I love my job: pen testers are like the rock stars of IT!
It’s up to us to find weaknesses in systems before the bad actors do. Our work helps members to build better defences against cyber-attacks.
What does a pen tester do and why is it important?
Penetration testers are basically ‘ethical’ hackers. It’s our job to try and infiltrate college and university networks – with their full knowledge and permission, of course!
We have the same skills and use similar techniques to criminal hackers, who will be looking to steal and exploit data, commonly for monetary, political or purely disruptive gain, but we always work on the right side of the law.
How did you get into pen testing?
My dad was always pretty good with electronics and computers, and he got me interested in technology.
Fast forward a few years and I joined the Royal Navy as a weapons engineer aged 17. At the training site there was a black building with no windows and an armed guard. It was lead-lined so that no communications could get out – and I really wanted to be in there!
After I left the Navy aged 20, I started working in IT for a company that gave me a chance; I had no qualifications, but I was willing to learn.
I really wanted to do a lot more with IT than just working on software, so I spent my lunch breaks challenging my skills on hacking training sites.
I started becoming interested in cybers security there and it continued when I moved on to a software company. I really wanted to do a lot more with IT than just working on software, so I spent my lunch breaks challenging my skills on hacking training sites.
Then I joined the OpenAthens team at Eduserv as a technical consultant, helping to set up single sign-on for publishers. When Eduserv became part of Jisc in 2018, I realised Jisc had a pen testing team doing absolutely everything that I wanted to do.
After seeing a video of one of the pen testers at the staff conference telling everyone how much he loved his job, I found him there and went to talk about it.
Shortly afterwards I started a secondment with the pen testers and studied to learn more about it in the evenings.
I’ve been working as a full-time pen tester at Jisc for almost two years. It's fun and I love it.
What is it that you like about pen testing?
I'm mildly autistic, so finding something that keeps me occupied is difficult.
Because I am so focused, I learn how to do most jobs very quickly and then I get bored, but with pen testing every day is completely different.
The tests change all the time and new technology or software comes out frequently, so there are always new techniques and hacking tools to master.
We work with lots of different institutions and each organisation has a different IT set-up, so no two tests are the same.
I'm head-over-heels for my job; I love it. I look forward to starting each new week because there’s always something new to learn.
I'm never going to learn it all because things change so fast, and that keeps me going - that and knowing that pen testers are like the rock stars of IT!
I'm head-over-heels for my job; I love it. I look forward to starting each new week because there’s always something new to learn.
What got you started writing children’s books?
I'm not really a writer, I just came up with the idea one day and it keeps me occupied during my spare time.
I'm never going to write a novel because autism means I find creating characters and storylines difficult, but I wanted to find a way to share my passion for cyber security. I figured that writing a children's book would be a good way to start.
My daughter Imogen is 11 and the main character in the books is based on her.
Even quite young children have phones, they’re surrounded by technology connected to the internet and kids are comfortable in that environment, but it’s really important they know how to keep themselves safe online.
The books are about being careful online, but the pictures show that it's possible to have fun with technology as well.
The books are aimed at children between about five and seven. They’re not technical at all – I’ve written about simple concepts, like passwords and how to recognise a dodgy hyperlink, but in a fun way. Maybe the books will spark some interest in working in cyber security.
I did all the the artwork using generative AI and wording at the beginning explains that. The books are about being careful online, but the pictures show that it's possible to have fun with technology as well.
How has being autistic helped or hindered your career?
Being autistic means I get distracted extremely easily unless I'm doing something that I love. It also means I can really focus on a task, although I can take that to the extreme, going for six or seven hours without a break; I sometimes forget to eat, or I sit up until very late at night.
Do you have any advice for people thinking of a career in cyber security?
There’s a shortage of skilled IT and cyber security staff in the UK, and many organisations struggle to recruit good people, Jisc and its members included.
Recruitment is more of a problem in the charity and public sectors because they can’t compete with salaries offered by commercial organisations, so many take on inexperienced staff, like me, and train them up.
Jisc has been really supportive, providing the support and training that I and the rest of the team need to be successful.
Ultimately, we’re here as part of a wider team and a set of services that combine to help the sector improve its cybers ecurity. We’re making a difference and that feels good.
Further information
Alex works as part of a 10-strong team of pen testers at Jisc. Find out more about our penetration testing service and keep an eye out for job opportunities at Jisc.
Alex's first two books, Imogen and the Digital Dilemma and Imogen and the Password Puzzle, are out now on Amazon.
About the author