Where did you grow up?
I was born and raised in rural Australia and graduated from high school in 2015. Like most kids from the outback, there was not a lot of opportunities to pursue my career interest (in my case – Information Technology) in my home town beyond high school. With some help from my teachers, I was lucky enough to get into the Bachelor of IT program at CSU.
How did you get your current job?
I came into ASIO via the Technologist Graduate Program. Within the Program, I rotated through three teams over twelve months. One of my rotations was within ASIO’s IT Security team - it was such a good fit that I ended up re-entering the team once the Program was completed.
How did you choose your specialisation (compared to others)? / Were you weighing up any other alternatives before choosing this specialisation?
I always had an interest in IT (likely from an early childhood love of video games). However, IT is such a large field and I found my niche in cyber-security. I find it incredibly rewarding to understand how systems can be broken, breaking them, and fixing them again. In my last year of University, I wanted to find an employer that would allow me to follow my passion for cyber-security, as well as enable me to make a positive difference to society. Many addressed the former criterion (banks,
insurance companies, etc.). However, very few met the latter – until I found an online advertisement for ASIO’s Technologist Graduate Program, it looked like a perfect fit (spoiler alert: it was!), I applied and was lucky enough to be successful.
What was your interview process like? What kind of questions were you asked?
When applying to ASIO, I undertook several interviews (related to my aptitude, personal background and psychological profile) – each a piece of the puzzle to help determine your ability to hold a high-level security clearance and work in the organisation. I remember being daunted by the sheer number of interviews that I was asked to attend – especially knowing that other employers were typically only asking for one interview! However; each interviewer was pleasant and it never truly felt like an interview – it was always more of a conversation. I was encouraged to be myself and to that end, I was asked a lot of questions about my interests, hobbies, general knowledge (based on my field of study) and the reasons why I wanted to work at ASIO.
What does your employer do?
ASIO’s mission is to protect Australia, its people and its interests from harm. As an intelligence organisation, ASIO achieves this mission through collecting information (through both human and technological sources), analysing it, drawing conclusions from it, and sharing it with the relevant bodies to act upon it, when necessary. No matter whether you are in Human Resources, IT or on the ground performing operational activities, what you do has a direct link back to that mission – and that, I think, makes working at ASIO so fulfilling.
What are your areas of responsibility?
As a member of IT Security within ASIO, I perform a wide variety of activities that fall under the umbrella goal of ‘enabling ASIO through the secure use of technology’. Such activities include: providing advice to operational areas on their utilisation of a variety of technologies to perform technical intelligence collection; performing security assessments of ASIO’s IT systems to ascertain their fitness for holding classified information; and responding to cybersecurity incidents that may involve ASIO’s infrastructure and/or information holdings.
Can you describe a typical workday? What is the last thing you worked on?
Given ASIO’s broad utilisation of technology in both corporate and operational contexts, no two days in IT Security are ever the same. Some days, I have many meetings with various ASIO staff to discuss the technologies they want to use in a corporate/operational capacity and offer advice as to how they may securely implement those technologies. On other days, I’ll be deep-diving into our systems to see how they are configured and where appropriate, provide advice to their respective IT staff to fix any security vulnerabilities that I find. Some people may find these continual shifts in focus to be exhausting, but I love it – as it enables me to learn something new (whether it be about technology, ASIO, or myself) each day.
The last thing I worked on was an intensive security assessment of one of our new systems, which is seeking permission to hold classified information. As you can imagine, the security standard for the system was set very high, which required me to collaborate with its administrators to ensure it met this standard. With the assessment complete, my reports have now gone to the relevant decision-making bodies to decide on the next steps for the system.
What are the career prospects with your job? / Where could you or others in your position go from here?
Specialising in cyber-security within ASIO means that I get to work with, and learn from, some of the best cyber-security experts in the industry. Consequently, I have (and will likely continue to have) very strong career prospects - both inside and outside of the public sector - within the cyber-security industry. Furthermore, as ASIO is a technologically-enabled organisation, IT Security is fundamentally involved in the strategic outlook for the Organisation and its utilisation of technology. Experience in this field provides me with significant opportunity to pursue internal management roles in the future.
What would your career be if you weren’t doing what you’re doing now?
If weren’t working with ASIO, I would likely be performing a similar cyber-security function in a different sector. If cyber-security didn’t work out, I might have gone into video game development.
What do you love the most about your job? Which kind of task do you enjoy the most?
Though I appreciate that performing a cyber-security function within other industries has its rewards, I love knowing that my work here at ASIO is directly contributing to the security of Australia and its citizens. Whether it be through enhancing the security of a system that holds classified information or assisting operational staff in the secure implementation of their systems, I can always draw a direct line between my work and the organisation’s mission. Due to this, I have a strong sense of purpose working at ASIO, which I don’t think I could get anywhere else.
Being an intelligence agency, ASIO has its fair share of unique, complex problems to solve. Collaborating with a variety of people from all walks of life (both professionally and personally) to solve these problems is easily the task that I enjoy the most.
What’s the biggest limitation of your job? Do you bear a lot of responsibility? Do you have to work on weekends? Are stress levels high?
There is certainly a lot of responsibility (and sometimes stress) that comes with working at ASIO, particularly within the cyber-security space. This responsibility not only comes with the mission of the organisation but also from balancing the wide variety of tasking that you must undertake to support that mission. That being said, the sense of fulfilment you get when you complete that tasking always outweighs the stress it may cause whilst you are performing it. Plus, ASIO has several support functions to help its staff deal with stress, including internal psychologists that are available to work through any personal or professional stressors that you may have.
Typically, ASIO staff work within what is called Sensitive Compartmented Information Facilities (SCIFs), which allows us to view and handle classified information. Understandably, we can’t take such information outside of the SCIF – which means once you leave work each day, you are much better equipped to disconnect entirely. I have not had to work on weekends, but have colleagues that have needed to do so to support ASIO’s operations. That being said, these staffs are reimbursed for their efforts – either monetarily or through time-in-lieu arrangements
Which three pieces of advice would you give to a current university student? They don’t necessarily have to be related to your role or even be career-focused.