For me, everything started just over 4 years ago. A normal day at work. During the standard process of testing I decided to try something else, to experiment a little bit with more sophisticated tests against our web application. As a tester my primary goal was to find as many weaknesses as possible in the system. Testing newly designed functionalities in line with prepared test scenarios was going well. To make this process more profitable for everyone I decided to focus on testing corner cases first. It was more efficient to start testing unpredictable conditions. The results of such tests were even more than satisfying for me e.g. my test cases were able to slow down or even affect the entire application. This was real fun!
In that moment it was logical for me to try to learn more about more “damaging” tests. It was the bull’s-eye – over the next while, a couple of my automated tools found more interesting things. One day I received agreement from my manager to participate in the first security training! Another win for me! This was a very exciting feeling and completely different training for me– driven by my vision of an “unknown” area to discover.
Unfortunately, after finished training I was terrified, because the shared knowledge was so complex and hard to understand. It was like hearing about a totally new world with different laws of physics – almost everything was new and very unknown. After this experience I had doubt in my vision of conquering the world of cyber security. Luckily with time it turned out, I was wrong! Looking back, my assumptions proved to be wrong, because the entire process of expanding my skills would require much more time. Thankfully, I convinced my brain to continue the already started learning process.
After a year of intensive work developing process and improving practical skills I gathered enough confidence in my abilities – implemented and automated new security scanners, increased the amount of discovered vulnerabilities in different products, raised concerns about company infrastructure, highlighted bad practices spotted during my daily work, designed plan of further development of our security infrastructure, etc. Everything was under the guidance of my new career coach. I decided to change career coach to allow me to get momentum – I verified all available projects in Gdansk to find the most experienced person with security.
The above achievements allowed me to get an agreement on the next security training by next year, but the goal here was to learn as much as possible and use it in practice. I used this knowledge to directly improve different areas of security in the project, starting with preparing a security onboarding process for new joiners, then creating dedicated sharing sessions for testers to support them, and ending with sharing experience outside of the project e.g. non-formal BU Envoys or individual consultation with other employees. I continued to extend my portfolio of implemented tools, additional infrastructure checks and the involvement in the testing of crucial systems allowed me to change my role. Yes! I was nominated to the new role, but this time purely related to security area, and of course with more responsibility (“with great power comes great responsibility”, Uncle Ben, Spiderman).
This gave an additional boost to my work. Especially, if you will take under consideration that fact, I was the first person with security engineer title in Gdansk office. It was a great motivation to do even more than before, but on the other hand I also felt that magic pressure on me. Everything went very well and quickly. I joined to Cyber Security Capability Team and I changed again my career coach. Yes, I did it again! This time the goal was to shoot to the stars. I am pleased to say, I found probably the best person from cyber security field in entire company, who agreed to help me with future growth. Apart of that I had the pleasure of participating on presentations on huge events like the Kick Off 2018 in Belfast and Gdansk – a demanding, yet wonderful experience!
Currently, I want to give something back to all the fantastic people in our company who helped me obtain all of those opportunities – I really appreciate that! Also, I want to say “Thank you” to David Gilpin, Mark Rowe, David McGlade and Jan Mrozowicz-Dybowski for supporting me during the long journey into the world of cyber security.
Ok, it’s time to finish this post, because I have much more to learn and do.
Wish me luck!