A rising star in cyber security: Surya's Story

What work do you do in the DRAS team?

I'm a Cyber Security Assistant Manager. I focus on engagement management, primarily with clients who want to be certified to the SOC2 standard, and cyber security control assessments based on leading practice security standards such as the CIS Top 18, for example.

We look at the level of maturity of cyber security controls for companies, which includes things like whether companies have a baseline level of controls implemented to begin with. For example, if they don't even have a password policy, that's a bigger problem than not having a really technical niche control you’d only expect very mature organisations to have.

We're trying to step in and give companies clarity on exactly what they need to fix and what order they should be fixing them in because some issues will take longer than others. We give them clarity on how they should go about establishing their cyber security controls to make sure that they're taking the best steps they can with the budget and time they have.

I also managed the Cybsafe platform - a cyber security and awareness training platform that provides lessons in terms of good cyber security hygiene, such as what you should do in terms of passwords, authentication, and phishing emails, how to spot things that are suspicious, and generally keeping yourself digitally secure. The platform has recently been replaced by a DRAS- made cyber security awareness training program that is part of the Workday mandatory training.

What is it that makes working in DRAS at BDO so special?

Right from the start, I felt very welcomed, and that warmth continued throughout my time at TRA and DRAS. The structure is flat, so I feel like I belong in the team and can joke around with my DRAS partners freely whilst also asking for guidance from anyone regardless of role.

I think that is what separates us from the Big Four as well. I have colleagues who worked in the Big Four and they say that when they talk to directors and partners, they sometimes don't even know their names. It is a stark difference. We have more access to senior leadership and we feel warmer in terms of being part of the team. We don't feel awkward about asking silly questions, for example.

In what ways would you say you've been empowered to help your clients succeed?

I received a lot of help from BDO when I was studying for my CISSP (Certified Information Systems Security Professional) certification last year. They gave me time off from work to study, and they also gave me access to the books I needed. They were very understanding of how busy I was, and they told me to focus on my studies when needed to make sure I was able to complete the certification as planned. Completing this certification has meant I’ve been able to help our clients with their cyber security posture with more in-depth knowledge than I had before.

People are always encouraged to move up and progress in their careers. My first year here, all of my managers were very supportive in terms of helping me grow, and have continued to be the same. They didn't want me to stay in the same role for too long. They wanted me to keep progressing. And that's why I am now an Assistant Manager. It's easy to feel good about yourself when you're doing well at work.

What would you say to someone that might be considering DRAS or Advisory as a career option?

At BDO, everyone is really friendly and it doesn't feel like anyone is out of place, even if they're working remotely. Everyone feels like they're part of the team and we do a lot of different kinds of work. People are open minded and they don't try to silo me into one particular role. They want me to be happy with my work. And I think that's what makes us special.

What's been your favourite project that you've worked on?

My favourite project so far is for one of our clients called Virtus Data Centers, who provide the physical data center infrastructure space for a number of large multinational organisations. They're one of the first clients I ever worked on as a first year. I remember it well because it was the day before Christmas break, and my manager pulled me into a room and said I would be doing this project in the New Year. At first, I had no idea what it was, but with help from my senior and manager, I got to understand the gravitas of the project and what would be expected of me.

I've been doing SOC2 audits for Virtus for about five years now. My first audit with them started with 3 data centers. They now have eleven data centers and I help audit all of them for their SOC2 certifications year on year. It used to take about a month and a half to do the job, but now it takes three months. The client has gotten to know me and I've seen the company grow as I've done the audits, which is always satisfying to see.

What excites you most about the future at BDO?

Being in DRAS is like being part of a start-up. We're growing fast and there are always new opportunities to do different kinds of work. I joined the team as one of the first junior members, and we're now over 70 people strong - going on 100. It's been amazing to watch the team grow and evolve so quickly. We've been able to take on projects at huge, well-known clients that we normally wouldn't be able to handle because we have the talent and the skillset. It's been an incredible journey so far and I'm excited to see what the future holds for us.