did. I went back to having a ‘real’ job.
In early 2012 I applied rather speculatively to join a mid-sized UK based telecoms and internet service provider, as a… business analyst.
I got hired.
From about week two, I put my hand in the air to declare I was technically biased and also had project management experience, so was deployed on a project to fully implement a ‘live chat’ solution, enabling customers to talk online to various staff; technical support, customer services and billing.
Taking a problem and solving it. Perfect.
This became a theme and I was in my element, whether it was large projects to migrate myriad web applications onto modern infrastructure, through to smaller projects, such as forcing HTTPS when connecting to those applications, or applying salted hashes to customer passwords.
In the process of either overseeing or delivering these projects, security bit me.
Opportunity inevitably knocked, as my firm didn’t have a formal security function, so I sort of unofficially assumed that role. I built monitoring, web application vulnerability testing processes and effectively drove our security posture forward, despite it not actually being my job. I also learned loads.
This mostly went without objection, however my job title was Senior Business Analyst, so there was an expectation that I fulfilled that role… I’d lost the heart for it, in favour of solving security problems (OK, the theme here is now well established).
In 2015 I took on a combined role, which was 60% security analyst and 40% business analyst, but in truth, all I wanted to be was the security guy. It was a tough time, as I had two taskmasters, but inevitably my leaning was towards security, so I let down or simply didn’t really fulfil my other half-role. It was hard and in the end I hedged my bets that the security role and the quality of my work therein would prevail. Which it did.
In October 2016, I was formally appointed as an Information Security Analyst, which is who I am at the time of writing this post. Now, I identify problems and I solve them. Not alone, of course and in my next post, I’ll talk about the people that have been critical to my development.
Thanks for reading.