Robert Lockwood's journey into cybersecurity all started with the right book.

Robert Lockwood Director of Fusion Cell

Information accurate on date of publishing - February 2020

"Growing up, cybersecurity wasn't something I'd particularly considered, although I enjoyed tech and loved WarGames! Originally, a career in architecture or law enforcement sounded attractive, but a bit later on, the realisation that I liked understanding how things worked, taking them apart and putting them back together again, led me to take an engineering degree.

There were impressive computing facilities at university and by the mid-'90s, I was making daily use of the Internet. My skills started developing as, amongst the wider engineering study, there was a deep dive into digital technology and telecoms, and I started working with Unix. They improved further when, during an industry year, I got very hands-on in process control and security, and the related interconnectivity aspects. Around the same time, the classic Cliff Stoll book, 'The Cuckoo's Egg', landed in my hands. That was the hook. So, in the late '90s, I took a master's; Royal Holloway was the first university in the UK teaching 'infosec' and offered strong industry links and an international alumni network. Then, after a project in Microsoft UK's government consulting team, I launched into a 'cyber' career.

Initially, I worked for KPMG and then within the UK's Critical National Infrastructure, where I engaged with NISCC - now CPNI - and was trained and certified by CESG, now a part of the UK's NCSC. After obtaining CISSP in 2003, I set up Fusion Cell to provide a range of consultancy and security services to clients. Since then, I've been involved in some very interesting and high-profile projects, working with diverse teams and stakeholders. My passion is cyber and infosec, but I've been lucky to combine that with the other aspects of security - for example, cyber-physical security convergence for securing the London2012 Olympic Games. I've also worked heavily in strategy and maturation, helping various organisations secure and focus investment for improving cyber posture."

"Clients are wide ranging across government and the private sector, and projects have included advising and delivering on significant security capabilities for multi- nationals, parts of the UK CNI and for London2012 with the Olympic Delivery Authority."

Introduction to SANS

"I was well aware of SANS from the early '00s, although didn't train with it directly until 2015" explained Rob. "However, in the early years, two useful books lived on my desk - 'Intrusion Signatures and Analysis' and 'Network Intrusion Detection'. These originated from SANS authors. I had high expectations of SANS after applying what I'd learnt and still have them some 20 years later!".

Keen to continue developing the technical-side of his skills base, Rob went on to explore SANS training. "I found the whole process very straightforward, from understanding the course offerings and routes to specialise, to booking training around my schedule. There's a wide set of options and lots of training modalities"

High standards from training to qualifying

Having taken a few SANS courses, Rob has been impressed each time with the training experience. "You arrive at well-organised venues, with materials awaiting you and surrounded by motivated industry students, hungry to learn and engage. The instructors are experts - interactive, knowledgeable and dynamic. I've taken training with Rob Lee, Justin Searle, James Lyne and Christopher Robinson, all of whom are passionate and armed with war stories! Having been through three times so far, including once as a facilitator, I trust the SANS training experience and, having certified, can say the same for the GIAC certification process. It's slick and high quality".

"I am part of a growing community in the UK industry and beyond, and having been in it for more than 20 years, have a wide set of connections - I regularly hear positive things from other people; SANS training is highly regarded."

We asked Rob for his thoughts on the SANS facilitator training experience: "It was a great opportunity to get to know SANS behind the scenes. I like meeting and working with new people, and so enjoyed getting to know the instructors and training alongside international peers - and supporting them, if any issues arose."

Not new to cybersecurity, Rob has experienced a wide range of training from various companies and organisations, both of technical and management focus. So, what was it about SANS training that gained his attention? "I'm impressed by the range and depth covered by SANS. The instructors know the detail and the materials are comprehensive. Over the years, it has developed a wide set of options focused on teaching in-demand skills with real application. There's a useful route for everyone - whether you're a business leader with current - or emerging - cyber responsibilities, CISO, manager or technical specialist (e.g. application security, incident response and forensics)." It's important that your training and certifications are recognised by industry peers, customers and employers and Rob's experience with SANS has left a positive impression.

"SANS training and GIAC are reliable investments and you finish feeling like you got value, enriched with skills that you can apply for your customers or employer."

Rob went on to explain GIAC certification. "My view is that GIAC qualifications are typically well received by customers and employers, and importantly, there's external accreditation of GIAC certifications via ANSI/ISO/IEC 17024. The process of booking the exam is simple, the study materials are great and include wider reading links, plus there are options available to access online practice exams. After the bookwork and hands-on practice, I found that these helped focus my mind ready for the real thing."

The SANS difference

"Whilst cybersecurity training is booming, customers, employers and peers often value those trained by SANS - I often see recruitment profiles seeking candidates with GIAC". Rob feels strongly that SANS resources and training have positively impacted on his career; "With SANS, I've reinforced and widened my knowledge and kept practical skills current. I also appreciate the SANS community in the background, both in- and outside of the events. For example, beyond the onsite events, I attend SANS webcasts, read the research materials and am on the GIAC Advisory Board."

Operating across the management and technical layers of cybersecurity, Rob values the impact of SANS training. "You come away with a very usable set of skills. Cyber is fast moving, but I feel current and confident when advising customers and stakeholders, whether that's regarding technical operations or design, or on management and strategy. I work a lot on SOC and CERT capabilities, and often find highly regarded GIACs in those areas. Equally, there are other GIAC paths available, which some of my CISO contacts have followed."

"Aside from taking SANS training courses, I regularly use the SANS Reading Room - a vetted SANS community resource for getting knowledge on specific areas that you may find yourself working on."

Top Recommendation

We asked Rob what he'd like to say to those thinking about taking SANS training; "Expect SANS to take you seriously as a customer and to deliver. Content is kept up to date and whilst the instructors are often deeply technical, SANS clearly requires great soft skills to be one. Finally, many of the students come in from top companies and publicly funded agencies, so enjoy the networking and sharing opportunities."

GIAC Certifications held by Rob:

GCFE: Certified Forensic Examiner
GICSP: Global Industrial Cyber Security Professional

SANS Training Courses taken by Rob:

FOR500: Windows Forensics Analysis
SEC580: Metasploit Kung Fu for Enterprise Pen Testing
ICS410: ICS/SCADA Security Essentials

Other industry certifications held by Rob:

ISO/IEC 27001 Lead Auditor