Employee Spotlight – Simon Edwards

We spoke to the Founder and CEO of SE Labs, Simon Edwards

For this month’s employee spotlight, we spoke to Simon Edwards. Here at SE Labs, Simon is the Founder and Chief Executive Officer.

What inspired you to set up SE Labs?

I’ve always been interested in security in general, and computer hacking specifically. I’m going to credit a childhood cinema trip to see (the best) hacking movie WarGames.

I have also always had a natural curiosity about marketing claims. Is that firewall as good as its makers say? Are those beauty products really preferred by the majority of customers? Is that motor engine really providing such low emissions? Weirdly, I can pin this down directly to a GCSE history class about analysing sources of information. After that, I wanted evidence for everything!

Adding those personality traits together, along with a 20+ year career as a journalist specialising in IT security, it just made natural sense to start a security testing company. I was also encouraged by the industry itself, which was in desperate need of good, accurate testing services.

What does a typical day look like for you?

I spend most of my time talking to customers, who largely fall into two groups: the security vendors themselves and the large companies that buy security products and services.

With the vendors, the main conversation is about product improvement. We nearly always find areas where products could be better. That’s our main goal, actually. We act as a third-party quality assurance department for security companies. If we find a problem we help solve it. We don’t say, “bad luck. You failed. Try again next month!” We have all the technical evidence to prove our results and the ethics to help drive positive change.

The enterprises that pay millions for cyber security products use us to gain a deeper insight into how the products really perform against realistic attacks. We help them when it’s time to reconsider the products that they use in their networks. I’ll often fly to their head offices and talk about how the security industry works from an insider’s point of view. And I can share some of the lab results to illustrate the reality behind the claims.

Sitting between the vendors and the customers, we have a unique insight into how the making, buying and selling of security works.

What are some of the challenges you face in your day-to-day work?

One of the biggest challenges I face is reassuring security companies that we’re not going to rip them off and that we are competent testers. There is so much misinformation and straightforward dishonesty in the security industry that there is general cynicism. Security testing in particular has had a poor reputation over the last 10 years or more. I’m glad to say that we’ve turned that around to a large extent. Being transparent about everything we do has been key to our success.

Another challenge is explaining what we do! Many people assume we are penetration testers. Because we are fairly unique, there isn’t any useful shortcut jargon to get our approach across. Probably the closest we’ve got is saying that we “test like hackers,” provide security companies with QA and help security customers with a second opinion before they invest in new products.

Tell us about a project you have worked on that you are particularly proud of?

Our podcast was an interesting, challenging and ultimately very satisfying project. We went from knowing nothing about podcasting to producing one of the best cyber security podcasts in the world. We’ve won awards, had top-tier guests from the largest companies asking to appear and we’ve achieved all of that independently.

Do you have any specific advice for anyone interested in a career in cyber security?

If you have an interest in computers and security then the world is your oyster. There is so much demand for people who really know what they are talking about. My advice is to learn the basics. This, I know, will be unattractive advice because people want to grab a keyboard and start hacking.

But truly, if you get your head around the fundamentals of how computers and networks work, you’ll be in a really strong position. New developments in hacking won’t surprise you, because they are rarely really new.

I also think that self-development suits a lot of people so don’t become obsessed with gaining loads of formal qualifications. You might need one or two certificates to get a foot in the door, but to have a satisfying and successful career try to build a solid understanding of the basics.

What do you like to do in your spare time?

Scratching my head inside a vintage campervan. One day I hope to know how much fuel she holds and what speed she’s doing.

Tell us a fun fact about yourself!

I’ve played electric guitar in London’s 100 Club, so I have something in common with BB King, Eddie Grant, the Sex Pistols, The Clash, The Rolling Stones, Blur and Oasis. I doubt they know as much about anti-virus as I do, though.