Sami joined SQUAD in March 2019 as a Security and Information Systems Engineer. He talks to us about his career path and the fundamental role that knowledge transfer and training play in the future of cybersecurity professions.
Can you tell us about your background?
I have always been interested in computer science in general. To sum it up, I was kind of "the family geek." Without being an enthusiast, I was interested in the subject, and my vocation matured over the course of my studies. Initially, I wanted to go into development, but the program I wanted to take was also open to cybersecurity. At the time, I thought this specialty was reserved for a kind of elite. I must have been underestimating myself because I chose this path... and I did quite well in my training. The theoretical training taught me a lot and opened up new perspectives. In particular, I learned about best practices in cybersecurity and discovered the different areas of expertise and professions within cybersecurity.
I wanted to join an IT services company. The goal was pretty obvious: to have the opportunity to work with several clients, different technologies, infrastructures, and architectures; to be confronted with different situations (good and bad) and to learn as much as possible. To achieve this, working on a permanent basis at a client's site did not suit my approach.
In fact, my academic career is not yet over, as I am currently studying for a specialized master's degree, for which I am writing a thesis on "Cybersecurity Management and Change Management." It's quite stimulating because I am a student, a professional, and also a teacher.
Can you tell us more about your current job? Do the people around you understand what you do?
To put it simply, I am a "Cybersecurity Consultant." When it comes to my family, even my wife has a hard time understanding my daily life, but I actually find that quite logical. In truth, the fact that my expertise is difficult to understand is above all a testament to a highly technical and ultra-specialized profession. This difficulty in understanding our daily lives is shared by many professions, and this is especially true when you work in consulting.
By joining SQUAD, you chose to work in the service industry rather than for an end customer. Why did you make that choice?
In fact, in my search, I wanted to join an IT services company. The goal was quite obvious: to have the opportunity to see several clients, different technologies, infrastructures, or architectures; to be confronted with different situations (good or bad) and to train myself as best I could. To achieve this, being sedentary at a client's site did not suit my approach.
Secondly, I always wanted the IT services company I chose to have significant expertise in cybersecurity so that I could deepen my knowledge and learn more. Squad has this specialization, and some of my acquaintances were part of the workforce... the choice was simple.
You have also recently become a teacher. Can you tell us a little more about that?
Cryptology was my core business at the start of my career. It was even my "entry point" into cybersecurity, as well as a real personal interest. For example, I plan to take advantage of my next vacation to visit the Government Code and Cypher School (GC&CS) at Bletchley Park, where Turing made his name by decrypting Enigma messages. Naturally, I offer cryptography courses to two types of audiences: M1 students who will soon become cyber engineers, and students specializing in cyber security, to whom I also offer courses in Infrastructure Security. I strive to bring a historical component to this discipline, which for me is a science in its own right. Its history is important, because cryptology was already in use in ancient Greece. It has been part of history since ancient times and remains very relevant today, which is fascinating... and worth sharing.
Teaching is fundamental in my opinion because knowledge only has value if it is shared. Our role is to "spread the word" and share our knowledge. It is also useful for the expert who teaches because passing on knowledge also allows them to learn in return. Finally, for any expert or company, sharing knowledge brings credibility and recognition, which is important for becoming a leader in a field.
What about training in all this?
Teaching or sharing is not enough. Training is also crucial, regardless of your level of expertise, in my opinion. It is essential to be curious and to learn about new approaches and technologies so as not to become obsolete. In this regard, keeping up to date with developments in your field is necessary but not sufficient.
Do you have any advice for young students interested in pursuing a career in cybersecurity?
First of all, IT security is for everyone, not just geeks. I think the best way to find your way is to start by learning and being curious. Before that, it's a good idea to ask yourself questions to identify your strengths, passions, and goals so that you can compare this analysis with the different fields and their career opportunities. It's worth noting that IT in general is very promising in terms of employment, career development, and technical skills. Cybersecurity is even more so. During my training at EPITA, there were almost no girls in my class. I think this is something that needs to be corrected because our professions are open to all profiles. If we need more gender parity, it may also be up to all of us, as informed actors and experts, to make our professions and fields more welcoming.
