What does a typical day look like for a cybersecurity consultant?
KPMG’s Kamil Fedorko explains why logic is so important in a security role and how people outside the industry can start a career in IT security.
Born in Poland and raised in Sligo, Kamil Fedorko has always had a deep interest in IT.
While studying at the Institute of Technology Sligo (now known as Atlantic Technological University), he worked on the development of a Security Information and Event Management (SIEM) solution for a start-up local.
He then moved on to building security testing pipelines within the Azure and AWS ecosystems. Today, he works as a senior cybersecurity consultant for KPMG.
“As cybersecurity professionals, we cannot become complacent”
– KAMIL FEDORKO
If so, can you describe a typical day at work?
I wake up at 7:30. I make a mental list of all the things I need to do today and keep reading the world news followed by cybersecurity blogs and lots of Twitter.
Around 8:40 a.m., I bring my coffee to the office and turn on my two laptops. I have two laptops, one for the KPMG ecosystem and the other for engagements. This way, any malware I reverse engineer, forensic artifact or exploit I am currently working on will not interfere with our internal policies.
9:00 am is my focus time, I try not to hold any work meetings during this hour as I like to work on my emails and previous tasks that I need to continue from the day before. Right now I’m working on attack emulation paths, where we design the most likely attack path a malicious actor could take.
At 10 am I have my first team meeting, which lasts 25 minutes. We are discussing the deliverables that must be submitted by the end of the week. I devote the next two hours to non-technical work, unless a commitment requires it.
At 12 p.m., I start preparing all my environments for the technical crunch after lunch. Today, for example, I was assigned to lead a red team mission. I start by creating a fake identity online and start recognition.
After lunch, I add company members on LinkedIn to dig deeper into their organizational structure. I am proceeding by removing all previous and current computer engineering or application development jobs that have been advertised.
After spending two hours listing all publicly available information about the company, I identified the skills of their cybersecurity team members based on their LinkedIn profiles and Twitter posts.
Now having a lot of passive information, I would like to see which endpoints are visible from the internet and which management portals are exposed.
At 5:00 p.m., I record all my findings and proceed to document all findings in a draft summary report so that I have less work the next morning. I pick up at half past one and continue my dinner.
What types of cybersecurity projects do you work on?
While working for KPMG, one aspect is very evident and that is the lack of labeling and grading. This ability allowed me to transition from being a penetration tester and DevSecOps engineer to being an incident responder and forensic investigator.
I love doing threat emulation and red team missions, but more recently I’ve really enjoyed the investigation aspect of incidents involving a breached environment.
It is extremely gratifying to be able to understand at the command level what an attacker did and how they gained a foothold in an enterprise’s systems.
What skills do you use on a daily basis that are particularly useful when it comes to cybersecurity?
As someone who has been exposed to different layers of computing within a business, I think one of the most used skills is logic. Having the ability to logically break a problem into smaller pieces and tackle them individually gives me the ability to always see the bigger picture.
Understanding how programming logic works in the back-end without reading code is a tremendous asset when testing or defending enterprise applications and environments.
What are the biggest challenges when working in cybersecurity?
I think one of the biggest unspoken challenges is the ever-changing threat landscape. As a security enthusiast for over a decade, I can say that comparing cybersecurity 10 years ago to today is like comparing the industrial age to the modern age.
10 years ago we were all working on a completely different technology stack, whereas today that stack has been extended like never before – from self-hosted monolithic applications to agile microservices that run without a server.
As cybersecurity professionals, we can’t get complacent and each of us is still working two jobs. One is the primary job title and the position we are filling; the other is from a cybersecurity researcher.
Do you have any productivity tips that help you throughout the day?
Although it doesn’t work for everyone, I like to listen to music while I work. I know a lot of people like to work in silence, but there’s nothing better than turning stress and panic into motivation with your favorite songs.
How has this role changed as the cybersecurity industry has grown and evolved?
Everyone knows how quickly the IT landscape is changing; we can’t look beyond our pockets and remember how a phone from 10 years ago differs from a phone from 2022. The same goes for cybersecurity. Although awareness is still suboptimal, I think we are on the right track.
The cybersecurity threat landscape has evolved from threat actors hosting their botnets on IRC servers to hosting command and control ecosystems within the Deep Web.
This constant change signifies the importance of the adaptability of a cyber consultant or engineer. We not only need to understand the concepts of the most recent attacks, we also need to be able to execute them in order to test defense systems or understand what fingerprints might be left behind.
Each new iteration of improved methodology or procedures aims to reduce the delivery time. With this in mind, ease of use versus operational security is at the forefront of most IT companies.
What do you enjoy most about working in cybersecurity?
I think it’s how each passing day differs from the last 365 days. No project is the same, all penetration testing incidents and engagements are different. This means that no work day seems to be part of the routine. I can’t get bored working in cybersecurity!
What advice would you give to someone who wants to work in cybersecurity?
If you’re looking to transition into cybersecurity from another area of work, see how you can implement cybersecurity in your current role.
Take that software engineering job and own it from a security perspective. Take on this Network Engineer role and focus on developing your network security and network architecture skills.
Keep up to date with the latest articles and interviews from cybersecurity professionals, including Silicon Republic! Hard work and a genuine passion for cybersecurity will get you there.
10 things you need to know straight to your inbox every weekday. Sign up for the brief dailythe summary of essential science and technology news from Silicon Republic.