In the following interview Senior Consultant Raphael Dropsy lets you in on his career path at Devoteam, discusses his current project and talks about his average work day.
I am Raphael Dropsy. I have been working for Devoteam since 2007, so almost 12 years. First, I worked as a Microsoft System engineer for 10 years and recently I had the opportunity within Devoteam to reorient my career moving from the infrastructure department to the security department.
What are your current responsibilities?
For the moment I work at a company in the energy sector. It is my first project in a ‘pure security’ field. My main task is performing risk and information security analyses.
With the support of Devoteam and different practice managers I had the opportunity to evolve professionally, to reconvert my professional field.
How do you experience the work environment at Devoteam?
Devoteam is a company where the human aspect is always in the centre and the consultants are not just numbers. Devoteam provides the possibility to evolve in your professional career and assists you in this evolution.
What does your average work day look like?
It varies a lot and is quite technical. The most important aspect in my job is performing risk analyses and vulnerability assessments, e.g. reporting cyber risks to the management of the customer.
First, a methodology (Ebios Risk Manager) is chosen to apply. I conduct different workshops with stakeholders in which we evaluate the impact of potential risks of a specific process, e.g. loss of confidentiality, loss of integrity, loss of availability, etc. We identify threats and their objectives, e.g. a hacker who wants to exfiltrate confidential data in order to harm the company. We identify a risk scenario and evaluate the probability that the threat could exploit a vulnerability and reach its goal. Next, we launch a risk treatment plan with a follow-up. The goal is to reduce the risk by applying safeguards, this can be implementing a security tool or reviewing a process. As mentioned previously, I conduct different workshops, but I also act as a cyber security specialist in order to challenge the input I obtain from the stakeholders. This is a project with high visibility: not only does it give a risk score to the management, but it also shows that we can share with other departments what we’ve build, e.g. completing some missing documentation or cartography of a process.
The second aspect is writing and reviewing security policies and standards, so the governance part of security. Further, I ensure that the policy standards are up-to-date and create new ones when necessary. For example, the cloud standard did not yet exist at the customer, so I had to write a new one from scratch. Therefore, I had to meet with the operational team, learn about the platform architecture platform. I performed some research and also asked within Devoteam Group for advice regarding the platform.
The third aspect is ensuring the security is implemented in new and ongoing projects in order to make sure that the solution architect, project manager and operational team do not forget the security part for the software. For example, if we launch a new application, we must safeguard that there is a firewall in front of the web application.
What is the best part of a project?
The customer satisfaction: everywhere I did a project, customers were always satisfied and sad to see me go when I finished it. Also, my current customer seems to be happy with the advancement on the different risk analyses. We are on track regarding the large amount of processes to analyse.On top of that, I always managed to finish my projects at the different customers on time.
Why did you decide to work for Devoteam?
Because of the interesting challenge within the Microsoft world that Devoteam proposed at the time. Other factors are the continuous focus on the ‘human aspect’, the frankness of the people at Devoteam and the importance of respect. I was convinced by the values that they promote: respect, frankness and passion.
Which career and training opportunities did you have at Devoteam?
Due to the fact that I was part of the infrastructure business unit, I needed to pass a technical training certification oriented towards Microsoft technology and servers. With time I became MCSE Microsoft Window Server and MCSE Private Cloud certified.
Furthermore, I was asked to pass non-technical I.T.I.L. and Prince2 certificates to have a view on how projects are led and implemented. It was important to me as a technical professional to also have non-technical skills.
Recently, I passed my CISSP certification because I had in mind to evolve and move to the security field, so the trainings and certifications were the first step. This allowed me to move to a pure security project in the energy sector.
To complete the certification track, I passed and got certified on ISO27001 Lead Implementor and ISO27005 Risk Manager, these two were very important for my core responsibilities.
Can you elaborate a bit more on your career switch?
Here at Devoteam, you can grow and evolve within the organisation without feeling the need to leave for a new challenge. You also have the opportunity to exchange and share knowledge with a network of 7.200 professionals within the Devoteam group, outside Belgium. The grass isn’t always greener on the other side.