Name: Hans Christian Rudolph
Affiliation: Deloitte Tohmatsu Cyber
Editor of Cybersecurity Magazine
Can you briefly introduce your current role in cybersecurity?
I work as Manger at Deloitte Tohmatsu Cyber with a specific focus on secure connectivity. In this role, I get to support a variety of clients with cyber security challenges related to telecommunications and associated technologies, such as 5G, Open RAN, and cloud computing. Our contribution can range from performing risk assessments, to developing security policies and blueprints for certain deployments, to providing advise that help our clients be compliant with security standards and best practices.
How did your career in cybersecurity get started?
I started my career at a major European telecom provider as part of an integrated degree program, which gave me the opportunity to do hands-on work at the company in parallel to my bachelor’s. While that work was not exactly security-focused but rather geared towards software design and engineering, I find that I still benefit from a lot of those skill in my day-to-day work now. After completing my bachelor’s, I successfully applied at the company’s internal network security department. There I got to delve deeper into mobile network security. In parallel to my duties internal to the company, I also got the chance to participate in international standardization, contributing to the development of the 5G technical specifications. Ever since then my primary focus has been mobile network security.
What does a typical workday look like for you?
Being in consulting now, that really depends on the types of projects I am working on. On some engagements I may perform more deep technical work that directly feeds into the client deliverable, while on others I may primarily act as a project manager and guide to other team members. Generally speaking, I split my time between project delivery work, business development, and providing guidance to my peers. All three require very different skills and sensibilities, and I enjoy the variation and flexibility that my role provides me with.
What are the most challenging and the most enjoyable aspects or your role?
Perhaps the most enjoyable aspect are the people I get to work with. Our organization has a lot of inspiring professionals around the world and being able to connect with and learn from them is really valuable. Moreover, what I enjoy about security consulting is that you get to work on so many different and interesting problems. No two assignments are the same, and there is always something new that I take away from a project. Getting such a wide range of experience in the corporate world, particularly in a large organization, would probably take much longer. Of course, for the same reason, it can be challenging as well. In the face of multiple parallel projects and lots of context switches, you have to be able to manage your time effectively.
What do you consider the three most important skills to succeed in your role?
Although not everything, technical skills are important. As a cyber security professional, you have to understand the system in a holistic fashion in order to identify where things may go wrong and form an educated opinion. If we are talking network security, for example, not only should I have a good understanding of IP networking, but also security protocols, key management, cryptographic algorithms, APIs used for communication, and so on.
Additionally, communication skills are absolutely essential. Knowing security is well and good, but if you cannot relay the relevant information to other stakeholders appropriately, you are going to have a hard time. This is especially true if you work in consulting, but it applies to almost any security role.
Lastly, you should be curious and be able to motivate yourself to pick up new knowledge and skills continuously. Again, this is probably sound advice for any profession, but cyber security in particular is continuously evolving. While the underlying security goals and fundamental threats remain the same, being able to apply your knowledge in different contexts is key.
What advice do you have for people starting their career in cybersecurity/looking to enter this industry?
Try out different things. Cyber security comprises lots of different areas which may or may not interest you. The role of a malware analyst is vastly different than that of a security architect, and it requires very different skills. Therefore, whenever you get the chance to peek into a new area of cyber security (e.g., as part of a student internship, job visiting, involvement in an open-source project, etc.), take it.
Don’t stress out. As mentioned before, cyber security is a wide field, and you are not going to master it in a few years. When you just start out, it can seem daunting given all the things you don’t know, yet. Start small in an area that interests you and build a set of basic security skills. Chances are you will interface with different security teams, and you will get an idea of what their work is like. If you think another area of security is a better fit, pivot towards that. From my experience, this industry is quite open to that.
If people would like to learn more about your role in cybersecurity, where should they go?
For relatively brief intro to telecom security, there is a video on YouTube where I’m providing a high-level overview of the 5G security standard, together with Anand Prasad. In addition, I also publish the occasional article on Cyber Security Magazine, mostly on networking and security basics.