This year, Mark Whiting accelerated his career growth through our Cyber Security Part-time Program. Coming from 20+ years of IT Service Management experience, he saw the demand for professionals with skills in risk and cybersecurity. He recognised the significant skills shortage and decided to upskill & transition his career.
Within six months, Mark adopted the necessary practical skills & mindset to effectively transition his career to the Cyber Security Critical Infrastructure space. He has a strong passion for his work and strives to make a difference in protecting industries & countries.
Read about his journey here:
Can you describe your career experience before making the change into cyber security?
“For the past 20 years, I have focused on consulting in IT Service Management. This is a process-centric approach to managing IT outcomes from a service delivery perspective. Over the last decade, this process approach has evolved into digital transformation, which has seen the cadence of managing IT become faster to meet customer demands. The complexity of thinking, frameworks and practices to support this change encompass technology platforms, value streams, agile and DevOps ways of working.”
With your previous work experience, how did you transfer and apply those experiences to prepare you to study cyber security?
“The acceleration in thinking driven by digital transformation has translated into learning more in the past five years than in the 25 preceding it. In essence, I have spent considerable time learning emerging domains of knowledge. On a personal level, I was already in the zone to study cyber security.”
What were your career goals before upskilling to cyber? How has your outlook changed?
“After being exposed to client engagements focused on risk and cybersecurity, I recognised these disciplines as both a gap and an opportunity and area of interest for me. I am naturally curious to keep learning and continue to provide value in my work.”
Why did you choose to join the Part-Time Program in particular? What appealed to you?
“The part-time program appealed to me because I wanted time to explore what I was learning to ensure I was comprehending the content and reading widely. This option suited me because I was able to experiment more in my computer lab and spend time on the capstone project.”
Congratulations on your new mid-level Cyber Security role! How did you get a job in the industry after completing your training and what guidance would you give someone applying for jobs after upskilling?
“My career in Critical Infrastructure cybersecurity came via LinkedIn. There are two critical aspects to finding a role. First, leverage the strengths that you have. As my background in IT is considerable – primarily IT Service Management – it meant I could frame cybersecurity within that domain, which definitely helped me gain this role. Second, networking and leveraging the contacts that you have. It’s important to acknowledge that many people have helped and contributed to where you are today. I made a point to communicate what I was doing to my close network, who oftentimes can help extend your network. Sometimes you have conversations that you wouldn’t otherwise have had, and that can lead to opportunity and connections. I also adopted a bold mindset and made approaches, especially on LinkedIn. This is exactly how I was notified of this role. My key advice here is: always write a personalised message when making a contact. Nine times out of ten, people are happy to help. Be generous and acknowledge those who have helped you, and likewise, help others.”
How do you prepare for a cyber security interview? What are the most important things to remember and discuss with a potential employer?
“If you get an interview, it means that you have something to offer in addition to what you have learned in the course of study. So, own the strengths that you bring so you can contextualise the interview conversation. Of course, if the role requires deep content knowledge, it’s a given you prepare that thoroughly.”
Would you recommend upskilling to fellow professionals? Who would be suited to become trained in cyber in your opinion?
“Upskilling is a necessity in all knowledge work. What we have to know has been accelerating over the past decade. But, it’s also never been easier to learn, either formally or informally. And curious mind naturally finds a way. This is a key attribute for anyone wanting to train in cyber, i.e. they are simply curious about this field. The other necessary attribute is a desire to understand, empathise, and work with other people. I think once you have those attributes, you can add in your specific areas of deep interest.”
Tell us about your capstone project! How did you come up with your topic?
“My capstone project combined my existing strengths in strategy, governance and IT management frameworks with newly acquired technical cybersecurity skills. The course included computer labs which for me involved building my own Ubuntu machine and several virtual machines. I wanted to build up some technical skills especially while I had access to the expertise of my lecturers (Michael Choeng and Ez Yiap). When we were covering Security Information and Event Management (SIEM) systems and their purpose, Michael mentioned Wazuh, an open-source SIEM, and I thought it would be both interesting and challenging to see if I could get it working on my lab computer – which I did. But I also wanted to extend the value of operational security monitoring data in the enterprise, so I made the connection between the SIEM and cybersecurity and risk frameworks (NIST 800:53 and NIST 800:37) and then to KRI reporting to the Board. In essence, add operational to the strategic value stream.”
How did you find the process of completing your final Capstone project during the course? What did it teach you?
“I really enjoyed the capstone, partly because I had the time to explore it thoroughly and think through what I was trying to achieve. As a consequence, I gained skills at each layer – from hands-on technical as I build the Wazuh SIEM, to understanding the outputs in terms of the NIST frameworks and then how the data can be communicated in executive-level key risk indicators (KRIs).”
What did you enjoy the most about the capstone project?
“Overall I enjoyed learning something that was both challenging and new, but two things stand out for me: (1) I really enjoy writing, so being able to research my topic and communicate clearly the outcomes in an engaging report was very satisfying, but also (2) the presentation was also fun, knowing my audience was engaged and also learned something new.”
Now that you’re trained with in-demand skills and working in the industry, what’s your future career plan?
“My new role is in Critical Infrastructure cybersecurity. This is an emerging area of focus and investment in Australia, and globally, so I hope to grow more in this sector to help protect our safety and leading way of life and also to contribute and spread knowledge for other industries and countries.”
In your opinion, how did the program change your perspective on what is required to be a modern cyber professional?
“For me, being a cyber professional means being able to influence safe and secure practices while enabling the organisation to achieve its mission. ‘Enabling’ is key rather than ‘disabling’ which can result depending on the controls. Therefore, I think there is ever more focus on people, culture and communications required in cybersecurity, just as there is in all other areas of modern knowledge work.”
If you are interested in up-skilling or transitioning from a non-IT background to cyber security, schedule a consultation with one of our expert course advisors today.