Name: Tom Madsen
Affiliation: Cybersecurity SME with NNIT Denmark
Editorial Board of Cybersecurity Magazine
Can you briefly introduce your current role in cybersecurity?
I am working in a senior role, as a combination of Security Architect, Advisor, Specialist. I am helping customers with all sorts of cybersecurity challenges, since I can function in the entire cybersecurity stack, all the way from the cables and up to strategic advisory at the board level. I am also functioning as a kind of coach for the new people, just beginning their cybersecurity careers.
How did your career in cybersecurity get started?
My interest for cyber security began in the 80’s and 90’s, back when the first hacker groups was founded and ended up in the media. I read about the Cult of the Dead Cow, Legion of Doom and Masters of Deception. I followed their exploits on the BBS’s existing before the Internet as we know it today. I thought that this was cool, but at the same time frightening what a malicious attack could do to IT infrastructures. I quickly found out that I was not a hacker, my mind does not work in that ‘out of the box’ way a modern white hat hacker works, so I am on the blue side of things, strictly defence, not the more offense way of penetration testing.
What does a typical workday look like for you?
My days depend on the customers and the assignments that I have with them. Currently I am working as a security architect for a custom systems development project, and I will most likely being work for a different customer on BCP issues at the same time shortly. As a cybersecurity consultant, having multiple projects at the same time is normal. A day typically has coordinating meetings, interviews with stakeholders and design work, design is THE foundation of good security. NO matter if the assignment is infrastructure or application design.
What are the most challenging and the most enjoyable aspects or your role?
It is a daily challenge to keep up with the development in the attack techniques that the malicious hackers are developing at a breakneck speed, while at the same time keeping up with the technological developments that these attacks are applied against. That is at the same time the most enjoyable part of the role as cybersecurity specialist! No two days are alike, and I am continually learning new stuff, one of the main reasons I am working in cybersecurity in the first place, the coolness of cyber not withstanding
What do you consider the three most important skills to succeed in your role?
- Being sociable! As a cybersecurity specialist you will have to be capable of talking to different sets of people, from the hardcore technicians all the way up to staff at the board of director’s level. Both to negotiate and communicate the complexities of cyber defence.
- Ability to continually learn new technology as well as the new compliance regulation that is being continually developed by political organizations like the EU, which have just finalized what is called NIS 2. Regulation that will have a huge impact on many organizations within the EU in the coming years.
- Teaching! You must be able to hand over the technology to the customer, or the customers hosting partner, after implementation. You must be able to teach new staff, or staff just out of school or university the complexities of cyber in the realities facing different kinds of customers. Financial, Life Science, Legal, all of them have different challenges in implementing cyber that fits the regulatory environment they are facing as part of their core nosiness.
What advice do you have for people starting their career in cybersecurity/looking to enter this industry?
At long last we have formal educations focusing strictly on cybersecurity. Previously any IT education would have at the most, a single semester course focusing on cyber, now students can choose a full master’s degree with a single focus of cyber. Do that! Make sure you have a broad understanding of the cyber realm, before you choose a specialization, and a formal degree is the way to do that. Afterwards you can begin getting all the various certifications out there under your belt.
If people would like to learn more about your role in cybersecurity, where should they go?
There is a plethora of possibilities for getting information on the different kinds of roles in cybersecurity, this magazine being one of them. I my self is usually filling in different roles in different organizations, like the security architect role mentioned for the custom development project above. In other cases, I will be a security advisor a customer, so my role is different to nail down to one. My recommendation is to keep abreast of all the various areas underneath the cyber designation and chose one that fits your interest. Just be aware that you interest will likely change over the years, one of the core benefits of cyber, we can change our profile to something new within cyber, from secure developer to security architect for instance, or to network security specialist.