I joined SOC.OS in August of 2020, approximately a month and a half after their spin out from BAE Systems Applied Intelligence. At SOC.OS, the team are dedicated to fostering an environment of constant improvement – that of the product and ourselves as a team. This meant that when I joined, they had big plans for the scaling of the SOC.OS tool, and the company. Thanks to these plans, I was able to take part in a number of projects and opportunities for learning that included the launch of the new website, working on SOC.OS’ content strategy for sharing our work and product updates with the world, and of course, getting a front row seat to the development work that goes on behind the scenes.
The onboarding process was unlike any I had experienced so far, not least because it was entirely remote due to the impact of the coronavirus pandemic. Despite the challenges of the situation, every step of my onboarding, and the SOC.OS team’s expectations for my time with them were clearly defined. The team had put together a Trello board, detailing the first projects I would be working on, as well as resources to use for guidance in these projects. Of course, as an intern, SOC.OS and their partners at Speedinvest and BAE Systems put a lot of time into making sure I had opportunities to benefit from the advice and support I would need to achieve the goals set for me over the course of my internship, and to ensure the success of these projects.
As the first person to join the team following the spin out, myself and the teammates that followed also had the opportunity to come together and brainstorm what a successful, comprehensive onboarding process could look like going into the future, and how we can improve each time. Having previously worked almost entirely for small or independent businesses, I had a fairly good idea of the various aspects of onboarding new team members (albeit in a very different environment), although my understanding of business operations has been completely transformed by all the skills I have learnt in my time at SOC.OS, including the use of CRM tools, developing and managing a marketing campaign, updating our website, and of course, learning about the cybersecurity industry. Having been one of the 41% of UK employees to not receive cybersecurity training in past roles, I have been introduced to the MITRE ATT&CK® framework, the notion of printers being hacked, an extraordinary quantity of stock photos of mysterious persons in hoodies, and a lot of two-factor authentication.
It hasn’t been all work and no play however, since joining SOC.OS, I have both enjoyed and been impressed by their efforts to recreate a virtual working environment, not least because the founding team has grown by over half since spin-out. After my first day of setting up my IT equipment and an introduction to the goals the team had put together for my learnings and contributions, my first morning (and introduction to ‘Scrum’) began with one of my least favourite activities in the world, introducing ourselves, along with an interesting fact to the group, this is certainly a contentious subject amongst the team, and I am no closer to finding a solution to my mind going completely blank whenever it’s my turn, but I dread it less. For further insight to the team’s interests (and extraordinarily excellent brains) there’s the regular “pub” quiz. I’ve also been reminded to give my incredibly stiff hamstrings at our monthly team yoga classes, when we are encouraged to down our pens (or close our laptop lids) and get together for an early afternoon stretch.
In addition to these extra-curricular activities, a lot of emphasis is also placed on constantly learning and improving together as a team, whether that be coming together for Innovation Days, Lunch and Learn sessions, or as part of our Sprint reviews. I myself was encouraged to hold a lunch and learn session for the whole team. In this way, I was encouraged to take account of all that I had learned throughout, from meetings, webinars and courses, and to share my knowledge with the team. The team takes an active interest in all parts of the business, including those that they are not actively involved in, and take opportunities to share their knowledge and learn from that of others. As an intern, and someone who had previously not held roles involving presenting to a group, this experience was invaluable in building confidence and skills.
My position, prior to starting this role is (obviously) not unusual, and it’s been great to see an industry filled with a lot of supportive and encouraging people, making steps to demystify cybersecurity and sharing knowledge and resources. I’m convinced that better education and good security practices go hand in hand, and could be transformative. I’m looking forward to continuing my time at SOC.OS, and hopefully creating resources that will encourage security conversations outside of the infosec community.