This week we’re catching up with Andy Bryan, OnSecurity’s Business Development Manager.
What first attracted you to the world of Penetration testing?
As far back as I can remember I’ve been fascinated by computers. It started at the age of 10 in school with word processing on the old BBC Micro - simple stuff but I loved it. From that point on, I kind of grew up with each new generation of computers; the Sinclair ZX80, ZX81 and Spectrum+, then onto the Commodore 16 and 64 before graduating to my pride and joy: the mighty Packard Bell P75 Executive Multimedia.
The massive and impressive Packard Bell P75
But it wasn’t until I joined the RAF that I started to delve under the hood, into how everything worked and could be hacked and rebuilt to solve problems. Aged 27 I was deployed into Ali al Salem in Iraq maintaining the peace as part of Operation Telic. My squadron’s job was to set up ‘Command & Control Headquarters in forward positions. The problem was ‘forward positions’ usually meant ‘the-middle-of-nowhere ’ and so our guys always felt very far from home. Remember, this was 1996 pre-mobile-phones calling home from ‘the-middle-of-nowhere’ meant paying extortionate rates for just a few crackly minutes on an unsecure international line.
I decided to have a go at a solution. With a bit of trial and error I figured out how to manipulate the local telephone network so a standard landline could route calls via the MOD’s exchange in London - all for the price of a local call. It wasn’t much of a hack but I got a real buzz seeing people’s faces and the effect on morale. It stayed with me that it’s not always about protecting big banks and money - it’s about securing what’s valuable to people.
Tell us about what you do here.
I try to get into the mind-set of a Solutions Architect not a Salesperson. Properly understanding what our clients need - that’s always my starting point.
Having qualifying as a Certified Ethical Hacker (CEH) I tend to have more experience of the practical implementation than your average salesperson. And in my spare time I keep my knowledge up to date by studying Python and I’m working towards CISSP Certification via CompTIA Security+. I think clients appreciate having a grown-up conversation with about the issue rather than a sales patter.
Outline a typical day.
In the early morning I use the quiet time to catch up on emails and plan the day ahead in blocks. After a quick mid-morning catch-up with the rest of the team at around 10am, I can devote the rest of the morning to reaching out to new companies - building relationships one step at a time.
Afternoons I usually try to reserve for face to face meetings or calls with existing clients. I like that OnSecurity is a lot less transactional than a lot of other providers out there. The machinery of the average Pen-testing firm has become too complicated, too impersonal. Clients are shunted between multiple departments without anybody stopping to actually listen to what they need. So a lot of my day is spent re-educating prospects that pen-testing doesn’t need to feel complicated - it doesn’t have to be this way.
What have you been working on mostly since joining OnSecurity?
Alongside developing and mapping new accounts, I’ve been spending a lot of time with clients listening to what they‘re responding to, what trends are driving their behaviour.
There’s been a big shift towards Managed Services - getting everything under one roof, which is a sign of a maturing market. It’s also been interesting to see companies moving away from Bug Bounties and towards being more proactive, getting ahead of the problem. It’s as though the taboo around breaches has been lifted, enabling CTO’s get more Board buy-in (and budget) to build security testing into the dev cycle earlier.
What are you most excited about in the coming months?
The new portal is a very exciting step forward for us, so I’m looking forward to getting that in front of clients - as it’s a total game-changer in terms of saving them money on reporting. Other than that, I’m looking forward to bedding down the sales structure and recruiting another Business Development Exec before the end of the year. So lots to look forward to.
Quick Q&A with Andy:
How would you describe your job to a child?
I help keep people safe from naughty hackers.
If you weren’t at OnSecurity, what would you be doing?
My childhood home was a stone’s throw from Maine Road (Man City’s old ground). So any job that took me back to that boyhood excitement would be nice - Football Commentator perhaps?
Before OnSecurity what was the most unusual or interesting job you’ve ever had?
Standing guard for the Queen outside Buckingham Palace. Tourists always do their level best to make you laugh, so there was never a dull moment.
What 3 words describe OnSecurity?
What’s your number 1 security tip?
Install security patches immediately. Hackers are working fast to exploit those vulnerabilities, so the clock is ticking. Don’t wait around.
If your house was burning down, what’s the one non-living thing you would save?
Coffee machine, no question. It’s basically my life-support machine in the mornings.
My daughters are 11 and 12 and they love the outdoors. Muddy countryside walks with the family are how I unwind these days.
What’s your guilty pleasure?
Chocolate. I have a very sweet tooth. Dark chocolate is my downfall.
What’s your favourite noise?
My kids laughing. Usually my ‘Dad-Dancing’ can be relied upon to raise a giggle.
What will finally break the internet?
A.I. that grows and assimilates internet-enabled devices. The fact that Facebook pulled the plug on an experiment after two A.I. programs started chatting in a language only they understood, is genuinely terrifying.
What’s the most important thing you have learned in the last five years?
Appreciate the time you get with your family because they just grow up so fast.
As a 12 year old I was scouted by Man City. I was playing regular Sunday League football with my mates when the scout asked me to try out. But for some reason I turned it down. To this day I don’t know what I was thinking. I could’ve been playing with Niall Quinn!