Interview of M4tou - 41 years old - Marine navigation specialist in professional retraining
Interview of M4tou - 41 years old - Marine navigation specialist in professional retraining
Specialist in maritime navigation, M4tou started a career change in 2017 to work in cybersecurity. During his computer architecture design training he enthusiastically discovered Root-Me. Thanks to his involvement in the non-profit organization, in 2022 he joined the QA team that keeps the platform and challenges operational. He now is the QA team leader and as he’s nearing the end of his training he shall soon start a new professional journey!
Introduction / Presentation
Who are you and what are you currently doing ?
I just passed my computer architecture designer diploma and I am getting ready to get my Master Degree as an engineer. At the same time I’m trying to get my first job in this field thanks to my diploma while pursuing my training on Root-Me.
What got you into cybersecurity ?
As a specialist in maritime electronic navigation, I realized several years ago that computer threats were going to impact my job but also our entire contemporary environment. I had been practicing computer science at a minimal level and I started to prepare for a career change in 2017 through the CNED and the CNAM - two French distance learning programs.
How did you experience your career change ?
I am right at the start of my cybersecurity career because I don’t have a job in it yet. But I am aware of the hardness of changing professional fields. I am approaching it serenely because in my current job in maritime navigation the ability to adapt is important - and it’s also key in cybersecurity! I also have developed very useful transversal skills such as project management, personnel management, decision-making on partial perception, …
What domains are you particularly interested in ?
I am interested in almost every subject: I am starting out in all of them!
Cyber Experience
What is a typical day like? A typical week for you ?
I am working full time in a completely different activity at the moment. My day in cybersecurity starts in the evening, after work. As a father, I split my time between a screen and my home, and I have to find a balance! I spend about 2 to 3 hours per day on training (with Root-Me or the CNAM). On weekends, I get up very early to work before I become a father again.
What mistakes were you making when you first started in this industry ?
My main mistake is that I’m not patient enough: I often want to move forward too quickly and don’t spend enough time building a method of action. Developing a cyber watch and acquiring good information gathering practices is the beginning of a good strategy! Analyzing the information, defining an attack plan, preparing, implementing… these might ring a bell to some!
What were your main challenges in learning this job ?
I had a lot of trouble identifying the branches in cyber. “Cyber” is a “suitcase word” that encompasses many different things. At the beginning, people I met in the cyber community made me feel like a beginner and they didn’t give me any information to help me find my way. There are now many more resources available such as the ANSSI Guide Panorama des métiers de la cyber which is quite well done. This guide didn’t exist when I started. Another struggle is that I have to be tenacious because I work with many good technical profiles and I come from an organisational background. I have to prove my legitimacy to people who are much more skilled than I am from a technical standpoint.
What do you feel you do better with experience ?
Experience allows me to move forward more quickly during the information gathering phase. With the patient repetition of the RM exercises, I have sped up the process of analysing information and building a response. Thanks to a couple of tools I identified in other exercises, I can test hypotheses more easily and manage to “open a breach” to exploit in the challenge.
What do you see as the most important security challenge right now, and how do you plan to contribute to it ?
It is the democratization of computer security for professionals but also for the public. In the environment I work in, there are a lot of talks about Hollywood-like attacks done by different groups of efficient hackers. But if everyone did the minimum in terms of security, we would already have more effective protection against many cyber threats.
Your relation with Root-Me ?
How did Root-Me help you on your career path ?
My training started in computer development (BTS) then into cyber risks analysis, which was quite far from the purely technical field. I quickly decided to complete my training via Root-Me in order to nurture a different approach. My goal was to acquire enough technical skills to be more aware and efficient in solving cyber governance issues.
What is your favorite type of challenge and why ?
I like the challenges that are not in “real time” like the Forensic challenges challenges. You can spend ‘cold’ time analyzing and working without being necessarily on the platform and finally give an answer in a limited time to complete the challenge. I prefer to get the files, to work on my own and then to send my solution.
What aspects of Root-Me do you appreciate in particular ?
I got my Root-Me membership card the moment the Root-Me Discord went public! It was the missing link to get the players closer together and to speed up the learning process. I really enjoyed the quizzes as well. I haven’t tried ctfalltheday yet due to lack of practice. I’m catching up on the Twitch conferences through Youtube replays because I unfortunately don’t have the time to watch them live.
Until today, what are your best achievements on Root-Me ?
Besides acquiring technical skills through the Root-Me challenges, the unexpected benefit I found was the opportunity to be part of a network within the cyber community. At first, I came to the platform for educational purposes, but then I met people well integrated within the cyber community. In the end, my greatest success is to be part of the Root-Me community.
What does the Root-Me community bring to you that you can’t/don’t think you can find elsewhere ?
I volunteered for Root-Me for a year. I was approached for my development skills to help develop the Discord bot. Since I started, I’ve been working with the Quality Assurance team to keep the bot’s code up to date, to debug and deploy new tools according to the community’s requests. As a recent “Lead QA”, I will be able to learn more about server maintenance and later create new challenges myself! Although this volunteering time has impacted the evolution of my points on RM, I am delighted to participate and benefit from the community’s advises to strengthen my skills.
Do you have points of improvement or wishes regarding the evolution of the platform that you would like to transmit to the Root-Me team ?
I don’t have much to say to the RM team through this interview! They are accessible enough to have a pleasant and constructive ongoing dialogue.
Tips
In your opinion, what are the main qualities needed to do this job ?
Patience, humility, ability to communicate and team work.
What advice would you give to someone considering a career change in this domain ?
If I had to give some advice to ambitious people who plan to change jobs, I would advise them to approach IT as a whole before starting in the specific field of cybersecurity. A second piece of advice would be to be persistent! The amount of cyber learning required and the fast evolution of the environment can sometimes be discouraging, but don’t worry, nobody will demand of you to become the new hacking star! A good solution would be to identify the field / job that you like the most and specialize in it. One last point is to believe in your project! I’ve met more people who tried to discourage me from training in cyber than advisors who supported me in this process.
What are your ambitions for the future ?
I have a few, on three levels :
- As a Root-Me player I would like to eventually rise to the rank of hacker. This is quite an ambition because I have to score 150 points per week and that’s a lot of work.
- At the level of the Root-Me Association I don’t intend to stop there. I have just integrated the position of Lead QA and I wish to increase my skills with my new missions.
- At the professional level I hope to start a job in cybersecurity from next July and to get my engineer title.