Chat with Matt: Strategic Career Planning and Soft Skills.

Chat with the “Matt’s” – Strategic Career Planning and Soft Skills.

How often have you considered the skills outside of the technical realm that can supercharge your career in Cyber Security?? Ever thought of as the industry of scrolling binary, black hoodies, and the faint smell of coffee, the industry is beginning to shift to be far more business facing, although I think we can leave the pinstripe suits at home.

This demands a different set of skills, sure it’s awesome that you created a custom payload, escalated privileges and ‘owned’ a client environment, but would a CFO understand a single iota of why it’s important?? This is where soft skills and business acumen come in.

I sat down with Matt Twells, a Senior Solution Architect at the renowned consultancy Bishop Fox to discuss his take on how fundamental human behaviours like empathy and humility have helped to switch the afterburners on for his career.?

A few excerpts from the interview are below, honestly, it’s a good one, wait for the movie! (it’s in the works).? Now we’re both called Matt, so to avoid any confusion, it’s marked at ME and MT, nice and clear right?

ME: So aside from the technical stuff, give me a brief overview of what attributes round out a security professional, because everyone can learn the tech right?

MT: I'm going to go with kind of concentric tree rings, so if you've got a technical basis of skills, I'm not going to sit there and be like, what's SMB to someone new.? I’m going to assume you know that stuff.?

I’m looking for what I call ‘system thinking’, so why would the client be using SMB, frankly why are they using an on prem deployment of AD instead of moving to the cloud?? That’s not a technical answer, that’s business. They might be on prem as they can’t afford the cost, or they don’t have people. This should inform your recommendations.

Being like “oh hey, AWS does cognito” okay fine, but they’re not doing a cloud migration, what now. Replace the firewall? It cost them $1,000,000 dollars in licensing, what now?

Start listening to your customers about why they might be in the situation they’re in.

Coming from this part we began to discuss the key elements of understanding your customers, and some really interesting insights about how you can tailor your responses as a consultant depending on your client’s size and situation.

ME: What's important is explaining to that individual using this human connection why that matters to you, what the cost is to the business, what the potential impact is in a language they understand.

MT: Maturity is a big thing. You're testing a start up with three people, giving them like, oh, you need to completely rip up your text stack, and you should probably be using this.? Not every customer is Amazon, not every customer is NASA, it could be four dudes working on laptops using G-Suite with a stripe payment system.? As a security professional you will be crying inside.

If you give them the same recommendations you would give Amazon, they will think “this is useless”.? Given their size and lack of maturity, you might go “Well you’re all in AWS, why don’t we start just segmenting things off? Make sure where the money is can be fenced off from the network?”.? Is it enough? No.? Is it a start? Absolutely.

As a final point within the chat, we covered off one of the more interesting elements for me, which was the approach Matt had taken to his career.? I’ve known him for several years and alongside using his interpersonal skills to become an awesome consultant, he has taken a unique outlook of reverse engineering the steps in his career.

He started with a goal and has worked backwards through his career to make sure he ends up at that goal.? It’s a natural thing, right?? I’m sure we all operate that way in our every day like.? I’m making Bolognese tonight (the end goal) so I will cut onions, carrots, garlic, celery…. you get the idea.? How often do we do this with our careers?

ME: you've had a very structured sort of pathway to your career and you think about things in a very unique way when it comes to your career. Can you talk me through how you've planned out your next steps over the years because it's been really interesting?

MT: If anyone watching this feels like I’ve got it figured out, I’m going to say I’ve taken the racoon driving a van in a squiggly line approach.

ME: That’s not how it looks at all!

MT: I always knew that when I got into penetration testing and it's going to be anathema to a lot of people who probably watching this, I hated pen testing as a job. I didn't enjoy what I was doing and I know a bunch of people just vomited into their OSCP backpacks at this point, but it was the truth.

I enjoyed it, but like it wasn't my passion. ?I had the passion for talking to people, solving problems on an organizational scale.? And then then it got to the point where I didn't really have the confidence in myself to kind of work out what my next step was until I realized people were starting to hand me the phone to talk to their customers because I was so much better at it because the practice and I then at that point I'm realizing “Oh I get it now”.

Being honest with myself was probably one of the biggest parts of it, because that's been my compass. Basically is it cool or is it boring? Will it actually make me happy and it's gonna sound trite, but it is true.

Jobs never die with a bang, it’s usually with a whimper.? The big strategic portion with me is what's the underlying issue? What's, you know, curing the symptoms, but not the disease.

This is just a quarter of the value Matt shared with me over the course of our chat, the video will be up soon, but one thing to take away is that security is not a business for the purely technical anymore.? If you’re aiming your sights on a career in consulting, make sure to take in the wider business context to how security affects an organisation.

Thanks to Matt for his time.? He’s written a book as well, to help demystify the Cyber landscape for people coming into the space.? Take a look at his work on www.codebloodedcyber.com

?

?