Member Article
Interview: Scott Glossop of Deloitte Fast 50 firm RandomStorm
As National Apprenticeship Week kicks off, Bdaily talks to RandomStorm penetration tester Scott Glossop of Wetherby-based Deloitte EMEA Fast 500 firm RandomStorm.
RandomStorm is an IT security company that was founded by Andrew Mason and Robin Hill, in Wetherby, West Yorkshire in 2007.
In November, RandomStorm was listed as the 21st fastest growing technology company in the UK in the Deloitte UK Fast 50, and Fast 500 in Europe, and one of the top three fastest growing companies in the North of England.
Testers at RandomStorm are also known as “ethical hackers,” or “white hats,” because they use the same techniques that criminals (“black hats”) would use, so that organisations can see where they are vulnerable to attack and close the gaps in their security.
RandomStorm offers holiday placements to school leavers and provides practical training to enable them to make a career in the security profession.
Andrew Mason said: “We can always tell which apprentices are going to make it, because they start taking part in voluntary bug disclosure schemes in their own time. “
How did you gain your apprenticeship with RandomStorm?
I applied for work experience at RandomStorm while studying at sixth form and while I was there, Andrew Mason offered me an apprenticeship placement.
After a month or so of weighing up the pros and cons, I decided to take the apprenticeship at RandomStorm. Personally, I thought that it would provide me with a better grounding in the information security industry than going to university, while also saving myself five years and a student loan“.
How much experience did you have with computing and information security before you started your apprenticeship with RandomStorm?
Before I started working at RandomStorm, I didn’t have much information security experience, just the basics about networking, exploits and vulnerabilities. Most of my knowledge came from HackLabs and reading security researchers’ blogs.“
How is your week structured? Do you still attend college and work with RandomStorm on day release, or are you working full time?
The majority of the time, I’m working at RandomStorm. Throughout the year I go to college to attend seven block releases, which are a week long, on subjects such as networking and website design.
Who do you work most closely with at RandomStorm? Which team are you part of?
RandomStorm engineers, Avram Marius Gabiel and Ryan Dewhurst have shared some of their techniques, which have helped me to get my name listed on the halls of fame of eBay, Google and Videao.
On a day to day basis, I am part of Professional Services and in the PCI team and I work closely with Matt Robey, Richard De vere and my mentor, Owen Bellis.
What new skills have you learned during your time with RandomStorm?
Since starting work at RandomStorm, I have learned a lot of new skills, from penetration testing to web app testing.
From my work as a PCI Security Engineer, have learned to identify vulnerabilities and performed detailed reconnaissance against a target.
In my spare time, I have gained additional experience in web application testing through the voluntary disclosure schemes run by eBay, Google and the like.
It was really rewarding to have my name listed in their halls of fame for finding and privately disclosing security bugs, so that they could fix them and make the sites safer for users.
So far, I’ve been recognised by Google, Yahoo and ebay, and have been included in the Magix, Norada, Bitwall, Appcelerator Halls of Fame for finding and privately alerting them to security bugs.
What career would you like to have following your apprenticeship?
I would like to progress into full time pentesting or webapp testing as I find both fields extremely interesting because they are constantly changing. It would be an exciting job to have as it’s also my hobby.
What qualifications do you already have?
I have GCSEs in Physics, Biology, Chemistry, Maths and Statistics, English and Literature, French, IT and a Diploma in Administration and Business.
What opportunities are there for gaining qualifications while you are at RandomStorm?
I am currently studying towards my CCNA at college and in my spare time I’m studying toward my CEH and VMware VCA in Data Centre Virtualization and Cloud.
Have you got involved with any of the pen test competitions such as the Capture the Flag games at BRUCON?
I didn’t have the chance to attend BruCon last year. However I’m hoping to attend in September 2014. I am currently taking part in a Capture The Flag (CTF) challenge ran by Marius Corici, as CTF says: “At its core, CTF365 is not a game. It’s a “Training Platform for Security Professionals and ITC Industry” that implements CTF concepts and leverages gamification mechanics to show your skills and showcase improvements in information security, whether you are on the defensive or attacking side.
Do you get involved with any of the local events such as OWASP, or Leeds Hackspace?
At the moment I have not yet got involved with any local events. However, I did attend the 2012 Leeds Pi hack event where me and my team made a synthesizer which uses mathematical algorithms to make music, that was pretty cool. n•
This was posted in Bdaily's Members' News section by Clare Burnett .
Enjoy the read? Get Bdaily delivered.
Sign up to receive our popular Yorkshire & The Humber morning email for free.