My Path to Progression: Talent Acquisition to Security Consulting

03 May 2022

Through our Path to Progression blog series, we are sharing colleague stories about how they have developed, changed, and grown their career within NCC Group.

In the second instalment in our series, our Talent Attraction team spoke to James Durham to hear more about his journey so far and how he made the move from a Technical & Security Sourcing Executive in our Talent Acquisition Team to becoming a Senior Security Consultant.


What was your first role with NCC Group?

I first joined NCC Group in October 2016 as a Technical & Security Sourcing Executive. This experience was unique as all my previous Recruiter positions were working from an agency perspective and I had never worked in internal recruitment before. I believe that recruitment taught me consultancy skills which made me develop strong communication skills with my clients.

I have always really enjoyed tinkering with computers, since before I was even 10 years old and enjoyed playing games and programming and learned how to use a computer early on.

I was in this role for about nine months when I saw a job posting internally in our Managed Vulnerability Security Scanning (MVSS) team and thought I’d like to make the move into security.

The manager for the MVSS position suggested I familiarise myself with vulnerability testing and account management and also gave me some pointers around the role and what would be useful to learn more about, including becoming skilled on Windows, Linux, and web applications. I set about learning these skills by setting up my own lab at home.

I enjoyed working for MVSS for just over a year and grew so much in my career and then another opportunity arose to become a Junior Security Consultant on the penetration testing team.

This really empowered me to continue my journey and I was grateful that NCC Group supported me to transfer out of my previous role and try out pen testing following more upskilling and achieving some qualifications.#


What is your current role?

Upon successful completion of the Next Generation Talent programme, I landed the role of Junior Security Consultant followed by Security Consultant.

Now I am a Senior Security Consultant and I do all sorts of testing, including cloud, mainframe, infrastructure, web applications and mobile applications. I have been able to continue building my career through asking questions and focusing on where I needed to develop my skillset.


What was your process of applying for an internal role?

To apply for each of the roles, I contacted the leadership team of that department and understood all the expectations needed to be considered for the role. Recruitment taught me consultancy skills which made it easier for me to converse with clients. I upskilled through extensive research and practice plus connecting with others in that role within the business. I also practiced vulnerability testing prior to applying for my next role.

After being promoted to the next level of security consulting I completed a couple of certifications including CPSA & CRT followed by some onsite cyber essential assessments which really prepared me for higher level consultancy.

My mindset, attitude, and willingness to learn really guided me through this journey.


Where do you see yourself in the future at NCC Group?

My goal is to become a Managing Consultant. I am currently mentoring three juniors who have all completed the Next Generation Talent Programme. I really enjoy being a mentor and would ideally love to manage a medium-sized team with extra roles and responsibilities.

We have loads of amazing people who work here at NCC Group so if you feel you do not know something yourself you can always ask questions. The right questions can move you into any department; they did for me.

If you are interested in a position, don't be afraid to reach out to the person in charge. No day is the same, NCC Group always give us the chance to shadow and learn more.

I honestly believe anyone can upskill themselves to do the courses and certifications needed to be in this industry. The key part of my position is to support customers and test vulnerabilities. If you can articulate technical information to non-technical individuals, you will be successful.

Thank you for taking the time to read James’s story. We are really excited to see what he will do next with us!