Deloitte Ireland’s Mark Drinan discusses his role as a cybersecurity consultant and how an internship helped him get to where he is now.
Mark Drinan is a cybersecurity consultant at Deloitte Ireland. While studying for an undergraduate degree in business information systems at the University of Galway, Drinan completed an internship with the technology assurance team at Deloitte, which is one of six teams in the risk advisory department.
As part of the internship, Drinan and the other interns received talks from members of the various risk advisory teams and got insights into what their day-to-day looks like. One of these teams was the cybersecurity team, which quickly piqued his interest.
“Before this, I had never heard of cybersecurity, but once I saw the kind of work that they perform, I knew this was something I would be super interested in.”
‘One of the biggest challenges with cybersecurity, which I think everyone in the industry can relate to, is the massive learning curve when you first start off’
What brought you to your current job?
As part of my undergraduate, we spent eight months of the third year on a work placement. While on my summer internship, I asked whether the Deloitte cyber team would accept me for work placement and was delighted that they did. As part of this work placement, I got to work on numerous different projects across all areas of cybersecurity and gained valuable experience as a result.
After the first month or two, I realised that cybersecurity was what I wanted to work in after college, so I completed two certifications to improve my general understanding and to make me a more attractive potential employee from Deloitte’s perspective. Towards the end of my work placement, I received an offer to rejoin the cyber team at Deloitte as a graduate.
What were the biggest surprises or challenges you encountered on your career path in cybersecurity and how did you deal with them?
One of the biggest challenges with cybersecurity, which I think everyone in the industry can relate to, is the massive learning curve when you first start off. There are so many areas within cybersecurity including incident response, penetration testing, forensics, governance, regulatory and compliance, and auditing, that it can be easy to get overwhelmed.
Another challenge I’ve found is keeping up with the speed at which this industry moves. There is a constant need to stay up to date with the latest regulations, technologies, tools, techniques etc which are regularly being updated. I really like this aspect of cyber, personally, as it ensures I am always learning but initially, it can be too fast paced.
My advice is to get exposure to as many areas of cyber as possible with the goal of getting a holistic view of the work each of them performs and what each of them can offer. Once you have a good understanding of the various areas, I would advise choosing the one that interests you the most and learning as much as possible about that area with the goal of specialisation. This approach can help prevent getting overwhelmed by trying to become an expert in all areas of cyber, which is an impossible task.
Was there any one person who was particularly influential as your career developed?
There are too many people to mention specifically who greatly influenced my career development. The team at Deloitte has changed over the last number of years and each person I have met supported my understanding of cyber in a different way. I continue to learn so much every day from the Deloitte cyber team and the clients that I meet through my work.
What do you enjoy most about your job?
I mainly work in penetration testing, which involves testing clients’ infrastructure for weaknesses. This could be a client’s website, Wi-Fi networks, internal networks etc. I really like the technical aspect of this role, and I regularly use the same tools and techniques used by major hacking groups. I enjoy the constant learning associated with what I do as I feel I am consistently improving my personal and professional values.
What aspects of your personality do you feel make you suited to cybersecurity?
A lot of working in cybersecurity is problem-solving. Every day I am solving problems, whether it is a specific tool not working, a client’s antivirus preventing me from executing commands, or a particular piece of work that needs to be completed in a short timeframe. I enjoy consistently solving problems and I feel this is a necessary skill to have to work in cybersecurity.
Another vital skill is time management. When conducting an engagement with a client, you have a specific timeframe. Clients often require our reports by a precise deadline so that their internal teams can action our findings, which requires good time-management skills, especially when you have several projects ongoing at the same time.
What can people expect from career progression in the cybersecurity industry?
The cybersecurity industry offers a variety of career paths with opportunities for growth and career progression. With the evolving threat landscape and increasing demand for cybersecurity expertise, if you are committed to ongoing learning and development, you will do well in the industry.
Deloitte has been brilliant in supporting my upskilling and career progression. I am currently finishing a master’s degree in cybersecurity, which Deloitte sponsored at my request. In addition to this, they have sponsored several renowned cybersecurity certifications that gave me many new skills. I have also attended cybersecurity conferences on behalf of Deloitte, which I found really useful for meeting people, getting their views on various aspects of cyber and discussing different approaches.
What advice would you give to those considering a career in cybersecurity, or just starting out in one?
If you want to get into cybersecurity and you are still in college, I highly recommend doing an internship. They are a brilliant way to get exposure to what day-to-day work in cybersecurity looks like and will provide you with an idea as to whether this is something you are interested in.
If you are not in college and are looking to transition into cybersecurity, I would focus on doing certifications which can provide you with useful skills and technical knowledge. Studying for a general cyber certification can also give you a good idea as to whether this industry and its concepts are something you are truly interested in.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.