Photo: Nur Ahmad (left), Consultant PCI Security Services, Bastian Pütz, Senior Consultant PCI Security Services, Qualified Security Assessor
Security has 1,000 facets. Find your IT security discipline.
Nur, you studied computer engineering. What motivated you to enter the field of IT security after graduating?
Nur Ahmad: I find IT security particularly interesting because new challenges arise there every day – because IT is constantly developing, for example, which opens up new possibilities for attacks. In order to prevent or ward off such attacks, you have to keep your finger on the pulse and continue training and improving. So it never gets boring and you always stay up to date with the latest technologies.
Bastian, you are Nur’s “Buddy”, which means you accompany his training and help him get started in the PCI Security Services team. Tell us briefly what your team does.
Bastian Pütz: We advise companies worldwide on the data security requirements of the Credit Card Industry – the Payment Card Industry Data Security Standard (PCI DSS). We as a company and many of our team members are officially accredited as “Qualified Security Assessors”. This means that we not only advise companies on the security regulations, but also officially certify them against the standard.
Inspecting and confirming security measures. Sounds like a rather boring job.
BP: At first glance, it might. But in reality, our job is very varied. Every company has its own IT environment and data processing processes. When we are with a client, we get behind-the-scenes insights hardly anyone ever gets. At a small travel agency this may not sound exciting at first, but even there we encounter complex processes and software solutions that can acutally be very interesting. And the situation at a global corporation is on a whole different level, obviously. We also don’t have a one-size-fits-all solution that we can simply apply to any company. We really have to understand the individual situation of each client and then develop a practicable solution. The good thing is that we can help in a very concrete way.
Nur, there are different teams at usd: the pentesters at usd HeroLab, IT security consultants and your department, PCI Security Services. Why did you decide to join this team?
NA: Our job in the PCI environment combines technology and consulting, which is important to me personally. As a consultant you work with people a lot and you also get to know the latest technologies used in different IT systems. That’s great. Our international clients also give us the opportunity to travel to exciting places. In the last few weeks our colleagues have been to Sweden, Spain, Tunisia and the US, to name just a few examples.
So you are travelling all over the world and work independently in your projects. Can you really call yourselves a team at all?
NA: Absolutely. I didn’t expect the team to be working together and supporting each other this well. We have a super close network across all locations and departments and communication is surprisingly good. In addition, many colleagues here radiate a spirit that is really infectious. You honestly feel like getting to work and advancing IT security together.
BP: We want to deliver great results to our clients, so we actually have to be a good team. It’s important that each of us can rely on the different experiences and the special knowledge of all team members. We are in constant exchange with each other via different communication channels and have comprehensive meeting at least once a week.
What characteristics should a new colleague bring to your team?
BP: Ideally, he or she has a good understanding of information security, especially the technical aspects. Of course nobody knows everything, that’s why we constantly learn from each other and with each other and keep improving. However, this only works if you are genuinely interested in IT security and if you have a certain passion for the topic. You should also enjoy creating solutions to complex problems and have a pragmatic way of thinking, because that’s exactly what we need to help our clients.
NA: You have to take your job and the responsibility you carry with it absolutely seriously and be a helpful person. In addition, you should be finde with working both independently and in a team and be willing to travel every now and then.
How do you start as a beginner?
BP: Anyone who is new to usd goes through the “Become a Hero” program in order to settle in, meet colleagues and get an overview of the entire usd. The individual teams then each have their own training concept. Our team has a structured training plan for new team members, which we are constantly optimizing.
NA: Most of what you learn, whether it’s dealing with customers or technical expertise, you learn directly in customer projects. If you notice that there’s something you don’t know yet, you can rely on the help of your colleagues and work through things afterwards. In addition, everyone who starts afresh will have a personal buddy and a mentor. The mentor is an experienced colleague who is always available for professional questions, gives important tips and accompanies your professional development. My buddy is Bastian, he’s my go-to person for any issue that may come up in everyday work, so to speak. In general, however, you can always approach any colleague with any question you may have, and they will be happy to help you.
Someone with your qualifications can work almost anywhere these days. Why did you choose usd?
BP: I completed my training as a system integrator and then studied computer science with a focus on information security. With this focus, you stumble almost inevitably over usd in Cologne. You hear about the Hackers’ Days, for example. I started as a working student in 2014 and was immediately integrated and allowed to take on responsibility quickly. The decision to work here full time after my graduation in 2016 was therefore an easy one.
NA: I had a very pleasant interview and found the colleagues I talked to very likeable. In addition, I had the feeling that at usd I could contribute my own ideas. And I was right: Shortly after I started, for example, I indicated that I would like to get involved in the university environment. I’ve only been here for a few months now and am already in the middle of talks and preparations for a new cooperation project with a university. That’s really cool.