We are at a point in time where we observe an almost daily stream of Cyber Security incidents impacting entities of all shapes and sizes; from individuals to businesses, organisations and governments, Australia’s Cyber Security industry is being increasingly recognised for the critical role it must play in underpinning a safe and secure digital society.

Cyber Security, in general, is usually described as a growth industry..

Note that ‘Cyber Security‘ is a very broad field. For the remainder of this blog, I have aligned to reflect to my personal experience of making a career change from Telstra Software Engineering (TSE) to DevOps Security within Telstra Cyber Security.

Flexible working at Telstra

As someone physically located in a small town in northern Tasmania, while possessing a strong software engineering background and passion for software quality, transitioning into a Cyber Security role was always going to be a challenge. Being physically located in a major metro location, as well as having previous Cyber Security role experience, can be highly prized by those involved in recruitment in practice. Additionally, the pace of change within the industry can undermine the currency and limit the value of technical certifications and tertiary qualifications. Many people also encounter a somewhat ironic scenario where it can seem like the only qualification required for you to be able to get your first job in Cyber Security, is that you already have a Cyber Security job.

For me personally, Telstra’s All Roles Flex policy (and more recently their revised Parental Leave policy), have made Telstra an appealing place to work, given that I’m not based in a major metro area and didn’t already have a Cyber Security job.

Tactics, techniques and procedures

A core component of the suite of tactics, techniques and procedures that I employed to overcome my barriers to entry and establish a beachhead into Cyber Security, involved absorbing as much relevant knowledge as possible that complemented my software engineering experience.

I spent many evenings absorbing knowledge through lectures and talks accessible via YouTube, given by industry beacons and educational organisations like OWASP and MIT. When I became aware of Telstra’s Security Champions Program (Telstra’s formal education and enablement program that aims to uplift DevOps teams’ security skills, and in particular, code security), I made a request to my manager to enrol and once enrolled, embraced the programme. I worked to engage with each level and make use of our access to the Secure Code Warrior platform to learn about secure coding across multiple languages and frameworks.

Complimenting this activity, I read great blog posts from the likes of Tanya Janca, listened to podcasts and kept across security news from the likes of Bruce Schneier and Clint Gibler. I ensured that security was a visible, active consideration when performing my normal duties and forged communication paths and working relationships with team members from Cyber Security where possible.

And, perhaps most importantly when preparing for my career change into Cyber Security, given my experience and knowledge regarding software engineering, was practicing the deliberate act of wearing my ‘securitythinking hat when considering software engineering problems.

DevOps Security Pathway

Telstra’s DevOps Security team, is charged with enabling Cyber Security to scale the support and services that our DevOps feature teams need to deliver and operate secure software solutions at speed. I have found that the team provides an accessible pathway for experienced Telstra Software Engineering (TSE) team members who might wish to transition into Cyber Security.

For me, the skills and experience that were honed during my time in TSE have aligned well. Some notable successes for this team are the delivery and operation of Telstra’s Security Champions Program, as well as global recognition as ‘Most Effective DevSecOps Team 2019‘ at DevSecCon 2019 in London.

At the AppSecDay 2019

Similarly, the DevOps Security team, due to its broad integrator remit, can provide an accessible entry point for summer vacation students and less technical graduates looking to understand what Cyber Security is all about.

Lateral movement

The DevOps Security team might also be thought of as a beachhead into Cyber Security more broadly. Joining the DevOps Security team has allowed me to be exposed to and work with team members from other areas of the organisation, such as from Security Architecture, Penetration Testing and others. Such exposure provides opportunities for career growth and opens potential lateral movement pathways.

You can learn more about the innovative work our cyber security teams are doing plus look at roles at Telstra here.