From a non-IT background to Cyber Security Technical Risk Consultant at KPMG – How Rusha transformed her career
This year, Rusha Sharma transformed her non-IT career and landed a technical cyber security role at KPMG while completing our part-time Cyber Security Program with the University of Technology Sydney (UTS).
Coming in from a diverse non-technical background with a range of experience and knowledge in education management, compliance, teaching, customer service, project management and communications – Rusha was determined to make a career change to cyber security during COVID-19 and transform her professional trajectory. During the course, she learned from cyber experts in real-time and worked closely with our training and job outcomes team to become job-ready, so she could start meeting employer needs asap.
Learn more about Rusha’s career journey so far and how she landed a role with KPMG before graduating in October 2021:
What sort of career are you coming from and what motivated you to pursue a career in Cyber Security?
“Previously, I was thinking of enrolling myself in a PhD program. I realised I did not want to do a PhD in just communications because I thought the research would not be current and relevant to today’s time. I thought of merging it with cyber and digitalisation instead. However, as Covid happened, the education industry was impacted by the borders being closed. The practical thing to do was to transition to another industry. I researched and found there is a demand for Cyber Security. I then enrolled myself in the part time cyber program with IOD and UTS, and this course has given me some hands-on experience.”
Can you describe your career experience before making the change to cyber security?
“I completed my graduation in Literature and then came to Australia to do my master’s in communication and advertising. I started working in the retail and self-storage industry, where for professional development I had to acquire multiple vocational qualifications such as Advanced Diploma of Leadership and Management, Diploma of Business, Project Management and Training Assessment. This led to an entry into the vocational education sector where I have been working both as a trainer and an industry consultant. As a natural career progression, I started teaching in higher education – teaching units such as Business Communications and Innovation and Creativity.
I have more than five years’ experience in education management, compliance, and teaching.
Prior to this, I gained 6 years of combined experience in customer service, project management and marketing within the self-storage and retail sector.”
Having experience in the education space, how did you transfer and apply those experiences to prepare you to study cyber security?
“As I worked as an educational consultant, I had years of experience in educational risk and compliance management. I utilised my understanding of educational risk and compliance, transferring those skills within cyber risk and compliance. GRC stakeholder management and communications are extremely important. As a lecturer of Business Communication and as a consultant, I had to deal with a variety of stakeholders which sometimes involved narrating technical elements in business terms. I utilised this to be a transferable skill with a cyber GRC role.”
Why did you choose to join the Part-Time Program in particular? What appealed to you?
“I was juggling multiple roles within the education sector. Due to Covid, I was not able to stop working and study full-time as there was no job security within my industry. Therefore, a part-time position with evening classes seemed quite flexible and adaptable to my previous schedule.”
How did you manage to land a new role before graduating from the program?
“I started to apply for work after completing seventy per cent of the course. I realised that having a successful career transition from a non-technical background would take some time. I wanted to understand how the cyber job market functioned. I got some initial guidance from the IOD Job outcomes team and followed any posts made by them, updated my resume and cover letter accordingly, and followed all the application tips and suggestions provided by my mentors – Michael and Ez.
I also directly connected with recruiters on Linkedin. After continuously applying for almost a month, I started getting interview calls and out of them a GRC role within one of the big four worked out for me. My transferable skills in terms of communications and risk management combined with an overall understanding of cyber security were the keys to securing the role.”
How do you prepare for a cyber security interview? What are the most important things to remember, bring along and discuss with a potential employer?
“I prepared for both technical and non-technical questions. A guideline was provided by our mentor in class. Current industry knowledge was again very important. I researched about the organisation and the panellists so that I had a clear understanding of what I could contribute to the organisation and what appealed to me within the organisation. In a GRC role, it is important to prepare for strategic questions and ensure that your answers are supported with examples and real-life scenarios. The ongoing classroom discussion helps you in expanding your critical thinking capabilities which further comes in handy during interviews.”
You’re now working at KPMG as a Senior Consultant within the GRC space – Congratulations! What guidance would you give someone applying for jobs after upskilling?
“In terms of applying for jobs, I would say that it is important to keep applying. It always helps to get in touch with the recruiter or talent team directly. Do not undervalue yourself and take advantage of your transferable skills. Be transparent about your capabilities.”
Would you recommend upskilling to fellow professionals? Who would be suited to become trained in cyber in your opinion?
“I would recommend upskilling to fellow professionals as I believe anyone can use this knowledge in their respective fields. Becoming cyber aware is a necessity in today’s age. I think anyone can be trained in Cyber and utilise the training in their own way. One does not need to be from a technical background or have a specific skill set to do this but interest and eagerness to learn would help.”
Tell us about your capstone project! How did you come up with your topic?
“My capstone project was based on technical risk assessment within an existing registered training organisation. My trainer suggested I do this as I will be working as a technical risk consultant soon and he thought that this would help me showcase my skills within GRC (governance, risk management, and compliance).”
How did you find the process of completing your final Capstone project during the course? What did it teach you?
“I found that the capstone project was a huge confidence-building exercise. I conducted an actual technical risk assessment, where I could apply all the skills I learned in class. I came up with actual outcomes and recommendations which was considered by the organisation for whom I did the analysis. It contributed towards practical work experience and the project is something that I can showcase.”
What are some tips you would give someone preparing to present their Capstone project during the program?
“It is important to choose a topic that you are interested in and that will help you showcase your skills. If the project is practical enough, it could be considered as work experience. It is important to start early and give yourself enough time to prepare for the presentation as well.”
What is one thing you know now that you wish you knew before changing careers to cyber?
“I thought that you could only pursue cyber if you are from a technical background. If I knew that is not the case, then I would have pursued Cyber a lot earlier in my career.”
Connect with Rusha on LinkedIn here.
If you are interested in up-skilling or transitioning from a non-IT background to cyber security, schedule a consultation with a Data Industry Career Consultant today.