2025-04-26 –, Seminar Room 7
A 20-minute presentation on my journey from working in oil & gas into becoming a Senior CTL APP Pentester and all the challenges I have faced since moving into cyber 3 years ago.
This will be aimed at encouraging people to explore their soft skills, and that technical skills aren’t all you need. Key points in the talk will include self-development, tips on resources to use, things I’d do differently and my goals going forward. It is aimed at students/graduates/people looking to transition into cyber security.
The talk will be interactive and will contain some technical information, however this is considered a careers talk, not a technical talk.
This presentation focuses on my transition into cyber security from oil & gas, and how I transferred skills from a completely different role and industry to succeed in my current day-to-day role. There seems to be a misconception in the security space which leans on the idea that success in this industry only comes from graduating from university with a degree in cyber security.
Penetration testing is a consultancy-focused role (or should be), therefore client communication is a key skill. Having the ability to effectively communicate technical information to a non-technical audience is a prime example of a skill that makes a great consultant. For example, there's a critical difference between being able to execute a complex DOM-based Cross-Site Scripting attack and the ability to explain the risk of the attack, and how it could be leveraged to contextually affect a specific system.
Although certain technical aspects will be noted in this talk, it is more weighted towards having the correct mindset and objectives. Moving from a completely different industry into one as technical as ethical hacking can be daunting, and navigating the plethora of information available can be a task in itself. However, it’s important to maintain a positive outlook and set reasonable goals, as mindset is far more powerful than prior knowledge. The old saying goes: "Give a man a fish, and you feed him for a day. Teach a man to fish, and you feed him for a lifetime." The same applies to learning in cyber security.
You can either gain knowledge to overcome a single task or adopt a mindset and work ethic that allow you to tackle a hundred tasks. This goes both ways—employers should recognise talented candidates based on proven work ethic and drive, demonstrated through achievements on platforms like Hack The Box, TryHackMe, TCM Security, A Cloud Guru, and YouTube, rather than overlooking them simply for not holding a cyber security degree.
In this talk, I delve into how I progressed to the level of a Senior CTL APP Pentester, providing actionable tips for industry newcomers and those looking to transition into cyber security.
Cyberis Limited
Ross started his career in the oil and gas industry. He joined the Cyberis Academy in 2022, and through hard work and enthusiasm rapidly gained experience and qualifications becoming a Certified Cyber Scheme Team Member (CSTM), followed by passing the Cyber Scheme Team Leader exam (CSTL – Web App). He also holds Google Cloud Platform Digital Leader and Associate Cloud Engineer (GCP-ACE) qualifications. As a senior consultant in Cyberis’ technical team, Ross specialises in web applications and cloud assessments, and is an aspiring red teamer.
Ross is passionate about training and developing others looking to move into the field and enjoys getting involved in presenting and promoting both the company and the cyber industry. He was shortlisted in the “Rising Star” category at the Security Serious Unsung Heroes Awards 2023.
Ross is also a keen musician who plays in a band, recently joined a rugby team in Edinburgh, and loves spending time with his little dog, Yoshi.