Blog post -
MySwitch2Cyber: Software Developer to Technical Training Manager
In the next instalment of our MySwitch2Cyber blog, our talent attraction team sat down with Jeremiah Blatz to hear about his NCC Group journey and switch from a career as a Software Developer to Technical Training Manager of our Next Generation Talent program.
Hello, my name is Jeremiah, and I am NCC Group’s Next Generation Talent Program Technical Training Manager for North America based in New York, New York. Previously I was a Software Developer, mostly doing full stack web development. I got sick of building websites and had always been interested in security and wanted to find out more, but there were not many jobs dedicated to security at the time. Since this was a long time ago, I went down the self-study route and mainly learned web application security with OWASP and hackthissite.org. (These days, something like the PortSwigger Academy is a great way to get started.)
I think my career in software development helped shape my security career because it enabled me to help our clients make better architectural decisions in addressing their security needs. It's easy to change one line of code to fix a specific vulnerability, but much harder and more valuable to change the design of your software so that those sorts of vulnerabilities don't reappear over and over.
Eventually after my self-learning and study, I made the move into security, first as a Senior Security Consultant for a large player in the industry and then onto a tiny little consultancy called Matasano, which in turn a couple years later joined with iSEC and Intrepidus as part of NCC Group.The main thing I loved in my early cyber security days was the learning. I became one of the top experts in some areas of security. Plus, when I came to Matasano which eventually became NCC Group, I was surrounded by folks who knew much more about those areas, and so could quickly learn from them.
Being a Senior Security Consultant at Matasano was awesome, I got to metaphorically crawl through the ventilation ducts of the world’s most important technology.
Eventually I decided to see what life was like on the other side of the pentest report with Head of Security jobs at a small cool start-up and two big-name tech companies too.
I then spent a season fulfilling my long-held ambition of teaching sailing at Hudson River Community Sailing. After a while, though, I found myself missing security. So, I came back to NCC Group, but this time as a teacher. I run the Next Generation Talent program in North America, where we hire folks new to the field, and then teach them how to be security consultants.
As for me, I am really enjoying being back at NCC Group and being able to share my experience with people just entering the field via the Next Generation Talent program. It is also incredibly rewarding to see my students bring their varied backgrounds to work together and help each other.
I think NCC Group is a great place to start your security career. It is big enough to take on junior people, but small enough that you can get to know a significant percentage of your co-workers. In consulting you get exposure to a wide variety of organizations and technologies, I do not think there is a better way to get exposed to a wide swath of the field.
If you want to come work in cyber, but don’t know where to start, self-study through things like the PortSwigger Academy, is a great way to get an intro to web security. For a little more of a challenge, maybe look at cryptopals, and use this to learn a programming language like Python or Ruby.
This blog is the fifth of our series of career blogs ‘MySwitch2Cyber’, in which we share the inspiring stories of our colleagues who joined NCC Group at the start of their cyber security journey from diverse and non-traditional career backgrounds.