Surya Ravikumar is a Cyber Security Assistant Manager who joined BDO 5 years ago. He tells us about how working at BDO is like working in a start-up, where your ideas are valued and you can make a real impact.
I'm Surya, I'm currently a Cyber Security Assistant Manager in the Digital Risk and Advisory Services (DRAS) team, and I've been at BDO since September 2017, so just under five years.
Tell us about your background and how you came to join BDO...
I came to BDO through a graduate scheme. I had just finished my masters degree at Royal Holloway, University of London, and BDO came to talk to us about careers. They said they had a team that worked on technology, so I applied. Luckily, I got placed in the Technology Risk Assurance (TRA) department within BDO, and then was moved over to the DRAS department as part of the cyber team.
It was a conscious choice to move into cyber security, as I have an information security degree and that's what I'm passionate about. I naturally wanted to do more work in that area rather than the technology audit side. And when I joined, the DRAS team was small, so it was a great opportunity to get involved and make an impact.
What work do you do in the DRAS team?
I'm a Cyber Security Assistant Manager. I focus on engagement management, primarily with clients who want to be certified to the SOC2 standard, and cyber security control assessments based on leading practice security standards such as the CIS Top 18, for example.
We look at the level of maturity of cyber security controls for companies, which includes things like whether companies have a baseline level of controls implemented to begin with. For example, if they don't even have a password policy, that's a bigger problem than not having a really technical niche control you’d only expect very mature organisations to have.
We're trying to step in and give companies clarity on exactly what they need to fix and what order they should be fixing them in because some issues will take longer than others. We give them clarity on how they should go about establishing their cyber security controls to make sure that they're taking the best steps they can with the budget and time they have.
I also managed the Cybsafe platform - a cyber security and awareness training platform that provides lessons in terms of good cyber security hygiene, such as what you should do in terms of passwords, authentication, and phishing emails, how to spot things that are suspicious, and generally keeping yourself digitally secure. The platform has recently been replaced by a DRAS- made cyber security awareness training program that is part of the Workday mandatory training.
What is it that makes working in DRAS at BDO so special?
Right from the start, I felt very welcomed, and that warmth continued throughout my time at TRA and DRAS. The structure is flat, so I feel like I belong in the team and can joke around with my DRAS partners freely whilst also asking for guidance from anyone regardless of role.
I think that is what separates us from the Big Four as well. I have colleagues who worked in the Big Four and they say that when they talk to directors and partners, they sometimes don't even know their names. It is a stark difference. We have more access to senior leadership and we feel warmer in terms of being part of the team. We don't feel awkward about asking silly questions, for example.
In what ways would you say you've been empowered to help your clients succeed?
I received a lot of help from BDO when I was studying for my CISSP (Certified Information Systems Security Professional) certification last year. They gave me time off from work to study, and they also gave me access to the books I needed. They were very understanding of how busy I was, and they told me to focus on my studies when needed to make sure I was able to complete the certification as planned. Completing this certification has meant I’ve been able to help our clients with their cyber security posture with more in-depth knowledge than I had before.
People are always encouraged to move up and progress in their careers. My first year here, all of my managers were very supportive in terms of helping me grow, and have continued to be the same. They didn't want me to stay in the same role for too long. They wanted me to keep progressing. And that's why I am now an Assistant Manager. It's easy to feel good about yourself when you're doing well at work.
What would you say to someone that might be considering DRAS or Advisory as a career option?
At BDO, everyone is really friendly and it doesn't feel like anyone is out of place, even if they're working remotely. Everyone feels like they're part of the team and we do a lot of different kinds of work. People are open minded and they don't try to silo me into one particular role. They want me to be happy with my work. And I think that's what makes us special.
What's been your favourite project that you've worked on?
My favourite project so far is for one of our clients called Virtus Data Centers, who provide the physical data center infrastructure space for a number of large multinational organisations. They're one of the first clients I ever worked on as a first year. I remember it well because it was the day before Christmas break, and my manager pulled me into a room and said I would be doing this project in the New Year. At first, I had no idea what it was, but with help from my senior and manager, I got to understand the gravitas of the project and what would be expected of me.
I've been doing SOC2 audits for Virtus for about five years now. My first audit with them started with 3 data centers. They now have eleven data centers and I help audit all of them for their SOC2 certifications year on year. It used to take about a month and a half to do the job, but now it takes three months. The client has gotten to know me and I've seen the company grow as I've done the audits, which is always satisfying to see.
What excites you most about the future at BDO?
Being in DRAS is like being part of a start-up. We're growing fast and there are always new opportunities to do different kinds of work. I joined the team as one of the first junior members, and we're now over 70 people strong - going on 100. It's been amazing to watch the team grow and evolve so quickly. We've been able to take on projects at huge, well-known clients that we normally wouldn't be able to handle because we have the talent and the skillset. It's been an incredible journey so far and I'm excited to see what the future holds for us.
How does BDO look after your well-being?
I'm from India, and I talk to a lot of people back home about the differences in how work is done there and here. I used to be really worried about taking sick days, for example, because I always thought that was a wrong thing. But my department and even other departments in the company have never once told me that I shouldn't take a sick day if I'm not feeling well.
Workload-wise, I always get messages from people who want to help me. If I am working on multiple projects, they offer to help. I don't have any doubts that my team would accommodate me if I needed some time off for a life event that was causing me some pressure. And knowing that is probably the best thing.
Working at BDO feels like being part of a big family. Everyone is supportive and willing to help out when needed. I have never felt like just a number here, I know I'm an important member of the team.
Financial Services Advisory - Manager Governance and RiskLondon, United Kingdom
M&A Senior ManagerLondon, United Kingdom
Internal Audit - Senior Manager (Payments and Electronic Money)London, United Kingdom
BDO Digital Senior Sales ManagerBirmingham, United Kingdom
BDO Digital Cyber SOC AnalystLondon, United Kingdom
Internal Audit Senior Manager Risk And AdvisoryGlasgow, United Kingdom
Innovation and Digital Senior Manager/Manager (maternity cover)London, United Kingdom
Valuations Manager/Assistant ManagerLondon, United Kingdom
Director - Privacy & Data Protection Client Risk AdvisoryLondon, United Kingdom
CDD Junior Business AnalystLondon, United Kingdom