April 5, 2019
My Work Experience Diary
I recently spent a week working at Photobox Group, completing a work experience placement in Group Security, and I had a fantastic time. As someone who is committed to pursuing a career in Information Security, the opportunity to spend time at a successful business like Photobox Group was one that I absolutely had to take. My aim for the week was to gain real world experience and insight into an industry that I will hopefully work in one day. Here is my diary of my week’s work experience at Photobox:
Monday & Tuesday
I was really looking forward to starting work experience at Photobox Group - a cool, innovative, technology company based in Farringdon, an exciting area in the heart of London. The offices were just what I had hoped for – trendy, located next to a great food market, and full of warm, welcoming people. From the moment I entered the building, everybody was friendly and enthusiastic. Amusingly, a few people also confessed that they expected a student when they’d been told someone was coming to complete a ‘work experience’ placement. However, there wasn’t much time to dwell on the fact that I couldn’t pass as a teenager anymore – my line manager, Head of Risk & Compliance, was in the process of improving Photobox Group’s Security Policy and wanted me to help with its development. It was great to be given some real work so early on during the first week. It was brilliant to be learning new things and to feel I was involved with the team straightaway. On Monday and Tuesday I got to work on the Security Policy. I found it extremely interesting because I learnt what a Security Policy is, what elements must be included in the policy scope (such as password management and social media use) and how having a clearly stated policy can encourage better security measures and compliance within an organisation.
Wednesday & Thursday
Wednesday morning started well – after helping myself to a modest, ok generous, portion of free fruit available for breakfast, I was invited to attend a Security Champions meeting. A fortnightly meeting where Photobox Group employees from around the company (who champion Security within their departments) gather to listen to Security updates which they then pass on to their teams. From my experience, ‘update’ meetings can be a bit boring and can drag on as someone takes you through the ‘top line’ details of their project with a 20 minute powerpoint presentation. However, this meeting was different - each presenter had to stick to a 10 minute slot, and the slides were kept to a minimum. It was an engaging meeting and an excellent way of raising the profile of security within a company. Following this meeting I attended a Group Security induction presentation for new starters, delivered by the Head of Security Engineering & Cloud Security. The presentation was a great example of how companies can educate new joiners who wouldn’t necessarily prioritise security. Providing simple definitions and using real life case studies, the talk was engaging, simple to understand, and encouraged people to take ownership for their own as well as the security of the business.
For the rest of the day and Thursday I had a packed schedule. I attended a security professional event hosted by Photobox Group, to listen to an insightful talk given by the CISO on Chaos Engineering. I took part in a discussion about the company’s upcoming security engagement week, where I was introduced to the phrase ‘change your password as often as you change your pants’ (although I was informed that this isn’t actually the most secure method of managing passwords). I also had the opportunity to pick the brains of members of the Group Security team (including the CISO) who generously gave up their time to speak to me, one-on-one, about their careers in the industry, their roles at the Group, and any advice they had for someone in my career transition position. It was really interesting and useful to hear first-hand how members of the team had found their own career paths and I picked up lots of tips about how I could navigate my own security journey. It was clear that the team members I spoke with were enthusiastic, motivated, and passionate about security. I got the impression that people genuinely enjoyed their roles, cared about their contributions and had a deep sense of purpose for doing what they do. Everyone I spoke with was very encouraging of my planned career move, and it boosted my confidence. It’s not often that you have the opportunity to sit down with the CISO of a company such as Photobox Group (who has also written a book, ‘Gen Z Developers’, which I highly recommend) however, I was lucky enough to do so. I have included three key takeaways from our chat, about breaking into and developing a career in the Information Security industry: * Have a competitive edge: Dinis emphasised how useful it is to have a competitive advantage when developing and succeeding in the industry. Having skills such as hacking, Jira, or coding can ensure you stand out from other candidates, and help provide evidence of the value that you can bring to a role.
Understand that being technical doesn’t only mean being a coder: I’ve always thought of a technical person as someone that is an expert at programming computer code only. However, Dinis explained that being a ‘programmer’ is wider than that. The term can be used for any person who uses a tool, such as Jira (a project management tool), that requires them to ‘take a problem, break it into smaller bits, understand the inter-connections, test it, create a positive loop, connect the dots, and run it’.
Learn successfully: Dinis emphasised that to learn successfully, during any stage of a person’s career, one must a) practice in the right way (e.g the most effective way for that individual) and b) see and understand lots of varied, good examples of the topic / skill that is being practised or learnt. He recommended the book ‘Badass: Making Users Awesome’ by Kathy Sierra for further information on this.
By Friday, I couldn’t believe the week had gone by so quickly. The friendly atmosphere of the offices were easy to adapt to and it felt like I had been there for a lot longer than a week. I spent the day reviewing the Policy work I had done earlier in the week with my line manager, listening to discussions between security professionals at an Open Security Summit, and attending a weekly showcase meeting for the whole company. The showcase was an informal gathering in the heart of the offices where colleagues from different departments and European offices shared details of projects they were working on.
Reflecting on my time at Photobox Group, I can without doubt say that I achieved my aims for the week, and more. In addition to experiencing working life at Photobox Group, gaining valuable insight into security and the different roles within the industry, I also met a great group of people, whom I’d like to thank for being so welcoming and generous with their time. A special thank you to my line manager, Yasmin Martin, who looked after me so well during the week. Finally, thank you to Yasmin Martin and Dinis Cruz for this opportunity.