There’s a labor shortage in cybersecurity, and the industry can’t get enough computer science graduates to fill the roles left empty in companies around the world. One way to tackle this shortage is to partner with a security consultant team to help deal with short-term challenges. Another option is to hire people with backgrounds outside of computer science and information security to bring in a new set of skills and help retrain and grow the company.

Ben Goodrich checks both of those boxes. A recent graduate with a physics degree, Ben works with IBM Security in the U.K. as a security consultant. He gets deployed to different companies and spends two to three months at a time working with their in-house teams. This type of role means every day is unique — and it also means he learns a lot about the industry, the latest trends and what clients are looking for.

“I’ll go wherever I’m told to go,” Ben laughed. “But when I talk to clients, it’s about understanding what they’re struggling with at the moment, and bringing in the experience — both my own and the wider IBM business — and seeing what we can do to help the client out.”

At one recent job the client didn’t have a clear idea of how to show that it complied with a new regulation related to essential national infrastructure. Ben was part of the team that showed the client how to demonstrate compliance and worked with it to complete the process.

Every Day Brings New Challenges for a Security Consultant

While every challenge is unique, Ben said he has started to see patterns emerging even though he’s only been in the role a short time. The skills gap is one of the big recurring themes.

“Sometimes clients are still trying to hire for roles, but sometimes they actually don’t want to have a really highly skilled security architect or response person,” he said. “Firstly, they’re really expensive, but they’ll also get bored if they’re sitting there not being engaged every day. That’s why clients work with someone like IBM that has a range of really skilled people that you can bring in and out as you need.”

The opposite is true, too: Some organizations have teams of highly skilled security professionals who have been at the same company for decades and are thus isolated from the rest of the industry.

“Security changes so quickly; best practice changes and what people in the industry care about changes so quickly,” he said. “We are coming in as the trusted advisor. We’re coming in and filling gaps, but also working in partnership longer-term to advise on everything cybersecurity.”

In his third year at IBM, Ben loves the constantly shifting nature of being a security consultant. He enjoys going to client sites, speaking with them about their challenges and finding the solution that will work best. It’s about bringing together not only the knowledge of that particular client, but also experiences from across other client sites.

A State of Constant Change

A fascination with pulling things apart and putting them back together to figure out how they work is what led Ben, a Norfolk native, to study physics. He ended up in cybersecurity because, while he loved the field of physics, he craved constant change.

“It can literally change day to day because there will be a story in the news, and then it’s what about us? What are we doing to protect ourselves against ransomware or malware or WannaCry or whatever it is? That’s what really attracted me to cybersecurity.”

While cybersecurity wasn’t the plan for Ben when he chose his academic path, he does encourage students to get involved with science, technology, engineering and mathematics (STEM) fields.

“I did physics, so I’m quite biased, but I think STEM subjects are really important,” he said. “I’d actually say even if you are on an arts track, and even at GCSE and A levels, it’s useful to have one or two STEM subjects as well just to prove you do have those analytical skills, the ones cybersecurity companies are looking for.”

But education is only one part of what makes someone a great candidate for a career in cybersecurity. More important than a candidate’s field of study, Ben argued, is a sense of curiosity and an itch to innovate.

“If you bring enthusiasm and a willingness to learn, you’ll go far,” he said. “Whoever you are, whatever your degree, there has to be that willingness to learn new things and stay on top of changes.”

For Ben, this includes a willingness to travel. The international nature of IBM Security is one of the things Ben loves about his job — but the recent university graduate isn’t getting ahead of himself.

“I’d love to work abroad at some point,” he said, “but it’s about building a reputation for myself first.”

Meet ‘Mini CEO’ Laurene Hummer

More from Security Services

BlackCat (ALPHV) Ransomware Levels Up for Stealth, Speed and Exfiltration

9 min read - This blog was made possible through contributions from Kat Metrick, Kevin Henson, Agnes Ramos-Beauchamp, Thanassis Diogos, Diego Matos Martins and Joseph Spero. BlackCat ransomware, which was among the top ransomware families observed by IBM Security X-Force in 2022, according to the 2023 X-Force Threat Intelligence Index, continues to wreak havoc across organizations globally this year. BlackCat (a.k.a. ALPHV) ransomware affiliates' more recent attacks include targeting organizations in the healthcare, government, education, manufacturing and hospitality sectors. Reportedly, several of these incidents resulted…

9 min read

How I Got Started: Offensive Security

3 min read - In the high-stakes world of cybersecurity, offensive security experts play a pivotal role in identifying and mitigating potential threats. These professionals, sometimes referred to as “ethical hackers”, use their skills to probe networks and systems in search of vulnerabilities, ultimately helping organizations fortify their digital defenses. In this exclusive Q&A, we spoke with a seasoned offensive security professional. Benjamin Netter is a cybersecurity expert and the founder and CEO of Riot, a cybersecurity platform created for employee protection. His goal is…

3 min read

Is Your Critical SaaS Data Secure?

4 min read - Increasingly sophisticated adversaries create a significant challenge as organizations increasingly use Software-as-a-Service (SaaS), Platform-as-a-Service (PaaS) and Infrastructure-as-a-Service (IaaS) to deliver applications and services. This mesh of cloud-based applications and services creates new complexities for security teams. But attackers need only one success, while defenders need to succeed 100% of the time. Organizations are contending with an exponential rise in advanced threats that are not only increasing in volume but also sophistication. The IBM Cost of Data Breach Report 2022 found…

4 min read

Rationalizing Your Hybrid Cloud Security Tools

3 min read - As cyber incidents rise and threat landscapes widen, more security tools have emerged to protect the hybrid cloud ecosystem. As a result, security leaders must rapidly assess their hybrid security tools to move toward a centralized toolset and optimize cost without compromising their security posture. Unfortunately, those same leaders face a variety of challenges. One of these challenges is that many security solutions create confusion and provide a false sense of security. Another is that multiple tools provide duplication coverage…

3 min read