For the second week of my Entrepreneurial blog I have chosen to interview a local IT businessman Ciaran McNally of Securit Consulting. Ciaran, a young man from North County Dublin, established his own consulting company, specialising in IT security and hacking computers (legally) for a living. Here’s a fascinating insight into the life of a computer hacker and IT security specialist……
Business name: Securit Consulting
Business enquiries? Security consulting and Ethical hacking
What does your typical work day look like?
I wake up around 8am and start working, mostly answering emails as I wake up. I then start writing/finishing reports or start hacking websites. Generally I have contracts organised a few weeks in advance so I just get on them.
I always leave 2-3 days a month to market my services or look for new clients, this could include adverts on Facebook or emailing companies. I generally work until 1 or 2pm then I might take a walk, make lunch or play some computer games. I normally take a 2 hour break, then hack on until the girlfriend comes home from work around 6 or 7. After dinner in the evenings I sometimes either continue working or do some bug bounties (the best way of marketing in security).
Other days I’m required to go on site and work in another company’s office, this generally is working during normal business hours. This work could also be in a different country etc. There is a lot of variety and that keeps me interested.
1. How many hours a week do you work on average?
50 – 60 hours
2. What attracted you to this line of work?
The security field has interesting and challenging work and is also growing increasingly more important in modern times as our society shifts towards depending on internet based services. A significant amount of my time is spent trying to overcome security protocols or uncover mistakes developers made that I can use to my advantage to gain access to information I’m not meant to be able to see.
3. Where did you train/learn your skills?
I spent many years in my youth hacking computer games by directly modifying Playstation memory with a toolkit called the Gameshark pro, this introduced me to low-level debugging and reverse engineering in pursuit of developing game cheats. I then did an honours BSC in Computer applications in DCU and tried to focus the majority of my college learning on the area of computer security. Luckily there was a lot of freedom around the 3rd and 4th year projects that I could choose to work on, so I decided to do projects that could potentially help my CV for getting a job in security.
4. What parts of your job do you find most satisfying?
Successfully breaking into a company’s internal infrastructure from the internet (or anywhere in the world) with permission. It makes me feel like a secret agent. I also really enjoy that I can take time off whenever I want or work from home. The most satisfying thing is definitely the work as it is always changing and there is always new research to learn from, I also get good exposure to a large variety of different companies and how they work on both a technical and management level.
5. What are the greatest opportunities that exist for the growth of your business?
As we depend more on internet based applications, the hacks and attacks that happen are starting to impact more people and are making national news headlines. This massively will help companies and people understand that they need to care about security and hopefully ensures the industry continues growing and people value their private information.
6. Have technological advancements made business easier or more difficult for you?
New technology often is the easiest target with regards to identifying vulnerabilities as developers often spend more time creating a new innovative proof of concept instead of building out a robust and secure system from the beginning. Also as the “internet of things” trend grows (putting network technology in things like fridges) it’s exciting to work in security as all of these physical devices can now be targeted via the internet. Yeah definitely easier than making things more difficult.
7. How important is social media in your line of work?
I get roughly 50% of my contracts via LinkedIn/Twitter/Facebook. The more important aspect of social media for me is keeping on top of the latest developments in the tech world, twitter allows me to follow people who are doing incredible things and keep on top of the latest security issues or technical advancements. I can also reach out to these people and ask questions or likewise share information with colleagues.
8. Who are your customers/clients?
In my field of work, often security consultants are obliged to sign NDA’s (non-disclosure agreements) that include not disclosing that you did work for them. So I can’t name them specifically but I can say that they are often well known companies in the tech industry, government/public sector or small to medium size enterprises.
9. How competitive is your market?
It is definitely a competitive field with regards to security products and competition between consulting companies gaining contracts, but at the same time there is too much work and not enough people to do it, so I’ve never had difficulty getting contracts. A significant percentage of my work is consulting or subcontracting on behalf of larger security companies.
10. What resources do you find particularly useful in relation to your line of work?
The internet and libraries.
11. Have you ever met with anyone from your local enterprise office?
12. Is their much support available to you (grants, funding…etc)?
I haven’t looked into it or needed it so I’m not sure what’s out there.
13. What is your end goal?
To have a reputation as one of the better consultants in the country or even in the greater industry or to setup a consulting company that has the same. My ultimate end goal is to make the internet a safer place for everyone who depends on it.
14. How will you get there?
By identifying security issues in my clients’ applications and helping them to protect their own and their user’s data, also helping companies to protect their assets and grow. I also actively try and educate the population or friends about mass surveillance and the dangers of letting our government or other governments snoop on all of our communications. It is something people need to actively fight if they want to live in a fair society and democracy.
15. What piece of advice would you give somebody who wanted to enter your line of work?
Start reading everything you can get your hands on related to internet technology and common security issues, learn to code, also take part in public bug bounties or responsible disclosure platforms like hackerone or bugcrowd. They give you an opportunity to demonstrate your skills against some of the largest companies in the world and gain a reputation or demonstrable experience/expertise while also earning money.
16. Who is your hero (professional)?
Richard – A friend and colleague I worked with in Rits information security in my first year after college. He is an expert in security and pointed me in the right direction in my pursuit of knowledge many times. He also taught me the ropes/basics of being a good consultant that has been so useful when going out on my own.
17. How do you measure success (lifestyle, money, recognition …..etc)?
If I can enjoy a few pints on the weekend or take a few holidays (like weekends in Amsterdam etc.) each year without feeling guilty or having to stretch my wallet too far as I’m saving for a house, I consider my career a success. If I can also keep my partner of 5 years happy, it means a lot to me.
18. Where will you be in ten years?
Likely still breaking into computers as a job but also hopefully paying people that work for me to do the same.