Call us on 03450 21 21 51

So, you want to work in cyber security?
The SRM Blog

So, you want to work in cyber security?

Julia Wailes-Fairbairn

Written by Julia Wailes-Fairbairn

21st August 2019

Share this article

By Mark Nordstrom, Head of Sales & Marketing


There are no stereotypes in cyber security. From the business development team to digital forensics investigators and penetration testers; from PCI compliance to managed services, every role and every consultancy is different. Security Risk Management (SRM) is a specialist information security consultancy, employing a growing team of experts that deliver projects for businesses of all shapes and sizes, across the full scope of today’s cyber threat landscape. In this article we provide some insight into how our organisation is made up of different, specific individuals who together make up the whole client service offering.

So,what is an information security consultant, what do they do and why might you want to be one? Well, it really depends on the area that they have chosen to specialise in, but in general, our team is made up of consultants who are either qualified security assessors (QSAs), forensic analysts, ISO27001 lead implementers, penetration testers or general policy consultants. Many of our consultants are women who have traditionally found it harder to find employment opportunities within this sector.

What exactly do we do? Well, every project is unique and is scoped, undertaken and completed in a bespoke manner. But there is general flow of work which goes something like this. Within our business, the first point of contact for a client will be with our business development team. These people are not consultants but are trained and trusted advisors that will ask questions to ensure that any future engagement with SRM is properly scoped, and then proposed with clear deliverables and timelines. This shows that working in cyber is not restricted to being a consultant!

The project is then assigned to the delivery consultant with the expertise and sector experience that we believe matches the client’s requirement best. Whether it is achieving PCI DSS Compliance, executing a Red Team exercise, performing a policy gap analysis, or filling in for an absent CISO, the team juggles multiple projects at once and top organisational skills are a must. There is a mix of on-site and remote work, along with report writing and debrief calls to each assignment.

So, why would someone want to become a security consultant? Some enjoy the challenge of thinking outside the box to find flaws in the deepest layers of code. Others appreciate the opportunity to learn from a myriad of deployments and architectures. There are also those who simply enjoy working in an advisory capacity and helping businesses be the best they can be, in terms of safeguarding their future operations.

The work is also meaningful. In a very small period of time, infosec consultants can identify vulnerabilities and help customers fix their critical issues. Clients listen to us and even a short engagement can lead to significant security improvements. In a year, you could work with 25-50 different customers and build relationships within businesses and brands that you’ve grown up admiring. Plus, ‘I work in cyber security’ sounds impressive… at least we think so!

Watch out for our ‘A day in the life of…’ series that will cover the exact tasks of a penetration tester, a forensic analyst and a general policy consultant.

To find out more visit our website.

Follow us on Linkedin.

Or read our blog:

ISO 27001 – Top 5 challenges to becoming certified

The evolution of cyber crime

Phishing attacks and the perks of purple teaming

Virtual CISO: too good to be true?


Back to top