Why working as an NCC Group security consultant is a rewarding career
Eleanor Chapman – Senior Security Consultant, NCC Group
How did you end up working in cyber security?
I ended up in cyber security because I wanted to work with cryptography originally. I did a maths degree which covered some elements of that but was unsure what job was best suited to me. I ended up going to a networking event where there were companies looking for pentesters. I hadn’t heard of the job before but it sounded like it could be a good fit as it incorporated highly technical work whilst also requiring strong interpersonal skills. I’ll admit that I hadn’t much experience with computers, let alone computer security, at this stage but I was keen to learn more about the field.
I read up about it all in my spare time and completed some free online challenges, mostly tailored to web application testing, and I was lucky enough to be offered interviews at four different pentesting firms. I think that was partly to do with my dissertation in cryptography and also because I had completed a 10-week summer internship at a cyber defence company. Both of those things, and my eagerness to learn, contributed to me being able to join NCC Group’s training program.
Why is your role important?
It’s important because it helps companies to fix the security vulnerabilities that affect their infrastructure and applications, in order to protect their users’ data.
More often than not we do actually see that the threat is from inside an organisation rather than outside and so we try to make sure that our clients are informed of both types of threat from the testing we do. That’s why, as pentesters, we’re able to carry out so many different types of assessment, from hardware and ATM machine hacking to social engineering jobs where we can attempt to physically break in to a building. Other assessment types include mobile application/device testing, wireless testing and code review, but mostly our days are spent testing websites or trying to find vulnerabilities within an organisation’s internal or external infrastructure.
What do you enjoy most about your role?
I really like informing and teaching people about how they can better secure their systems as it’s so common to be hacked these days. When you hear about your friends and family getting hacked, you see how upsetting it is for them and it’s rewarding to be able to confidently help them to secure their online accounts and decrease the chance of this happening again. Equally from the company side you want to make sure they’re doing everything they can to stop Aunt Edna being hacked again!
I’ve also always championed the fact that women can develop careers within any industry and so I want to show other girls out there that this is something that they’re able to do too. As well as learning about how to carry out real-world attacks we can earn good money, make a difference and excel in an industry that in my experience is non-judgemental and welcoming.
What do you love about your career?
First and foremost, I love learning. Working as a pentester you will never know everything and so always be able to expand your knowledge and skillset. I’ve found that studying for qualifications has helped me to focus this learning and have recently passed my CREST Certified Tester exam which is quite an advanced exam for people in our industry.
I also love meeting new people and experiencing what the office culture is like at different companies. Given that most of our client engagements only last one or two weeks there is a very rapid changeover and never time to be bored. It can be tiring if a lot of travel is involved but NCC Group offer a flexible working environment so your reporting days can often be spent at home.
What advice would you give to your younger self?
Just to relax a bit more and not to feel so pressured to prove myself once I started at NCC Group. I think because I’m a woman in a male-dominated industry I’ve wanted to prove more, which is quite common, but now that I’ve passed my [CREST] exam I’ve allowed myself to chill out a bit more and enjoy the work I do, and it’s a great feeling.
Published date:  04 April 2018
Written by:  NCC Group