How a cyberattack inspired this security engineer’s career

Shane McCausland discusses how a cyber scare in university led him down a career path to joining Yahoo’s cybersecurity team, The Paranoids.

For Shane McCausland, his first taste of cybersecurity came rather abruptly during his final year of an undergraduate degree in computer games development at University of Limerick.

McCausland had built a private branch exchange VoIP (voice over internet protocol) system for internal communications at the university as part of his final-year project. “The project aimed to use the existing Asterisk framework to implement a web-based front-end for users to sign in, access a directory and make calls,” he explains.

“At the outset, I didn’t realise that phone systems connected to the internet are prime targets for attackers looking to spoof the system for fraudulent calls.”

Just a few weeks before his project deadline, his system was compromised by a series of “brute force attacks from a suspicious origin”.

“Initially panicked, I took a step back and immersed myself in cybersecurity literature. I soon understood that such vulnerabilities were common and decided to incorporate the attack and its remediation as major components of my project.”

Not only did McCausland manage to salvage his project in time, but he also discovered a deep interest in cybersecurity and decided to pursue a career in the area.

Since then, he has completed a master’s in cybersecurity at Munster Technological University and now works as a security data engineer with The Paranoids, Yahoo’s specialised cybersecurity team.

What brought you to your current job?

My decision to pivot to a career in cybersecurity stemmed from a desire for advancement and a deep interest in the field. In my previous roles in software and web development, I felt increasingly stagnant and eager for more substantial challenges and growth opportunities. This desire led me to a significant life decision: leaving my established career to pursue a master’s degree in cybersecurity at Munster Technological University (MTU) Cork. This change not only expanded my expertise but also opened doors to more dynamic and fulfilling opportunities in the cybersecurity sector.

What draws me particularly to cybersecurity is the variety it offers in day-to-day tasks; it’s a field where one must always be prepared for anything. On any given day, you might find yourself taking on multiple roles, each presenting unique challenges and learning opportunities. From being an incident responder dealing with security breaches to a data engineer managing and analysing critical information, the roles are varied.

However, I primarily thrived as a data engineer. In this role, I developed a profound appreciation for data and its crucial role in both preventing and detecting threats. Managing and safeguarding vast datasets not only honed my technical skills but also deepened my understanding of how critical data management is to the security landscape, continually fuelling my professional growth and satisfaction.

What were the biggest surprises or challenges you encountered on your career path in cybersecurity and how did you deal with them?

One of the biggest surprises and challenges I encountered, particularly as a data engineer, was the sheer breadth and complexity of the threats. When I transitioned from software development to cybersecurity, I was aware of potential security issues, but the constant evolution and sophistication of these threats were more intense than I anticipated. Every day, new vulnerabilities and tactics are developed by malicious actors, making it a relentless task to stay ahead.

Adapting to the rapid pace of change in cybersecurity involves continuous learning and flexibility, particularly in managing and protecting data. I stay updated with the latest security trends and technologies through ongoing education and professional development. This commitment has been crucial in navigating the challenges and leveraging them as opportunities for growth, ensuring that the data I manage remains secure and robust against evolving threats.

Was there any one person who was particularly influential as your career developed?

In my current role as a data engineer, my manager Josh Hart has been crucial to my professional growth. His leadership promotes continual improvement and innovation, pushing our team to adopt new technologies and strategies to counter emerging security threats. Hart goes beyond typical managerial roles by mentoring us, enhancing our understanding of cybersecurity’s complex challenges. His ability to pinpoint threats and optimise our data use has greatly improved our capabilities, as well as my own personal career development.

‘Effective collaboration is key to success in many technical fields, including mine’

What do you enjoy most about your job?

What I enjoy most about my current role is the dynamic and intellectually stimulating environment it provides. Each day is filled with new challenges and opportunities to solve complex problems, which keeps my work exciting and fulfilling. I appreciate the critical role that data plays in shaping cybersecurity strategies and the strong sense of responsibility and achievement that comes with managing and protecting sensitive information.

One project I’m particularly proud of is building an entire data pipeline ETL using AWS services and Terraform. It was a massive undertaking, but deploying a system I built from scratch – which has become a vital component of our day-to-day operations – is incredibly satisfying. Being able to work on this project daily and seeing it function smoothly adds a rewarding dimension to my role.

The continuous learning aspect of my job is another highlight. Cybersecurity is an ever-evolving field, and staying current with the latest technologies and threats is crucial. This ongoing education keeps my skills sharp and professionally fulfilling.

What aspects of your personality do you feel make you suited to cybersecurity?

In my role as a security data engineer, certain personality traits help me effectively manage the challenges and responsibilities that come with the position. Curiosity and attention to detail are essential as they enable me to analyse complex data patterns and identify subtle discrepancies that could signal potential issues. These traits ensure that I maintain vigilance, which is crucial for protecting sensitive information.

Being adaptable is another important quality, especially in a field that continuously evolves with new technologies and strategies. My openness to change and quick learning ability allow me to stay effective and responsive to new challenges.

Lastly, effective collaboration is key to success in many technical fields, including mine. Working well within a team, sharing insights, and collectively solving problems are all part of daily operations. My cooperative nature not only strengthens team dynamics but also improves our overall problem-solving capacity.

What can people expect from career progression in the cybersecurity industry? Did your current employer support you with this?

In the industry, career progression can be both rapid and rewarding, given the field’s critical importance and the constant demand for skilled professionals. Individuals can expect to move through various roles, from entry-level positions to more specialised areas such as threat analysis, incident response or data engineering, depending on their interests and skills.

At Yahoo, there is a strong emphasis on supporting career development. They have facilitated my growth through various means. One significant support has been access to continuous learning opportunities; Yahoo offers training programmes and certifications that are essential for staying updated with the latest security technologies and practices. This emphasis on education is crucial due to the constantly evolving tech stack in the industry, which requires professionals to be agile and knowledgeable about new tools and approaches.

What advice would you give to those considering a career in cybersecurity, or just starting out in one?

For those considering a career in cybersecurity or just starting out, my advice is to embrace continuous learning and stay curious. The field is constantly evolving with new threats and technologies, so keeping your knowledge up to date is crucial. Dive into resources like online courses, webinars and certifications that cover current cybersecurity trends and tools.

Networking is also key. Connect with professionals in the field through online forums, LinkedIn and industry conferences. Learning from others’ experiences and insights can provide valuable guidance and open up opportunities.

Focus on building a solid technical foundation. Understanding the basics of networking, systems administration and programming is essential, as these skills are often at the core of many cybersecurity roles.

Finally, be proactive about gaining practical experience. Whether through internships, volunteer work or personal projects, hands-on experience is invaluable. It not only enhances your skills but also makes you a more attractive candidate to potential employers.

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.