I work as a Technical Information Security Consultant, and my main responsibility is to conduct technical security assessments. My goal is to identify potential vulnerabilities in the systems being reviewed as comprehensively as possible.
I approach the system as a potential malicious actor would, ensuring that the system cannot be used in ways other than intended. My work is not just about breaking into systems, but rather focusing on understanding how security can be improved holistically.
I also support development teams during the development phase of systems, assessing the security of implementations and providing suggestions to minimise potential risks. Additionally, I participate in process development, such as improving security operations and monitoring. Thus, my projects often consist of both shorter testing assignments and longer-term advisory tasks.
Creativity and problem-solving skills as the cornerstones of work
I use different tools depending on the task at hand. On the testing side, I utilise tools designed for penetration testing, such as proxy software for modifying traffic between my machine and the application under review, as well as programs for testing specific services and protocols. If necessary, I write simple scripts myself if existing tools are insufficient.
On the advisory side, I use more traditional tools like Word and Excel. I also perform code reviews, where I use the same software tools as the developers.
What I enjoy most about my job is its variety. Each assignment is different and challenges me to think about how systems could be used in unintended ways. The job requires problem-solving skills and creativity, which keeps it interesting.
I’ve also realised how important it is to take detailed notes. With multiple projects running simultaneously, it’s essential to regularly pause and document what has been done to keep everything organised and avoid mistakes or oversights.
Becoming an information security consultant through a career change
The best part about working at Gofore has been the opportunity for a career change. Thanks to my background in software development, a transition to the role of an information security consultant was tailored for me. Even though I started in a so-called junior role in information security, I quickly gained responsibility and trust. I felt that my previous experience was taken into account, and I was given space to grow in the new role at my own pace. Additionally, support and help are always available.
Currently, I’m particularly interested in artificial intelligence and its impact on the IT industry and society. With the rise of AI hype, it’s important to consider the risks that broader AI adoption brings and how these risks can be managed.
