Tell us about what you do here.
I try to get into the mind-set of a Solutions Architect not a Salesperson. Properly understanding what our clients need - that’s always my starting point.
Having qualifying as a Certified Ethical Hacker (CEH) I tend to have more experience of the practical implementation than your average salesperson. And in my spare time I keep my knowledge up to date by studying Python and I’m working towards CISSP Certification via CompTIA Security+. I think clients appreciate having a grown-up conversation with about the issue rather than a sales patter.
Outline a typical day.
In the early morning I use the quiet time to catch up on emails and plan the day ahead in blocks. After a quick mid-morning catch-up with the rest of the team at around 10am, I can devote the rest of the morning to reaching out to new companies - building relationships one step at a time.
Afternoons I usually try to reserve for face to face meetings or calls with existing clients. I like that OnSecurity is a lot less transactional than a lot of other providers out there. The machinery of the average Pen-testing firm has become too complicated, too impersonal. Clients are shunted between multiple departments without anybody stopping to actually listen to what they need. So a lot of my day is spent re-educating prospects that pen-testing doesn’t need to feel complicated - it doesn’t have to be this way.
What have you been working on mostly since joining OnSecurity?
Alongside developing and mapping new accounts, I’ve been spending a lot of time with clients listening to what they‘re responding to, what trends are driving their behaviour.
There’s been a big shift towards Managed Services - getting everything under one roof, which is a sign of a maturing market. It’s also been interesting to see companies moving away from Bug Bounties and towards being more proactive, getting ahead of the problem. It’s as though the taboo around breaches has been lifted, enabling CTO’s get more Board buy-in (and budget) to build security testing into the dev cycle earlier.