I studied for a BSc in Computer Science at the University of Manchester. When I graduated I began looking towards the future and a career. During the summer of my penultimate year, I worked as a software developer at a large telecoms company. Whilst this was a great experience, I felt that my interests lay in a career focused more with the managerial aspects of information systems. After looking into several different IT graduate opportunities, I came across technology assurance and advisory (TAA). This offered great job variety, exposure to business process management and a chance to interact with a wide range of people in different organisations on a regular basis.
I applied for a role in TAA at Deloitte, attended interviews and received an offer, all within a couple of months. I was attracted to Deloitte as they are one of the UK’s fastest growing professional services firms and their client list was very impressive. When I first started, I concentrated on projects analysing the risks and associated controls of our clients’ IT environments.
I later moved to a team looking specifically at security and privacy – there are always opportunities to specialise and move teams according to my skills and career ambitions.
It is difficult to describe a typical day in TAA as the work is so varied. A recent Monday went like this:
It’s the start of a new week and a new project so I’m travelling to the office to meet up with the engagement team I’ll be working with. We’ll be working alongside our audit team and my role on the project is to assess how well our client (a major investment bank) is controlling its information systems. This will give the audit team an understanding over how the key financial data is controlled and allow them to focus their work on potential control weaknesses. Last week I received a briefing from the project manager to make sure I had a good knowledge of the client (I also went on to the client’s website on Friday just to keep myself up to date with their latest ventures).
I’m at our offices in central London. I grab a cup of tea and meet with the others on the team. There are a few familiar faces and some new ones – it’s great being able to work with different people with different skills and experience. We have a quick team briefing and the project manager allocates tasks amongst the consultants. We check email and then take a taxi over to the client’s offices.
We’re at the client’s offices. We set up our laptops in the room that we’ve been allocated for the week and head straight into a meeting with the IT director (I spoke to him last week to arrange the meeting so he is expecting us). The purpose of the meeting is to gain a high-level understanding of the computing environment, to explain how we go about our work and to let him know how we report findings.
The IT director provides the names of the key people who we will need to speak with during the project. These people include the information security officer, network administrator and application managers. We are focusing our review on areas such as security infrastructure, authorising access to the systems and IT change management. After the meeting, I call a few people to arrange meetings for the rest of the week.
I’m going to meet with the network administrator. I spoke to her earlier and she’s booked a room for us to meet in. Before I get to the room, a busy-looking woman pushes a hand in my direction. ‘It’s Chris, isn’t it?’, she says, in the voice I recognise from earlier. We shake hands and head into the meeting room (my rumbling stomach is grateful for the coffee and biscuits we’ve been provided with). I ask how the network is secured, who has access to administer it and how changes to the firewall configuration are managed.
I run a script to pull off information on the network security configuration to check it for weaknesses. I also take copies of the firewall rule bases – whilst I know a little about rule bases, I need to ask a colleague back at the office to review them.
It’s lunchtime. With the opening meetings successfully completed and more set up for the afternoon, we go and grab a bite to eat from the Italian sandwich shop across the road. It’s a good time to catch up with the other members of the team. On this project there are five of us working together but the team size varies from two to ten people. This team is a mixture of graduates with an IT background and others with other skills and experience. It’s really good that you don’t need a specialist IT degree to work in TAA, as everyone brings their unique talents to the team.
My next meeting is with the systems administrator of the finance system. We discuss the architecture, where the system is located, how it is maintained and how users are set up, segregated and controlled. To support my discussions, I also need to obtain system output files and perform some data analysis. I find that there is no formal process for managing user accounts. I note this down as a potential weakness as this could lead to unauthorised parties gaining access to confidential information.
Meetings are, for me, one the most interesting aspects of my job as I love meeting different people. It is necessary to get a good understanding of the computing environment, analyse it and evaluate it, all within a short space of time. All our consultants have to have good time management and communication skills as well as the ability to handle different personalities.
I start collecting my thoughts. At the meetings I’ve identified a number of potential risks. The next task is to confirm my findings through analysis of the evidence. There is a formal methodology I need to follow to ensure that my work is fully documented and consistent across all the projects we work on.
I receive the results of the analysis from the security specialists at the office. There are a few questions to raise. I won’t be able to meet with the network administrator again until the next day so I add it to my to-do list. I’ve also managed to put together a first draft of my work papers. I email the papers to the project manager for review before packing my laptop away.
Time to go
I take the tube back to the City and meet with colleagues at our local for drinks. Tonight is a department social event and I’ll get a chance to share experiences with some of the other recent graduates. It’s been another interesting day. I’ve met with a number of people and made a good start in documenting my understanding of the IT systems. I’m looking forward to going back to the client tomorrow.