I wrote this blog to describe how I built a career in cyber security. I have been working in IT for more than 34 years, that was before the World Wide Web was conceived, the fall of the Berlin Wall and most of my current IT department was born. The following article describes my own personal journey and how to build a career in cyber security.
It is interesting to observe how technology has changed since I got my hands on a loaned Sinclair ZX80 in 1981. I travel into London via train most mornings from my home in Cambridgeshire and I often wonder if this is how Alan Turing foresaw his concept of a thinking machine, hypnotising a zombified carriage of commuters as they read the latest gossip from a plethora of social media feeds.
It is interesting to think about how our daily lives have changed so dramatically in such a short space of time, all thanks to the advent of technology. It’s hard to imagine living without those things now, but I suppose that’s how future generations will feel about whatever new technology comes along.
Fascinated by the potential of technology
I have always been fascinated by the potential of technology to make our lives better, whether it is a new way to improve our productivity, or simply a gadget that makes everyday tasks easier.
I am constantly on the lookout for new and innovative products that can help me in my quest to be more efficient and organised. The real fascination for me is communications, initially, radio via CB or walkie-talkies used in the 1970s action shows like ‘The Professionals’.
The thought of using a portable communications device to talk to my friends excited me. Unfortunately, these devices were out of my reach in those days, we didn’t even have a telephone until the early 1980’s so my dream of a portable radio communications device would have to wait until I could afford to buy one.
Life is not always easy
Like many growing up in the East End of London money was very tight. My father had sadly passed away when I was 5 years old, and my mother had to work 7 days a week in a variety of low skilled jobs to support 4 children, of which I was the youngest by 11 years. This didn’t stop me fantasising about inventing a device that would change the world, or at least tidy my bedroom, or perhaps complete my homework on time!
You never know how strong you are until being strong is the only option.Bob Marley
Life can be full of challenges and Unexpected events
Life, however, throws you challenges. My mother who had overworked herself to support me and my siblings suffered a life changing brain haemorrhage when I was 13.
Thankfully she survived but she was in hospital for a year, and it left her permanently paralysed. This had a huge impact on me, I had to grow up very quickly as my brother and sisters had all left home some years earlier.
This was a very tough time for my mum and the family, and it changed all our lives. I felt this also changed my outlook in life and career direction. Bob Marley is quoted as saying ‘you never know how strong you are, until being strong is the only option’. That quote resonated and has stayed with me throughout my life.
When my mum returned home from hospital, I become fascinated with security around the home. I studied the different types of locks and alarm systems and hypothesised how they could be used to protect people and property. From that day on, I knew that security would play an important role in my future career.
I remember saving money from numerous part time jobs so I could purchase good quality locks and secure the house. The house resembled Fort Knox when I had finished, something quoted by everyone who visited. I guess it was my way of coping with the events that had occurred, wanting to protect my mum, especially as I was the only man in the house. I had learned to cook too, something that I still enjoy today. This is where my passion for security started, I remember dragging my friends to a security trade show in 1983, to look at alarms and door locks. They hated every minute of it, something they constantly remind me of today…
In 1983 a new movie was released that involved a schoolkid who broke into the missile defence system of the United States and almost started World War 3. The film was War Games with Matthew Broderick playing David Lightman, a high school student with an interest in computers.
One of the things that really struck a chord with me was how easily David Lightman hacked into the school computer system and changed his grades. I remember thinking at the time that the only computer my school had was an abacus. My friends and I had applied for free tickets for the London premier through a daily newspaper and had been successful. Looking back, War Games was a pivotal moment in my life as it made me realise the power of computers and how they were going to change the world. It also showed me that these powerful devices will need to be protected.
Things never quite turn out the way you had planned
I left school in 1984 and desperately wanted to go to college and then possibly university, although I knew the latter would be very difficult financially and wasn’t practical. There was enormous pressure for me to leave school and get a job as there was little money coming into the home. My sister had temporarily moved back home as a full-time carer for my mum, but it was obvious my mother needed to be nearer to my siblings who all lived out of London in Essex. No one within the family had been to college, and mum really wanted me to go. This gave me the impetus to start my journey and follow my dream. I took a B/TEC Diploma course, working in a variety of jobs to support myself. I remember lying about my age so I could work in pubs and restaurants, it was challenging and tiring but I got through it and become the first in the family to achieve a college certification.
Whilst my dream of university would have to wait for a couple of decades, I now started to believe I could work with technology and make a real difference. While at college I was fortunate to have the opportunity to ethically hack into the computer department’s new DEC mainframe computer. The head of technology at the college had chosen a group of students to test the security of their latest acquisition before it was handed over to the students. This can be considered an early form of Penetration Testing, something that I found exhilarating. I must admit there was a part of me curious to know (like War Games) if the college stored the grades of the students on the same computer, which it didn’t… How I found that out is a story for another blog!
Whilst at college I was able to purchase a computer, starting with a Dragon 32, then a Commodore 64. The latter was used to connect into bulletin boards, specifically hacking and telephone phreaking sites, which for the younger demographic are like Internet chat rooms.
These bulletin boards provided a wealth of information, especially for an aspiring hacker at that time.
There was information relating to an almost endless number of computer systems, all accessible via a telephone line.
Phreaking was huge in the United States during the 1970’s and was used by a community of ‘Phreakers’ to connect long distance telephone calls, free of charge, using simple techniques such as whistling down the telephone line, this was known as ‘Blue Boxing’.
Phreakers were pioneers and evolved their skills from telephony to computer systems, which is a logical step. I was fascinated by their antics; I was hooked on the stories they told and the techniques they pioneered.
I vividly remember using the BT Prestel service in the early 1980’s, and the various view data systems that were run by many local authorities. I was amazed how insecure these systems were, with simple passwords such as ‘Fred’, ‘God’, ‘SysAdmin’ or simply ‘Password’. I also remember being able to access systems from any telephone, if I knew the number to dial. It is incredible to think that these systems were used to store sensitive information such as addresses and telephone numbers.
The information available on these bulletin boards was invaluable to my development as an information security professional. It allowed me to understand how systems worked, specifically their weaknesses which could be exploited by those with malicious intent. These weaknesses would usually manifest themselves in poor passwords or configuration issues.
When I was employed by a large multinational organisation in the late 1980’s I remember checking the security of the systems I was working on, and yup you guessed it, they were just as vulnerable. This was my first experience of securing systems, and it gave me a great sense of pride to help protect the company I worked for. Nowadays, organisations have whole teams dedicated to Information Security, including ethical hacking.
This is how my love of technology was fused with my passion for security. This blog wasn’t created as a biography of my early life, it is intended to articulate how events in someone’s past can shape their future. I have been CISO and a champion for Cyber Security for many years, and whilst it has been scary and frustrating, it has also been immensely rewarding.
Throughout my career, I have seen the impact of cybercrime. I have seen businesses brought to their knees by ransomware attacks and individuals have their lives turned upside down by identity theft. The thing that has always motivated me is the belief that we can make the world a safer place by using technology to our advantage. I am passionate about security and believe that it is essential to protecting our way of life in the digital age. I am also a firm believer in the power of education and sharing knowledge, something that never leaves you.
Education isn’t only for the young
I am a firm believer that education and academia is not just for the young, age should not be a barrier for re-education. I finally achieved my dream and went to university, albeit part time and as a senior student. I received a Master’s degree in cyber security with a distinction in 2018, achieving the highest score in the class. I also hold a CISSP, CISM, C|CISO, CAP, CEH, CHFI and a MBCI all in the Cyber Security field. A person’s background, demographic or age should not prevent them achieving their goals. I was diagnosed with dyslexia many years ago, but I haven’t let that define or restrict me. Yes, I need to manage it but it has made me strong at maths, I look at the positives not the negatives in life.
I have met and worked with some incredibly talented people during my career, which drives me to push the boundaries of technology and how to protect it from malicious use.
As I look ahead to the future my biggest information security concern is not cyber criminals, or a nation state cyber-attack, it is motivating the next generation of Information Security candidates. It has been widely publicised that the future working generation seek a career as a social media influencer rather than an engineer, a scientist or a technician. How can you expect to influence society without achieving something first, gaining wisdom and insight.
I hope my story is interesting and insightful. It has been a long and difficult journey at times, but I am so proud of what I have achieved thus far, and those that I have been able to help with advice and guidance. If I can do it, anyone can! So never give up on your dreams, no matter how hard they seem.