From Barista to ISO27001
Life’s journey often takes unexpected turns, and sometimes, those twists can lead to remarkable transformations in your career. Over the past year and a bit, I have gone on a career journey that started from behind a coffee counter and ended with the privilege of leading a team of ISO 27001 internal auditors.
Not so long ago, my days were filled with the rich aroma of coffee beans and the friendly hum of customers. I was a barista, crafting cappuccinos and lattes, creating moments of warmth and connection for patrons. While I loved the hustle and bustle of the cafe, I was nearing the end of my studies and wanted to switch things up a bit.
I was browsing LinkedIn and saw Bevan Lane asking for junior information security consultants, so I decided to throw my hat in the ring and drop him an email. While I was optimistic, due to my lack of certifications or tangible cybersecurity knowledge I didn’t think I was going to be successful in this attempt but thought it would be good interviewing experience. One interview lead into another and roughly a month after that first email I was meeting with the team on Day 1 as an information security consultant.
Being thrown into the deep end, but having the likes of Bevan and Rowan Botha to lean on, meant learning fast and adapting on the fly. I joined in the midst of a big company push towards implementing ISO27001 within companies and conducting their internal audits, with a gap forming for someone to head up the auditing team. I buried my head into ISO27001 and ensured I was well versed, taking every opportunity to get involved in audits and implementation meetings.
After a few months of learning about ISO, I was sent on the PECB ISO 27001 Lead Implementer course which allowed me to bank a certification and was a nice reward for all the work I had been doing. This also boosted my confidence to advise clients on implementations and hold my own during audits. My time at Infosec Advisory Group so far has flown by and I now find myself heading up an audits and assessments team, something barista me could never see happening.
Within the audits and implementations, being able to talk people at all levels in a company has been vital. You spend hours and hours in meetings, you need to be good at holding a conversation otherwise you can quickly fall into the question-answer monotony. To pinpoint one specific moment where I started feeling comfortable talking to people way above me in title would be hard, but I rather credit it to multiple smaller interactions with people occupying these C-suite positions in various companies. From conferences, to events hosted by vendors and joining the CISO Alliances for a day, it allowed me to converse with people about cybersecurity, but in a relaxed, non-work environment. No matter their title, they still put their pants on one leg at a time.
Consider this post a bit of personal reflection on my progress, something I think people often don’t do in this fast-paced industry. I am guilty for always looking for the next best thing, sometimes it is good to look back and see just how far you have come. Remember, your career journey can take unexpected and exciting turns, and with the right dedication, anything can be done. Whether you’re eyeing a career change or are simply curious about a new field, don’t hesitate to take that first step – your transformative journey may be just around the corner.