The Monday Interview - "So, what's it really like working as an... information security expert (civil service)?"

top secret

Welcome to this week’s ‘The Monday Interview’.

After a few weeks of looking at some very popular and well-known career choices, we are veering towards the less obvious today, as we hear from Claire who currently works as Head of Information Security for a government department. This case study is really interesting to me (and hopefully you too) for a couple of very valid reasons:

  1. It is a great example of someone who’s career has evolved very organically (as is so often the case) rather than being rigidly planned from an early age, and;

  2. It highlights the real scope of jobs and specialisms which are available to those interested in pursuing a career within the Civil Service.

Claire is an English graduate, who experimented with a few roles post-graduation, before successfully applying for a graduate trainee scheme within the civil service. Her interested in security issues really started when she found herself on a placement within the IT Security department. The rest, as they say, is history.

In case you are still thinking “what on earth does a Head of Information Security actually do?” Claire gives us lots of useful detail in her interview of what her day to day role involves and the skills you need to do the job successfully. If you’re a great planner, a natural problem-solver and a pragmatic thinker then this really could be a good career option for you.

Thank you so much, Claire, for your great contribution and for opening our eyes to the diversity of jobs that exist out there in the world of work.


So, briefly, what is your job?

“Head of Information Security. The job covers a range of areas in the realms of information and data security including: application of specific legislation (including the Data Protection Act and the Computer Misuse Act), ensuring information is kept and disposed of securely (locked cupboards and shredding etc), IT and network security (which is mainly technical), physical security (building passes, CCTV etc), personnel security (ensuring people have the right clearance), anti-terrorism controls, business continuity and disaster recovery, and anti-fraud. It includes developing training and writing policy.”

How did you get into it?

“I I studied English at University and then, after a series of other roles (including HR) I joined a graduate trainee scheme at a Government department. One of my placements was in the IT Security area, and my career grew from there.”

Describe a typical day.

“Some days we can have a security breach that will take most of the day (if not longer) to deal with; thankfully they are rare. My first task is to check my inbox as I often have security alerts (e.g. virus alerts) etc emailed to me. A large part of my role is giving advice to colleagues, for example if they want to send information out or connect part of the network to another organisation they will come to me to ask the best (most secure) way to do it. I go to lots of meetings as people like to involve me to make sure that their project or piece of work is following the data security rules. There’s usually at least one security awareness raising item in my day, and a discussion of how a policy applies. I update risk and issue registers frequently, and provide assurance to customer around security practice.”

What do you enjoy most about your job?

“The variety - I never know quite what the day will bring. There’s also a lot to learn; threats change constantly so I need to make sure my knowledge is current. I get a good idea of the business as I have to be involved in all parts, and so I get to network with a lot of people.”

And the least?

“Writing policies can be very boring. I also don’t like dealing with breaches - partly because the process is very time-consuming as thorough investigations need to be carried out and partly because it could mean that someone’s data has been compromised - which is not a nice thing to deal with.”

What are the common misconceptions that people have about the work you do?

“It’s boring, and only men can do it. The role can be very technical, and it’s a male-dominated industry; I’m one of a small number of women who work in the area and certainly one of the few who have progressed through to a higher level. Thankfully this is starting to change now.”

What are the main skills you need to work in Information Security?

“Ability to be pragmatic and apply security to the business without stifling business aims. Good communication and planning skills. The ability to stay calm under pressure. A thirst for learning and knowledge. Good problem-solving skills. People skills also help! Project management and a knowledge of risk management are also very important.

There are a number of professional qualifications that can be studied for, which will help earning potential, and depend on the specialism you choose. Basic project management (PRINCE foundation or similar), a risk management qualification and at least one course on the legislation and information security aspects should be the minimum you aim for. You can take masters degrees and PhDs, and if you’re lucky your organisation will sponsor you for them.”

Tell us a little about the benefits that come with the job.

“Salary varies depending which part of the industry you work in - accredited consultants can earn £800 a day.”

What advice would you give someone wanting to break into this career?

“Be prepared to learn and take professional exams. Pick a specialism to start with (risk, business continuity, IT Security etc) and focus on that first, and then as you become more proficient look at the other areas.”

Where do you see yourself in 10 years’ time?

“Working as a consultant, or at executive board level within a Government agency.”

AND JUST FOR FUN…

First in the office or last to leave?

“Both.”

Tea or coffee?

“Coffee.”

Staff canteen or packed lunch?

“Packed lunch, eaten at desk.”

The lift or the stairs?

“Stair. Except when I worked on the 16th floor.”

Out after work or straight home to bed?

“Bit of both - I prefer the former.”