Q&As: work experience, grad programmes and travel

Here are the questions you asked our panel of people who work in cybersecurity and computer forensics in Ireland.

Question: If the work is confidential or has a lot of responsibility can people really get into this kind of work straight from college, or would you usually have to get into a company in another role and then work your way into an IT security position over time?
- Anon

Tony Davitt from Cisco SystemsTony Davitt (Cisco): There are courses specifically designed for IT Security professionals, but I think you are right in that the biggest aspect is experience – and you would probably need experience in IT itself first and then after that migrate into Security which is what I did.

James O’Gorman (Microsoft): In most cases cybersecurity roles are subjected to working with confidential information and with sensitive data. Often there is a high level of responsibility that comes with dealing with these systems due to the risk to that data.

In most cases candidates for roles will be vetted to ensure that the candidate poses no threat – this may include background checks, criminal record checks etc. The level of checking will depend on the role and the employer.

There is a high likelihood that your employment contract will involve a non-disclaimer and confidentiality agreement stating that you cannot talk openly about the specifics of your role outside of your employment.

In rare cases and in cases where you work with government bodies you may be required to sign more specific legal documents but this will depend again on the role, your employer and the country in which you seek employment. Age and experience are not necessarily a barrier to this type of work, a clean background will be more important.

Tom Leonard (CPL): Typically companies will look to people who have either come from a systems and networking background and have gradually progressed into security or a software development background who have specialised in security products or web/online security.

As college/university courses in Cybercrime and Forensic Computing increase and become more recognised I would see it as very likely that larger companies could certainly look to take on more graduates to work as junior incident handlers or first-line response for example, responding to that first alarm or threat that is raised when there is an attack on a company system. This is likely to be the case with one or two companies in Dublin in the near future.

Everyone would be subject to background checks and confidentiality acts, regardless of experience.

Question: Do you get to travel much in this kind of job, and does your company have any grad placements / programmes?
- Anon

Keyun Ruan (UCD and EADS): It depends on the nature of the work. Normally researchers travel for conferences from time to time etc, but it’s not a big portion of everyday work life.

James O’Gorman: I occasionally travel internationally when called upon to act as subject matter expert or for international training or conferences. For consultant cybersecurity professionals there is a greater need to travel and those consultants could find themselves spending most of their time travelling to client sites.

Microsoft has both internship and graduate level roles advertised on an ongoing basis, please see the Microsoft website for more details.

Gary Fortune (SAP): In local IT we do need to travel between our different locations for support and project implementations. Many of our tasks can be completed remotely as all our systems are networked.

However, at times we do need to replace/upgrade equipment – this would mean we physically need to be on-site to carry out the tasks. Also at times we need to travel to other countries to work with colleagues on projects or training.