01 Feb 2019
In this interview Sam tells us about his career, how he’s reached his current role and shares his thoughts about security career development.
Tell us about your current role?
My role is varied because I’m responsible for the Protecting BT cyber and physical security operations. I manage second and third line cyber operations teams who constantly monitor tools, systems and data to spot security risks. And I’m responsible for the management of all Security incidents impacting BT.
I also manage the physical security side of things. That means looking after access controls for all our buildings, sites and the BT Security Control Centre. Not only do we educate our people about good security behaviour, we also support customer bids by providing our customers with security training.
Did you set out to work in security and have a career plan?
Oh, I didn’t. Before joining BT, I managed restaurants in our buildings for 10 years before my kitchen closed down. I’d been studying IT and computing, part time with the Open University, and while chatting to some BT managers, I was offered a temporary 3-month contract.
I started as a team member in our fraud bureau service where I monitored our internal telephones. After a year, I was promoted and managed some wider activities, including monitoring the Global service network and dealing with some large scale fraud cases. This really broadened my horizons. After 6 years I moved into the security control centre, where I was tasked with turning round a complex unit which was failing. Here, I put into practice good operational basics of focussing on process, structure and supporting my team to drive change into an operation.
I was then promoted to my current role managing the physical and cyber security operations and providing a security incident response on a global level.
I’ve never had a well thought-out career plan, and I don’t ever think I will. My trigger to move on is when I become too settled in what I’m doing. That’s something that I have done my whole life.
How did you find the transition from being a chef to a security professional?
Obviously, my work changed, but the one big difference was managing people. In the kitchen it was difficult to motivate my people. But in security that’s totally different as people have a genuine passion for our business and my role is to harness that passion to Protect BT. Now there’s so much to do, and it’s much harder to switch off at the end of the day. Sometimes the work doesn’t stop in the weekends and evenings. But the Connected Leaders course showed me that managing people is about connecting and communicating well with them.
Have you been supported by a mentor throughout your career development?
I haven’t had a formal mentor but I often lean on my boss and my peers for support and advice. When I took on my first managerial role, I was like a rabbit in the headlights! Thankfully my manager supported me.
Now, I mentor other people because it’s my chance to give something back. Often we’ll discuss career paths, and I’ll give pointers about organising a training plan, enhancing their CV and other advice.
What professional networking do you recommend for people to link in to for their career path?
I have recently joined ISACA which is part of the Certified Information Security Manager course and discovered I can network with like-minded people. I use LinkedIn and attend conferences. Last year I went to Cyber UK in Manchester which was great because there were so many people to meet across the industry.
I’ve also built up an internal and external network of people, and made sure I’ve built lasting relationships with my peers throughout my career.
Security is ever changing so how do you keep up to date with all the latest developments and news on Cyber?
I read daily headlines and reports from the threat intelligence and investigations team, and read several blogs written by security professionals including Bruce Schneier and Graham Cluley.
If you could give some advice to people starting out in their career or looking to develop their career in security, what would you recommend?
- Understand the security industry and demonstrate it. Understand key concepts and continually refresh your knowledge through using the learning resources available on the Security Profession.
- Don’t be afraid to ask questions. When I joined our company I didn’t know anything about security. I didn’t know anything about physical security until I joined the physical security team and I didn’t know anything about cyber until I joined a team dealing with Cyber threats. Learn as you go and always embrace a new challenge.
- Build your internal network. We’re lucky to have many talented people around us who are experienced and knowledgeable - so use that network.
- Get comfortable with being uncomfortable. I’ve driven my career by not being too satisfied with where I am. On reflection, that’s has made a difference to my progression and development.