Focus on a Chartered Security Professional: Andy Smith
Let’s start at the beginning of my involvement with computing: at school, I was a member of both the maths and chess clubs – the ideal person to be bullied, but for the fact I had a lot of cousins.
Being part of the maths club meant that when we got the first computers in school, I was one of those to start using them. They were the Acorn BBC computers that went along with the BBC series, The Computer Programme and Making the most of the Micro.
Fast forward a few years and after a short stint in the Royal Air Force, I ended up working for Acorn Computers in Cambridge. I got my first internet email address in 1986, so will celebrate using the internet for 40 years next year. Even back then hacking was a thing and I found the concept fascinating. This predated the first Computer Misuse Act of 1990. Not saying I was naughty before then…. I also achieved Bachelor of Computer Science in 1992.
From there I went to an internet service provider, where I started working with firewalls and other aspects of computer security. I installed the first official firewall in GCHQ in 1991. Having realised my potential, I became an independent consultant and soon realised I needed professional qualifications to support my career. During the process of attaining them, I worked for the European Space Agency in Italy and Germany, then General Motors in Belgium.
I got CISSP (Certified Information Systems Security Professional) in 2003 when I became a CESG (Communications-Electronics Security Group) Listed Advisor, which started a 13-year run of working as an advisor in government. I got my Master’s degree in Information Security in 2006. I soon realised that a Royal Charter was respected and something I really needed to aspire to. I got Chartered IT Professional (CITP) and Chartered Engineer (CEng) via the BCS (British Computer Society) in 2009, as there was nothing specifically for security. I also studied hard and achieved an array of security qualifications.
I joined the Security Institute with a recommendation and sponsorship from colleagues, and achieved Fellow in 2008. When Chartered Security Professional came along, I applied and was number 23 to be admitted to the Register and the first Cybersecurity practitioner. That was back in March 2012. It was a hard process being the first cyber specialist, as the interviewers had no experience in this area. Most in the Security Institute at that time came from protective security backgrounds. I would like to think I helped expand their view a bit.
So why the Royal Charter? Like other Royal Charters, it’s highly respected, be that Chartered Accountant, Chartered Surveyor or Chartered Engineer. It commands this respect as it’s not easy to achieve and has a stringent peer review process to oversee entry. Chartered Security Professional covers all areas of security, from physical through personnel to cyber. Its key aspect is that it applies to those who operate at a strategic level or have strategic influence in the industry. In many of my consulting roles, my Royal Charters have helped to ensure I am taken seriously and respected as an expert in my field. I have now held CSyP for 13 years.
Since 2016 I have been one of the interviewers for CSyP and enjoy the learning experience I get from the interviews, in addition to giving back to the community and helping others progress in their career. CSyP is the gold standard and ultimate accolade for a security professional. It is therefore important that we keep the standards of entry to the Register high and I am humbled to be part of the process.
I think it’s a great goal to strive for and should be the ultimate accolade for anyone in any area of security.
Eur Ing Andy Smith MSc CEng CITP FBCS CSyP FSyI SMIEEE SIRM CISSP ISSAP ISSMP CCSP CISA CISM CRISC CDPSE
