JAMES JACKSON | ASSOCIATE DIRECTOR, S-RM | LONDON
Tell us about your journey into the Cyber Security industry
My entry into the cyber security industry started with getting hands-on with IT. During university, where I studied English Literature and History, I was lucky enough to get a part time role at a small local office, initially to answer the phones and provide first-line website support.
Being a poor student in a job that pays by the hour, I was constantly trying to make myself as useful as possible, so I would make myself busy solving day-to-day office issues: fixing printers, helping with Excel formulas, and upgrading software.
One day, there was an incident that erased two weeks’ worth of data from our website, and to make this worse, a third party we had contracted to take regular backups admitted that their nightly tasks had been failing for some time. I was able to help the business navigate through this disaster and put in place procedures to ensure something like this couldn’t happen again. I didn’t really know it at the time, but this was my first taste of incident response.
After graduation, having become keenly aware at how many small businesses don’t take advantage of IT opportunities, I decided to start doing independent consulting. During this time, I self-taught myself website development, ethical hacking, and forensics. These all started out as hobbies, but quickly became useful driving real commercial engagements that perpetuated a rapid cycle of upskilling.
My first real Cyber Security job was when I decided to make a proper go of this career and move to the UK, where I joined a company called S-RM, initially to help their Advisory team. However, within a few months I was asked instead to help launch their new Incident Response product – and I’ve been a part of leading that team ever since.
Tell us about your current role
The primary purpose of my role is to help businesses navigate major cyber security incidents in a way that minimises the commercial impact they suffer. When companies get hit by cyberattacks, they can cause cataclysmic shocks that quickly paralyse business operations, lines of communication, and even the safety of team members. It’s my job to ensure that we can mobilise an effective response to these challenges, supporting at both an operational and strategic level, and ultimately get the client into a position where they can resume their business as quickly and safely as possible.
When I am not actively engaged in supporting our clients, my time is largely spent finding ways to improve the effectiveness of our team, such as by leading internal development projects or researching new forensic methods. However, I also still work closely with our Advisory team, delivering training, support, and advice to clients across all industries.
“The lab can sometimes get a bit cluttered, but it's a secure place to store and review sensitive data.”
Entry level positions in Incident Response are quite competitive, and only a few years ago it was not a role that could easily accommodate junior positions - it was a role that you could mature into following a career in IT or another area of security. These days, however, there are many more companies looking to hire and train people with limited industry work experience. In London, you could expect to make around £45,000 in such a position - though these are typically awarded to people who can demonstrate prior interest or exposure to cyber security issues, such as through a university degree, volunteer work, or through hobbies such as programming. You could expect at least the first year of this position to be focused on training and exposure to the industry before more specific training objectives are set.
What does a typical day look like?
I work alongside a fantastic team of incident response consultants, all of whom respond to major incidents practically every day. A large part of my role is to ensure that this team is as well supported as they can be – that means daily check-ins with those leading complex cases, joining client calls to inject some technical expertise, and sometimes travelling to site. Complex or niche incidents, such as nation state compromises or those requiring a bespoke approach, could come in at a moment’s notice, and occasionally I will have to drop everything to head up a major or sensitive project. Any down time I have is generally spent on my software engineering or research initiatives.
These days the majority of incident response workstreams, including business restoration, can be done remotely. Our office has a hybrid working policy, which is especially welcome during particularly intense or complex projects. The hours we spend during a working week can be very long, but keeping the team well rested and in good spirits is incredibly important, and it’s something we all put a great deal of thought towards managing every day.
What would you say are the 3 most important skills you use in your role?
I would narrow this down to one: Problem solving.
Easily the biggest part of my role involves taking responsibility for solving problems, whatever they may be. These could be deeply technical, such as diagnosing an unfamiliar technology issue, or managerial, such as figuring out how to best organise a global response team.
It’s a scary position to be in when everyone is looking to you for an answer, but when you’re a good problem solver it doesn’t matter how out of depth you might feel over any particular issue – research it, talk to people, build, test, and experiment – you’ll eventually come up with an approach, and if it doesn’t work out how you planned, rinse and repeat.
How has your ADHD helped or hindered you in your career path?
Identifying as someone with ADHD has been a recent revelation for me, having previously simply considered myself “a little different” in a very ill-defined way.
Reflecting on it now with added context, the earlier part of my career was substantially enabled by my ADHD tendencies. I naturally thrive under pressure, where I’m able to take charge and make impulsive but time-sensitive decisions, reacting well to failure and quickly inventing another approach if my original plan didn’t work. Hyper-focusing on projects I found interesting also meant I quickly developed a reputation for being able to accomplish anything I put my mind to, albeit, at the expense of a healthy work-life balance.
Later in my career, ADHD tendencies have become more problematic. Reliability tends to outrank excellence, and decisions must be more thoughtful and strategic. Having built a career on having good instincts, I’ve now got to find ways at being less impulsive, be more consultative, and more patient. I’m still working through these challenges, but so far the combination of diet and exercise, flexible working, and enough hobby outlets have proven effective at helping me exert more control over my mind and slow things down.
What is the best thing about working in the cyber security industry?
“Although Cloud computing is a core pillar of our incident response technologies, sometimes there can be no substitute for physical machines; here, I'm testing out a new build.”
The world runs on IT. It’s the reason we can receive and keep track of deliveries so quickly, even across vast distances. It allows us to vote and participate in government at a level previously unthinkable. It keeps us connected to other people. It furthers advancements in science and technology. One of the things I love about the cyber security industry is that any given day can mean you deep-dive into a niche but critical technology that you may never have heard of before, performing a societal role that you were likely taking for granted – and it is literally your job to help ensure that this service is as resilient as possible. It is a big responsibility, but one that encourages you to keep an open mind and navigate complex problems on a day-to-day basis.
What advice would you give to others thinking about pursuing a career in cyber security?
Saying “cyber” is a lot like saying “maths” or “literature”. Nobody expects you to understand everything about these vast and complex domains, but it is important to have a set of foundational skills that you can apply to any situation, regardless of whether you’ve received training or come across this issue before. A lot of people struggle with this industry because they feel out of their depth coming across new systems, technologies, and implementations that they have never seen before; on the other hand,
the most effective people in this industry understand that technology all works in the same way, and they can apply a set of universal principles to any situation.
The way you grow this skill, in my experience, is not by accruing certifications and attending training – it’s by building, experimenting, and troubleshooting. Not sure how a firewall works? Build one in your home network. You’ll quickly understand the issues and limitations IT teams face every day, and why it’s so challenging to keep networks secure. Empathy is a vastly underestimated skill when it comes to supporting clients through a cyberattack.
The best advice I can offer is make cyber your hobby and run your own IT projects because you enjoy it. This may not be for everyone, but it offers the shortest and most practical route to excelling in your career. And remember, it’s more important to understand how the IT works before you think about securing it.