Meet the Team: Christoffer Olsen7th of March 2019
We bring you closer to the people of FortConsult with our "Meet the Team" series, where we question our colleagues about how it's really like to work in IT security. Security consultant Christoffer Olsen from our Technical Security Consulting (TSC) team, answers four short questions here.
What would you say is the main attribute of a security consultant?
Besides being technically skilled, you must be good at talking to clients and explaining technical details in a way that non-technical people would understand. For presentations, I must use my readiness for change – the number of people participating in meetings can range from 1-20 people, and I do not always know their technical skill level and their questions in advance. So, I need to be good at identifying client needs and what type of person I am facing in the moment. I always try to improve as a public speaker, and I get a lot of useful experience from e.g. client presentations.
How did you get into cyber security?
I got interested in IT security through a friend online that I played computer games with. He introduced me to the concepts of web application security and I found, among other things, OWASP - The Open Web Application Security Project, from where I started learning about the subject. IT has always interested me, and I knew that I would work within the industry quite early in my life. In elementary school, I thought that animation and computer games would be my professional occupation, but I eventually stumbled across the bachelor of engineering programme in software technology at DTU, which is the Technical University of Denmark.
When I was planning my internship at DTU, I researched who the leading OWASP person in Denmark was and encountered Ulf Munkedal (the founder of FortConsult, ed.). I wrote him, and got an internship at FortConsult.
After a month as an intern, I passed my OSCP, which is a semi-advanced starting certification and eventually got hired as part-time employee when I still had to complete my bachelor's project. I have learned a lot from my colleagues, and they have been super helpful in getting me started and have taken me under their wings.
What do you enjoy most about your job?
I think the sense of community and the personal development possibilities are the best things about my job. A good day becomes even better when I learn something new, e.g. by working with a technology that I did not know in detail beforehand. Sometimes this is acquired from working together with other consultants on a project, where we share ideas and approaches. Here, I am being challenged and develop my professional competences.
I also love that there is room and possibilities of following my dream of speaking at a major conference. Because who doesn't want to be an InfoSec Rockstar? A few years ago, I was selected to give a speech at NCC CON Europe about my bachelor project. That meant a great deal to me, and I aspire to do more of this once I have a done some cool research or created a tool that other consultants and companies can benefit from.
What matters most to you when you are at a client engagement?
On client engagements, the value I provide as a security consultant is very concrete, as I present the test results and the report, which helps the clients address their vulnerabilities.
On one recent project, we had the task of performing a test that included collecting some trophies in the client’s network. If we would succeed in getting the trophies, this would mean that the client was in high risk of getting hacked. We managed to access the trophies in several different ways that we presented to the client, and their response was: “It's inspiring to see you work”. That to me, was a really good experience, because our work made an impression on them and ultimately made them realise how important security is to their business’ existence.