How do I become a Security Consultant?

7. June 2023

Are you passionate about cyber security and want to accompany other companies on their way to more security? What skills should you bring with you as an IT security consultant and what does your day-to-day work look like? Victoria Kunde, Security Consultant in the Security Consulting division, answers these and other questions.

What does a security consultant do? 

The initial focus is on comprehensive consulting in all aspects of information security. This starts with answering the questions:

  • "What is the current status of cyber security in my company?"
  • "What goals do I want to achieve?"
  • "What does my company need to implement information security sustainably?"

But Security Consulting is also much more, because we support our customers on their individual journey to more security with 'words and deeds': we develop concepts, write guidelines, prepare information security topics in an understandable way and pragmatically find individual solutions, without deviating from our standards for information security. Everything is adapted to the applicable regulatory and industry-specific requirements of the respective customer.

What skills should I have as a Security Consultant? 

It is helpful if you have already gained some knowledge in IT security. I myself have a master's degree in IT security and thus very specialized knowledge around cryptography, less in the area of information security. Nevertheless, I was able to familiarize myself with the subject area quickly. Your personal motivation is particularly important here. Even at the customer's site, you may come across something new - for example, an expression that you didn't know before. We are always working our way into new subject areas with the aim of offering our customers suitable solutions.

In addition to your professional qualifications, you should also have a certain degree of flexibility. We travel much less nowadays, as our customers have learned to appreciate the advantages of home offices and Microsoft Teams meetings. However, especially for long-term projects, we are happy to meet our customers in person. That's why on-site customer meetings are still indispensable for us. But you also need to be flexible: in the course of a consulting project, new, unplanned situations can always arise to which you need to react flexibly. A high level of communication skills is therefore indispensable, and also essential for finding solutions. We talk to different stakeholders, gather requirements, wishes as well as goals and evaluate what is possible, reasonable and feasible.

Finally, as a security consultant, I have to be able to present my findings in an understandable way. Both in front of experts and at management level. For me, the variety created by this type of work is quite appealing and it certainly won't be boring.  

What is the best way to learn these skills?

Of course, a degree in technical fields will help you to understand and you should enjoy dealing with customers. But as individual as our customers and our solutions for them are, personal skills and strengths can also differ from Security Consultant to Security Consultant. Different perspectives and skills are definitely enriching for our work.

How do we support you on your way to becoming a security consultant?

The support of usd is diverse and at the same time individually tailored to you as an employee. You start with your personal orientation plan and from day one you have your personal buddy who will support you as a mentor. At the beginning, you will learn office skills in general and Excel basics in particular, as well as the basics of information security management.

In addition to the technical training, you will also go through the "Become a Hero" program. For me as a consultant, the units Business Outfit and Lunch, Consultant Skills, Presentation Techniques and the ITIL training were particularly helpful.

At the end of the induction period, all consultants take an exam to become an usd Certified Information Security Professional (UCIP). It is an usd-internal certificate which you receive after passing an exam in the form of an elaboration and presentation of a topic from a current customer project.

Even after the initial training we continue to educate ourselves. Especially in the annual interview, personal development opportunities are discussed. This way you can certify yourself according to international standards such as CompTIA Security+.

Are you interested in learning more about your career opportunities as a Security Consultant? Find out more about your career opportunities with us here.

Also interesting:

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

The Digital Operational Resilience Act (DORA) will apply as of January 17, 2025. In addition to routine operational resilience testing, DORA will also make it mandatory for certain financial companies to carry out threat-led penetration testing (TLPT) every three...

Security Advisory on Gambio

Security Advisory on Gambio

The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the management of inventory and orders. Our professionals discovered a vulnerability in the password...