Author: Craig Brown, Director Consulting Expert - Cyber Security

I’ve been doing security for many years. But it was the real-world impacts of a serious breach at a former employer that brought home the human side – and critical importance – of cyber security for me.

Ultimately, that human factor is what led me to specialise in this field. I find meaning in knowing I am stopping someone from having their life savings stolen, or preventing harmful activities against our communities and critical infrastructure.

My work today at CGI focuses on helping to build out operations at operational technology (OT) companies. It’s challenging, rewarding and often thrilling.

Finding purpose in my work

Prior to cyber security, I worked as an IBM Systems Programmer, and helped connect Telstra’s mainframe to the TCP/IP network, because I spoke both languages: SNA and TCP/IP. This led me to Cisco Systems, and living and working in America.

My family and I moved over to North Carolina in 1995 and stayed there until the early 2000s. In those days we used to manually test whether a device could handle a lot of stress capacity – there were no tools to do it for us. We used to write our own scripts in Python to emulate a massive load of traffic hitting a box suddenly. Today that’s called a DDoS attack.

We would do things to make two devices talk to each other, but we wanted it to look like multiple devices were talking to this master one. Through these activities, we were learning how to break into systems. It wasn’t your standard black-hat story – it was legitimate testing.

From there, I worked on open source tools and took them to Cisco products to see if they would fall over. That’s how I got into open source hacking tools, and finally, helping clients build out operations.

After returning to Australia, I had several IT roles at different companies. Although I enjoyed the work I was doing, I always used to wonder, “What am I doing at the end of the day? Is there meaning in ‘saving data?’”

I realised that cyber security gives me the opportunity to protect critical infrastructure and genuinely impact people’s lives. And what I saw at CGI was an opportunity to make a difference by helping build out operations for OT companies.

That’s where our cyber team focuses our skills. We look at an environment and ask, “Is this behaviour over here accidental or is it the work of an adversary? Is someone trying to deliberately sneak their way through and take over this system?”

We’re now starting to see a convergence of IT and OT. I’m talking in two different languages – to the IT function and the cyber function, and bringing them together. It’s both challenging and rewarding.

Opening the door to career opportunities

The reality of working in cyber security is that you have to be ready for anything, every day. You also have to be an out-of-the-box thinker and have a curious mind.

The people we look for at CGI are inquisitive, analytical and enjoy puzzles. In fact, I often ask candidates if they enjoy puzzles, because if they don’t, they may not like this type of work. A typical day for us is putting together bits and pieces of information and working out how to get the rest of the information you need.

CGI is a global company with extensive resources to draw and learn from. We also provide infrastructure products to the SCADA industry, which means there is a lot of opportunity for innovation. Anyone can get involved, and there’s nothing to stop you if you want to try.

As a leader, I never try to tell my team members who they should become. What I do is open the door and give them the ability to step through it. Those who do are committed, and they stick to it because that’s what it’s like to be in cyber. It’s not something you learn in a day, a week or a year. Success is found through perseverance and dedication.

If you’re interested in joining us at CGI, visit our careers page for the latest opportunities in our cyber security team.