As part of Scottish Apprenticeship Week, Digit finds out how Forrit is creating cybersecurity experts to deal with growing threats.
In a digital world, there are two issues growing in urgency – cybersecurity and digital skills. Cyberattacks have been rising across 2020, with some reports calling it the busiest year for UK firms on record. On top of this, high profile attacks like SolarWinds and Blackbaud grabbed headlines, raising the profile of cybercrime.
As such, well-trained and talented cybersecurity personnel are what stands between a company and an attack, which can bring consequences ranging from the embarrassing to the ruinous.
However, numerous businesses have expressed concern about a lack digital skills in the workforce. Without access to talented and knowledgeable cybersecurity experts, many companies are vulnerable to cybercriminals, many of whom are becoming more sophisticated and utilising advanced technology.
As such, companies need to be proactive and invest in creating the next generation of cybersecurity experts, to protect against tomorrow’s threats as much as today’s.
One company that is doing that is Forrit, a company that offers a web content management platform to customers. It has made investing in apprenticeships a key part of its employment strategy.
Amongst its apprentices is Mark Mackay, a Security Engineer. Digit spoke with him about his career path and the role the apprenticeship played in it.
SKILLING UP
Prior to starting as an apprentice, Mackay was in the RAF Regiment.
“I came out of the RAF with good leadership, communication, and people skills, but no real industry or technical qualifications. I was always interested in technology – I used to work with a lot of technology in the RAF on deployments outside the UK.”
However, with no programming experience, Mackay found it difficult to qualify and get a job as a developer. “I decided the best thing would be to start at the beginning with an apprenticeship, which is the best thing because it starts with the very foundational knowledge.”
Leaving the RAF at the end of 2016, he began a modern apprenticeship in web development at the start of 2017. Then, in September 2017, he started a graduate apprenticeship in cybersecurity at Napier University.
With one day a week dedicated to studying at university in first and second year, Mackay worked four days at Forrit. In third and fourth year, classes dropped down to once every four weeks, though Forrit still provides time off once a week for independent study.
“The first two years were mainly the basics,” Mackay said. “Basic computer science and software development. Third and fourth year got into the cybersecurity subjects, so cryptography, network security, and digital forensics.”
Without the apprenticeship, developing the necessary skills would have proven difficult. “I would have had to pay for a course, which would have been a cost, and it would have meant spending four months or so without being paid.
“And then I would have had to apply and hopefully get employed after getting that qualification but even that seems difficult these days.”
Set to graduate in September, Mark will move up to working five days a week at Forrit.
ON GUARD
As a Security Engineer, it is Mackay’s job to monitor and report on Forrit’s systems.
“I handle all the data loss prevention systems to stop data leakages and look out for phishing campaigns,” he said. “I make sure all our anti-malware and endpoints are up to date and function correctly.
“And then I also do a lot of the system admin work, so account management, privilege management, password management. I do Azure security as well, working with Azure security centre and monitoring Azure resources.”
As Mackay’s skills evolved, so too did Forrit entrust him with greater responsibilities.
“I started of doing basic sysadmin tasks, creating new users, helping people change passwords if they’d been locked out, creating and managing privileges.
“From there, it evolved into taking onboard data protection, data leakage prevention, data classification for online data. And then, eventually, up to doing code analysis, static and dynamic code analysis for secure software development.”
As cyberattacks have evolved, the line between the digital and the conventional has blurred – many conventional scams use digital channels for research or contacting people, while many cyberattacks have a social engineering angle.
However, the technical skills Mackay has learnt are invaluable in keeping Forrit, its data, and its customers protected.
“There’re many domains to it,” he said. “It can be more about managing policy, directives and legal, especially around data protection, which can be a more of a non-technical management role.
“And then there is a technical element, where monitoring resources, monitoring networks, using Security Information and Event Management (SEIM). And then there’s penetration tests where we run scans against our websites looking for vulnerabilities.
“Secure development is a big part of it – I work with developers to make sure they are coding and developing securely. That way there is security by design in our products, ensuring that code scans and vulnerabilities are found early in development.”
Having started his apprenticeship at a later age than most due to his time in the RAF, Mackay found the experience and skill gained through the course invaluable. For those in a similar position, looking to gain new skills to make a career change, he advised that keeping an open mind is essential.
“Don’t expect to be doing hacking or penetration tests straight away,” he said. “There’s some foundational knowledge you need to build up and that takes a year or so. And be flexible, because everything’s changing all the time, the technology, the types of attack, and the ways we defend against attacks.”
This article was originally published by Michael Behr on Digit during Scottish Apprenticeship Week 2021.
