My Cyber Pathway: Security Analyst

As part of our new series of articles titled “My Cyber Pathway,” we’ll explore different journeys into the field of cybersecurity, shedding light on the steps, experiences, and expertise that have propelled our network into their critical roles. Our fifth article focuses on Security Analysts. We interviewed Paul S, a Security Analyst for an American multinational corporation and technology company. Learn more about his pathway from working in a ski shop in New Zealand with no prior experience or background knowledge to a Security Analyst for a well-known company.


What initially sparked your interest in cybersecurity and made you decide to pursue it as a career?

I was working at a ski shop in New Zealand and received an email from a customer who explained a vulnerability in our booking system that allowed him to change his URL to be able to see other customers’ bookings. At the time I wouldn’t have considered myself a technical person and had never heard of this before, but thought it was really cool that people tested different problems and pointed them out to companies to help protect them. I moved back home at the start of COVID and decided to pivot away from the outdoor industry and when I was considering what I could do next, I thought about that email and how interesting it all seemed, so I began researching if people did that kind of thing for a living and discovered cyber security as a career option.

Could you provide an overview of your current role?

My main role in my job is to assess if customer subscriptions in the Azure cloud have been compromised. After the investigation, I will take mitigating actions to contain the cost to the customer and alert them of the compromise. Once they have taken steps to secure their accounts, I can remove the blocks to allow them back into their subscriptions.  I also have the responsibility of monitoring internal first-party tickets and reviewing cases for potential compromise.

How long have you been in the industry, specifically as an analyst?

I have been at my current company as an Analyst now for 10 months. Before joining, I had started a graduate apprentice scheme where I assisted in the building of our SOC and also handled the internal security alerts. While seeing how the SOC would operate and the requirements it had to be set up, I decided that I wanted to follow the route of an analyst to gain a better understanding at the ground level of the work and expectations.

What steps did you take to transition into the field of cyber security from your previous background?

The first idea I had was to join the industry was to join the RAF as a Cyberspace Coms Specialist. After being told I didn’t have the grades in Maths (15 years prior) to enter and to go study maths for a year, I decided it a better option to go and study Cyber Security at College. Before I applied, I looked at anything I could use to my advantage as I had no prior experience or background knowledge. There was an Open University course in the Introduction to Cyber Security.

Were there any specific certifications or training programs that you found particularly valuable for developing your skills?

The fantastic thing about our field is that there are endless free/cheap resources for anyone who wants to get started. I spent a fair amount of time watching YouTube videos to get a basic idea of what the industry had to offer. As I was learning more, I could increase the complexity of the videos to help me better understand the topic at hand. Before I applied for college, I looked at anything I could use to my advantage as I had no prior experience or background knowledge. There was an Open University course in the Introduction to Cyber Security. Then there are the classics of Try Hack Me and Hack the Box which have been fun ways of applying what you have learnt to situations. They both have a growing amount of blue team challenges now as opposed to just red Team.

What are some of the key skills you believe are essential for a successful career within cyber security?

I feel that the ability to step back from what you are seeing/reading is really important in the industry. It can be very easy to jump on something and get tunnel vision and decide that what you have there is the problem and it’s the only reason. By stepping back, you can assess the wider issue and be able to make a more measured approach. When I first started in my role process that runs on a PC looked like a threat and I could be quick to decide it was malicious which was not the case.

In your opinion, what are some of the most pressing cyber threats that organisations are facing today?

In my role, I see a large amount of compromise occur through password spray attacks. A large number of the accounts that are compromised don’t have any forms of MFA enabled. We see this simple step to secure accounts has a large success rate of denying entry to the attackers. Organisations are beginning to enforce this more often now, requiring MFA to log into a large number of services including the Azure portal. It is a much-needed update and will be interesting to see the effect it has in general.

What advice would you give to someone who is considering a career path as an analyst?

It is a fantastic place for new starters in the industry. The ability to see large areas of networks/devices and general business structures and learn where issues can occur is a fantastic way to larger areas of IT and it can be applied to many different roles going forward. Don’t disregard your previous experience in life or other jobs. There is a large amount of skill that can be transferable over to cyber. My background was in outdoor education and customer service. From these roles I had a great deal of experience in dealing with people, understanding safety risks, working as part of a team, observational skills and patience. All of these I believe have made me a good candidate when I was applying for job roles as I had skills that can’t be easily taught.


InfoSec People is a boutique cyber security and IT recruitment consultancy, built by genuine experts. We were founded with one goal in mind: to inspire people to find the careers that inspire them. With the success of companies fundamentally driven by the quality of their people, acquiring and retaining talent has never been more important. We believe that recruitment, executed effectively, elevates and enables your business to prosper.

We also understand that cyber and information security recruitment can genuinely change people’s lives, that’s why we take the duty of care to those we represent very seriously. All our actions are underpinned by our core values:

  • Always do the right thing
  • Be the best we can be
  • Add value

We work with businesses in the cyber/tech arena, from start-ups and scale-ups to FTSE100 and central Government, many of whom are always looking for great people.

Call us directly on 01242 507100 to discuss opportunities or email info@infosecpeople.co.uk.

www.infosecpeople.co.uk