Name: Steve Spence
Job title: Self-taught Cyber Geek, Senior Penetration Tester, x-Red Team Lead and Social Engineer at Aflac (Northern Ireland).
What does your typical day look like?
There is a famous meme doing the rounds on the internet detailing what a penetration tester does from differing perspectives. It compares what your friends think you do, versus your parents, to your colleagues and so on. What really happens is that we sit in front of our laptops systematically working through a toolbox of techniques to gain either physical and/or virtual access to environments.
I usually spend 10-12 hours a day at my day job (it's not for the fainted hearted). Testing is our main priority, with a mixture of planning and scoping calls and emails mixed in for good measure. After lunch I will sync with my colleagues in the US for another round of meetings. In short all I really need is a laptop and an internet connection and I’m good to go!
What are you currently working on?
Unfortunately, I’m not able to talk specifics due to the nature of our work and non-disclosure agreements (NDA’s) that we operate within (sorry, just like a magician we do not divulge our tricks). What I can reveal is that our team have full autonomy to test both physical and virtual infrastructure within our own network. Our Rules of Engagement (ROE) state that we can try whatever means we require to confirm the cyber security readiness of IT systems.
It is our job to act and think like our adversary and use whichever tools, techniques and processes they would use to gain access. We work with stakeholders to identify their requirements to scope a project, test for vulnerabilities and report back to the business on our findings. I should also say penetration testing assignments may also contain a physical element, in other words trying to gain access to a building. In short, on occasion, I get paid to legally break-in to places.
What inspired you to join this company in particular?
Joining Aflac NI was an exciting and easy decision for me. I had been introduced to the company via a recruiter, offering this unique Penetration Testing role, here in Belfast. I was looking for work close to home, without constant travel, whilst still being able to practice and develop my skills daily. Aflac has an amazing culture, encouraging creativity and autonomy to solve business challenges. Our Cyber Security team is full of subject matter experts, and I love to work with people who really know their day job, working together to deliver world class results for Aflac.
Did you always want to be in the tech industry?
Yes, absolutely. Tech is a constantly evolving environment and I enjoy the element of continued learning and personal development. We are very fortunate as employees of Aflac NI, as the company actively encourages us to undertake research, as well as completing at least one piece of training per year.
What’s your favorite part about your work?
Honestly, it’s the varied work from one day to the next. For instance, I could be working on external or internal penetration tests, all undertaken remotely which can present some interesting ways of doing things.
At the moment I'm working within the confines of a “Closed-box” assessment methodology, which means I'm working with little to no knowledge of an environment, simulating attacks on our businesses and testing how equipped they are to deal with various scenario driven cyber-attacks. This type of engagement is particularly interesting because we often keep our work quite secret and don't tell people within the business about it - this allows us to get a realistic overview of how stakeholders and subsidiary companies security teams are performing.
In short, we’re constantly challenging ourselves and in turn Aflac to be better, by utlising creative problem solving to identify those opportunities through our penetration testing engagements. We’re growing our team right now so if you’re interested find out more here.
How do you see this technology impacting on our lives?
Technology is a double-edged sword, it can make our lives easier, better even, but it also leaves us vulnerable to risk as we become increasingly dependent on it. Therefore, cyber security has become a top priority for companies as they defend against a plethora of rogue entities, from teenage hackers, to organized criminal gangs and advanced persistent threats (APT’s) who all chase our personal data.
What would you say to other people considering a job in this industry?
I am highly biased and would recommend tech as career, pinpointing cyber especially. Belfast is a hot bed for cyber jobs across various categories and we are fortunate to have many US companies who have set up base here, as well as some local businesses who are flourishing. You have the chance to positively affect technology, the experience of users from a security perspective and make the internet a safer place.
Who inspired you to work in this field?
A former colleague from my days working in the radio and satellite communications sector (who himself had started working within cyber) introduced me to penetration testing and I haven’t looked back since. I am grateful to them for sharing this incredible and fascinating world. Personally speaking, I love to pay this forward, coaching our newest team members, helping them develop and mentoring folks outside of Aflac who are looking to get into this field. Helping and being involved in training the next generation is an important aspect of the job for me as well as learning from my peers.
What do you consider to be the most important tech innovation or development in recent years?
There are so many new trends swirling around in the ether, from AI, to the Internet of Things, 5G, robots and autonomous vehicles, but I would opt for quantum computing. This will be the biggest challenge to existing security solutions as existing encryption strings could be broken within seconds by high powered computers. We must be ready for this game changing technology as it is just around the corner.
What gadget could you not live without?
My Apple Watch Series 6. Fitness and staying healthy are both important to me and my goal is to start each day with exercise, to get the blood flowing and the mind working! I mix my training up through calisthenics, kettlebell work and trail running. I’m also a fan of a ‘brisk’ walk as some of the folks I work with found out the hard way.
More recently, I have just gotten into gravel bike riding over the last year. My Apple Watch keeps track of my movements over the course of day, as well as the more physical sessions I work through. I enjoy the gamification element that this has brought with various badges to be won through exercise achievements, always forcing me to push my limits!
Read more about our Tech Trailbazers on Sync NI here. Find out more about Aflac NI's job opportunities on our Jobs page here.
