Exeter Alumna, Anya Osen, works as a Cyber Security Consultant at KPMG. This involves assessing computer systems, software and networks for weaknesses and then designing and implementing the necessary solutions.
What duties do you carry out in your role?
Every day is extremely varied, but I am getting far more into the technical side of things so I have a lot of training to do. Currently I am teaching myself Python, learning far more about network security and web application testing, and learning more about Linux and the technicalities of Windows. I also recently passed a professional qualification called the SSCP (Systems Security Certified Practitioner) which taught me more about security than I have ever known before.
What made you choose to pursue a career in your particular sector?
I wanted to pursue a career in Cyber Security because I knew that it was a massively growing field. While I was at university, every day there would be articles in the news about breaches and I knew that it was only going to get bigger. A lot of the soft skills I learned are helpful - although I work in a highly technical field, it is still consulting and we are expected to present ourselves well. I do still have to talk to clients, interact with other people and write reports, which I think a lot of people don't really expect when you say you work in tech or security. Cyber also isn't just about the internet - we also do physical security as well, and physical penetration tests (where we get paid to break into offices and find vulnerabilities) are semi-common at work.
What do you enjoy the most about your work?
What I enjoy most about my work is just that it's pretty fun. I don't think a lot of people get that sort of enjoyment from their job.
What advice would you give to students who are interested in pursuing a career similar to your own?
In terms of advice - I strongly recommend that people start early. I work at one of the big 4 which can be incredibly competitive to get into, but I did the first year 'Women in Tech' programme and from there I was offered an internship, and after my internship I was offered a job. It definitely pays to be proactive and organised. Read up on exactly what the job entails, and in interviews make sure you are enthusiastic and are prepared with a couple of questions to ask your interviewer. For the more specific aspects, it can't hurt to have a look at some of the exam specifications for professional qualifications. SSCP is a good one for an all-round base, and if you want to go more technical, look at the CREST website (Crest offer penetration testing/incident response qualifications). A lot of people assume that a lot of my job is coding, but that isn't really the case - coding is just another skill that people can bring to the table, but is not necessarily a pre-requisite. Obviously I have only worked in one organisation, but from what I can see, most things can be taught when you arrive.