SIEM Analyst, NHS Digital
Network, network, network. Remember that behind the tech it is made up of people.
WHAT DO YOU DO?
The NHS is a massive machine with lots of components and lots of sensitive data.
If you picture a standard GPs office and how many IT devices (from computers all the way down to the digital signage, right through to IOT medical devices) that would have, you then can multiply that by how many practices there is in the UK (just under 7000) then you're looking at a very small percentage of the estate we're dealing with. That is because not only do we look at GPs, its Hospitals, care facilitates, regulatory bodies and other office based institutions. The NHS is the largest employer in Europe and many have access to more than one IT device.
There are view organisations in the world that are taking care of security to the extent we are.
My job as SIEM analyst is to monitor network traffic to make sure all the activity that is happening is done by the people it should be and to be ready if a malicious actor tries to infiltrate our systems.
When most people when they think of cyber crime think of the financial impact, but our concerns are life and death. If a computer goes down, it is frustrating for the end user but the knock-on effect is the inability to access vital patient data. This could prevent a doctor treating someone in an emergency because they are unable to see if they are allergic to a type of drug, or if they have other health complications.
It is a stressful job because the important nature of the work, but it is highly rewarding being one of the secret heroes of the NHS, protecting the vital infrastructure that enables the amazing front-line workers to do their job and save lives.
WHY DID YOU CHOOSE THIS FIELD?
I grew up in a very poor part of Leeds where if you got past high school, you were 'doing well.' Growing up, my friends ambitions were to have children as soon as possible so they could get a council flat and school was just a holding place to those ambitions were realised. Consequently, they were not very keen on studying.
I remember feeling a bit like an outsider. I remember being 10 and asking my bedroom to be decorated in a space-scape because I wanted to be an astronaut. I was lucky to have supportive parents who encouraged the book-worm in me and gave me the courage to not follow the crowd.
Unfortunately, my teachers never encouraged me in science as I was told 'girls aren't naturally good at science, so try English instead.' I believed them at the time and my ambitions to be an astronaut got shelved.
I did very well in my GCSEs and eventually went on to study English Literature at university. But just as I was graduating the financial crash hit and jobs were scarce. I took the first job I could, a low paying job in a hotel's administrative pool.
I spent quite a few years in administration. I was always the first to complete all my work and always felt like I could do better but no matter what jobs I applied for, nobody could see past my admin job title, and give me a chance at something new.
Eventually I began working for a charity. I became a project lead for an initiative to get people out of destitution. We started to notice that the main barriers that was keeping people in destitution was their inability to access services online. For example, apply for benefits. I became fascinated by the theory know as the 'digital divide' which suggests if you don't have the tools to be online, then you will be socially disadvantaged. I went on to study this theory formally when I did a Masters in Anthropology.
Unfortunately, although I loved that job, funding cuts meant I was made redundant. I knew I love tech, and was very keen to make sure I did 'tech for good,' but I had no idea how to get into tech having studied two very non-technical subjects at university.
The logical thing for me to do was to learn a technical skill. So, at aged 31, I started to teach my self how to code using free online resources like freecodecamp.org and Code Academy. I treated coding like a full time job, or more than a full time job because I did evening and weekend too. Motivated by the desire to join the industry, but also because it was so darn fun!
I fell head over heals with learning a technical skill and to be honest, was annoyed that the system made it seem like wizardry when actually, I've yet to meet anyone who couldn't pick up the basics of coding.
I was going to lots of tech events and meetup while I was teaching myself and quickly realised how important it is to be embedded into a community for development and opportunities. It was at one of these meetups that I went to a talk about cyber security. I drunk it all in and I was buzzing after the talk to see how I could join the industry.
There seemed a lot more pre-requisites to getting into cyber than in software development so I continued to build up my skills in this area so I could prove my 'tech-chops'.
I applied and was accepted for a job on NHS Digital graduate scheme as a software developer within 5 months of teaching myself how to code. I quickly aligned myself in two areas, user research and secure coding practices. I believe that security should look at the people element first and for most so I was keen to see how the principles of user research might go to changing user practices and encourage them to do things more securely.
Although I knew I didn't want to be a software developer, I knew it would give me the good basis to work in security because it enabled me to create scripts to automate process and have a deeper understanding of why things were designed (in)securely.
Word got around at NHS Digital that I was a security evangelist and I was given an opportunity to work in the SOC. The first graduate ever to do so.
I got there through perseverance, passion and enthusiasm.
WHAT DO YOU LOOK AT & THINK, "I WISH YOUNGER ME WOULD HAVE KNOWN THIS WAS POSSIBLE?"
I think things happen when they happen for a reason. Although sometimes I think 'I wish I would have got into tech sooner', the truth is, I'm in a better position for not joining the industry from a traditional computer science route. That is because I have so many other experiences that inform my work and I can implement to make tech better for others.
I think the biggest take away is, if you love English literature, the arts or any non STEM subject, don't see that as a negative. My creative background allows me to tackle problems in different ways to my colleagues who are more traditionally trained.
One of the biggest revelations for me when I got my first cyber security role was how, at tier one level at least, its is almost exactly the same as an administrative job. I think the industry is really missing out by not up skilling people who work in administrative roles as they have years of experience of meretriciously looking through documentation and handling large amounts of data.
Because of this, I was inspired to set up my own code clubs at NHS Digital to show non-technical staff (like the administration teams) that they could learn a technical skill. Its been a massive success and sells out with seconds every time a session is held. Its a brilliant feeling for me to see people who have never written a line of code before create a website from scratch within a matter of hours. Even better when I get a message later saying that they've been inspired to retrain.
I wish I would have known that the path to success isn't linear and to just enjoy the ride!
WHY DO YOU LOVE WORKING IN STEM?
I've always loved to learn and I'm a sucker for a course to complete. Because tech moves so quickly, you HAVE TO keep learning new things.
I look forward to learning something new every day
BEST ADVICE FOR NEXT GENERATION?
Network, Network, Network. Remember that behind the tech it is made up of people. There is loads of great resources on how to make a really impactful LinkedIn profile, especially at the start of your career when you might have less to add.
INSPO / FUN FACT
"Diversity is being invited to the party. Inclusion is being asked to dance" - Verna Myers, Diversity and Inclusion Expert