MySwitch2Cyber: from Museology and Cultural Heritage student to Offensive Cyber Security Consultant

In this instalment of our MySwitch2Cyber blog series, our talent attraction team sat down with Jasper Arts from our Danish team in Copenhagen to hear about his journey from a study of Museology (the study of Museums) to a security trainee and now Offensive Cyber Security Consultant.

My official title is Offensive Cyber Security Consultant, but if I have to introduce myself, depending on the other party’s reaction I also tell people that I am a “pen tester” or “I work with computers” (smiles mischievously).

Before all this, I studied Museology, which is the study of museums at an academy in Amsterdam. It’s a bit like Cultural Heritage. But I was always into computers – helping with friends and family PC’s, whenever there was a problem to solve. When I eventually finished my studies at the academy (because I’ve been postponing it quite some time), I applied for a re-education program. It was called “Make-IT-work" ( www.it-omscholing.nl), as in “Information Technology”. I was learning to become a software engineer in Java. I did enjoy certain aspects of becoming, but after all it was not the most interesting to me.

I talked to my teachers, and they told me that I have a hacker’s mentality. I thought this was a much more interesting option immediately than “simple” software developing. The place where I worked after the reschooling, only worked with “low code” applications, and I needed more freedom. The ball got rolling when I quit my job and applied for the traineeship at Fox-IT.

I started out as a trainee at Fox-IT, on the 1st of January 2020 and was in the same group as Ariela (read her story here). I joined the offensive team (pen testing) – which was cooler and more interesting to me from the start. During the 1,5 years of traineeship, I rolled into other departments as well, to learn. I had no background yet for working at the Red Team, but the traineeship provided us with the required knowledge. We worked with detectives – analysts, DetACT-ists, plus SOC (Security Operations Centre) “duty” once a week as well. The system operations experience came after that, I did the computer networking bit and studied CCNA. After that I was able to switch to the Red Team. I’m still learning, and it’s a steep learning curve. It was slow and hard work to become part of the Red Team, but it was worth it.

Around September 2021 me and my girlfriend decided to move to Copenhagen. She studies in Sweden, which is only a “short” commute from the Danish capital city. As Fox-IT is part of NCC Group, and has an office there, it was not a strange idea. I discussed it with my manager, and he helped to achieve this goal.

Moving from Delft to Copenhagen was not hard, but it was a whole procedure and involved lots of paperwork. Fortunately, telling the right people about our plans, it was set into motion and the managers made it happen. The office here is really nice and the lunches are great (we have two different catering services that alternate every week, so it’s never boring).

NCC Group and Fox-IT have a lot to offer, and I can definitely see myself continuing down this path. I have a lot of freedom and still have lots to learn.

The hardest part is making the time and putting the effort into learning the basics. My advice for anyone interested: start yourself.
If you have no experience yet, it can be overwhelming, so take it step by step. There are no shortcuts, you just have to put in the work.

If you want to get into pen testing for instance, go to the Cybermentor. He’s quite active on YouTube and LinkedIn and gives great advice. He does a lot of offensive security and he’s exceptionally good at explaining, just a great mentor. Even the older videos are still an immense help today. Just remember to focus on one, because so much is available, it’s easy to get overwhelmed.

MySwitch2Cyber

This blog is the 7th of our series of career blogs ‘MySwitch2Cyber’, in which we will be sharing the inspiring stories of our colleagues who joined NCC Group at the start of their cyber security journey from diverse and non-traditional career backgrounds.