Why did you choose PwC?
I wanted to continue my career in cyber at PwC (initially in the UK) because many of my former colleagues from ASD were working here and told me of their excellent work in stopping cyber attacks and responding to them. I was also fortunate enough to be interviewed by a partner (who I still work with today) who understood cyber intelligence and was keen on providing fantastic personal development opportunities.
Please share with us some interesting and challenging projects you have worked on?
During my 5+ years at PwC, I've worked on a wide range of projects, from incident response cases for large global companies to providing intelligence reporting and data to clients across multiple industries and government agencies. One of these projects culminated in one of the highlights of my career so far. In 2017, we were working on numerous incident response cases that led to the publication of the "Operation Cloud Hopper" report. My team and I spent seven days locked in an office writing a report that exposed malicious cyber activity. Our report allowed us to help clear out the threat actor from client networks and build the PwC cyber brand, showing that we aren't all just accountants!
Please talk us through the technical work and what that’s like.
Even as a Director, I still get the opportunity to do some technical work, from mapping out threat actor infrastructure to working out who they have compromised so we can inform victims. We have access to some pretty awesome tooling and data sets that allows us to have exceptional visibility of cyber-attacks across the globe. This makes our job so much easier and allows us to build some cool analytics and automation, meaning we get more time on the tools!
What is the best piece of advice you have been given about developing your career?
The best advice I've received was "consult widely, and consult early", which seems super obvious for a consultant! But I've found that we often get a bit of tunnel vision working on a project or some research, and we forget how important it is to reach out for other opinions and viewpoints. PwC is lucky that we have such a diverse workforce, allowing me to reach out to team members from a particular background or region in the world to get a viewpoint different from mine. This advice also comes into play with some of the technical and risk aspects of what we do; it's better to ask the question early than later down the line.
What is unique about working in the Cybersecurity & Digital Trust team?
What is truly unique about the C&DT team is that, even though our people operate across the country and everyone has different specialties and knowledge areas, we are really good at working together and involving each other when needed. We also have some of the most intelligent people in cyber, which means we're always learning from each other.