Leah Lambart:  Today, I am speaking with Sean Gunasekra, who completed his studies at Caulfield in 1994. Sean is now a partner and currently leads the cybersecurity practice for financial services for the Southeast Asia Nations. He has had the opportunity to live and work extensively across Oceania, Europe, and Asia.

Leah Lambart: Today, I welcome Sean all the way from Singapore. Sean, great to have you on the podcast. I really appreciate you giving up your time to record this interview today.

Sean Gunasekra: Leah, hello, grammarians. Hello, and I’m looking forward to having the chat.

Leah Lambart: So, Sean, I always like to start at the beginning. Can you briefly explain what your career has been since leaving Caulfield, including your education after school and the type of work that you’re currently doing?

Sean Gunasekra: Thanks for that question, Leah. So back in 1995, I started doing a Bachelor of Computing at Monash University where I graduated from that course, and then subsequently went on to do a Graduate Diploma in Business Systems, also at Monash University. Prior to joining consulting, I worked in a number of different IT roles for various organizations, but I decided to move into consulting back in 2004. So, almost 10 years after I graduated from high school, because I wanted to explore a few different career choices. At 27 years old, I was still a little bit uncertain about the specific direction I wanted to go into.

So I had the opportunity to join Accenture and work in their technology consulting area. That really gave me the opportunity to try a broad range of different projects and engagements, which allowed me to find my purpose at the moment, which is to work in cybersecurity. Since 2004, I spent 10 years with Accenture, where I had the opportunity to work quite extensively across Australia, with projects in China, India, Malaysia, and then had the opportunity to go to Europe, where I spent six years living and working in Sweden. After that, I moved to Singapore. It was a fellow Grammarian who reached out to me and asked if I was ready to come back to Asia.

So I then worked for a short time at PWC, subsequently then went to IBM. And then six years ago, I had the opportunity to work for my current firm, and I’ve been there ever since. The type of work I do revolves daily around cybersecurity. As a partner, I could be doing anything from talking to a client about a strategy in terms of the direction they want to go into, discussing emerging threats and technologies, like AI, and its implications for business and the broader global environment. I could also be helping the team on various projects, from strategy to system implementation and operations, or discussing internally how we are going to differentiate ourselves in the market. It is a broad and diverse set of activities that keeps it exciting and interesting, and I enjoy it very much.

Leah Lambart: Yeah, I mean, that’s definitely a benefit of those big consulting firms, isn’t it? It’s the variety of clients and projects that you get to work on. Could you describe what an entry-level person might do in your team, especially someone who has just completed a degree in cybersecurity or information systems?

Sean Gunasekra: Sure. Within cybersecurity, there are a number of different areas. There’s technology risk, which involves governance, policies, processes, and regulatory implications. Then there’s the more technical hands-on work, like implementing new systems and tools. We also have assurance business, which validates the effectiveness of controls through activities like penetration testing and vulnerability assessments. Finally, there are operations, where individuals maintain and operate the deployed controls.

As an associate, we have a very structured program. Over 12 to 24 months, you will have the opportunity to work across all these areas. Through discussions with your career counselor, you will refine and specialize in a specific area. You might work on an implementation project as a business analyst or technology analyst, capturing requirements and configuring solutions. You might work on proposals, receiving requirements from clients and putting together a plan around the costs and duration of implementation. Alternatively, you could work in operations, maintaining and operating tools, and understanding the challenges after the solution has gone live.

Leah Lambart: What skills and attributes would help a young person be successful in this field?

Sean Gunasekra: Curiosity is the number one attribute. Having a desire to understand how things work, how controls work, and how they can be compromised is crucial. As we are protecting organizations from internal and external threats, we need to predict how adversaries might bypass our controls. Beyond curiosity, good communication skills are essential. Being able to articulate and explain complex problems in straightforward business language is important. Working in teams and communicating with clients are also key skills.

Leah Lambart: Often, people can do a Certificate IV in Cybersecurity or a specialized Bachelor of Cybersecurity. What sort of roles might someone with an entry-level qualification get, and what kind of work would they be doing?

Sean Gunasekra: University courses are important, but there are many other technology-related courses available. Large cloud service providers like Google, AWS, and Microsoft offer their own certifications. ISACA, ISC Squared, and SANS Institute also offer specialized certifications. These courses provide hands-on experience and are seen favorably. You could work in operations, system integration, application security testing, penetration testing, or vulnerability management. A university degree is not the be-all and end-all, especially in this area. Many students have been successfully hired into consulting firms without a university degree.

Leah Lambart: That’s great advice, especially for those considering a career change. They might not have to go back and do another bachelor’s or master’s degree but can pursue certifications to get their foot in the door.

Sean Gunasekra: Yes, definitely. I can provide information on various organizations offering these courses. They combine theory and practical hands-on experience, providing a comprehensive understanding of the topic. Anyone considering a mid-career change or a career shift should look into these options.

Leah Lambart: One more question, Sean. If someone is already on the pathway to cybersecurity, what can they do while at university to be more employable at the completion of their course?

Sean Gunasekra: One interview question I ask is about the top five security threats at the moment. It’s a general knowledge question to see if the candidate is knowledgeable about the industry. Subscribing to industry websites and staying informed about geopolitical challenges is important. Doing certifications for cloud service providers or product vendors shows interest. Many organizations offer free trials for their technology, which allows you to gain hands-on experience. Internships are also important as they provide real-world exposure and help build skills and relationships. Apply for internships, as we always look for great candidates to join us.

Leah Lambart: Excellent. Thank you for your great advice, Sean. Thank you for joining me all the way from Singapore, and best of luck with the move back to Melbourne.

Sean Gunasekra: Thank you so much. I’ll send you the notes after this call, Leah. Anyone listening, please reach out to me on LinkedIn if you have any questions. Best of luck with your future career endeavors.

Leah Lambart: Thanks for tuning into today’s episode. Make sure to follow us on socials and update your details to hear all the latest community news and events. Because wherever life takes you, you are never far away.