Sergey Nivens - Stock.Adobe.com

A non-conventional career journey into IT security

GCSEs and A-levels are not the only route to higher education. We speak to an IT security expert who left school with no formal qualifications

Demand for people with technology skills is increasing, but the talent pool is not growing fast enough, according to Harvey Nash, with 70% of organisations struggling to keep up with the pace of change due to a skills shortage.

For years, successive governments have tried to focus schooling around science, technology, engineering and mathematics (STEM), but these policies have not had a major impact on addressing the dire shortage of IT people, who are essential if organisations want to develop thriving digital businesses.

There are numerous ways people can enter a career in IT. While graduate intake is key for some organisations, Harvey Nash believes IT leaders should also consider less traditional mechanisms, such as apprenticeships. Programmes specifically geared to attracting more diverse talent are gaining huge traction.

A different approach

Cyber security specialist Junade Ali is someone whose career came about throught a non-traditional approach.

In June 2023, Ali was elected as a Fellow of the Institution of Engineering and Technology (IET). At the age of 27, he is believed to be the youngest person ever to gain this prestigious IET membership level. Although he left school with no formal qualifications, Ali recently completed a PhD.

His many contributions to IT security include developing cyber security techniques that have been adopted in products built by Apple and Google, and developing software to help de-escalate cyber warfare situations. Computer Weekly has previously spoken to Ali about his research into burnout among software engineers.

Discussing his schooling and early career, Ali describes it as “a non-conventional journey”. While many would assume a STEM background, Ali dropped out of school for personal reasons and eventually began working in software development and worked his way up to running a web development department at a large digital agency. He then started developing software for high-reliability systems.

By the time he was 17, Ali managed to get onto a master’s programme while working for a major US cyber security firm. He graduated with a distinction grade. When he then decided to study for a doctorate, he found himself in the fortunate position of being supervised by someone who was working on a number of interesting projects around critical national infrastructure, embedded systems and operational research problems.

While still studying for his PhD, Ali decided to set up his own IT consultancy. “I had two kinds of clients: some wanted to do digital transformation, developer experience and focus on deep technology areas; others were focused on cyber security in terms of national security and international risk.”

Working on a university degree while juggling work commitments can be time-consuming and challenging. Ali says while doing evening classes for his masters, he was also working as a high-reliability software engineer. “I’d be driving 100 miles to work, setting off around 6am. I’d finish at about four, then drive to university and come back home past midnight. I was also writing a book at the same time.”

Ali says gaining a PhD is a lengthy process. “Studying for a degree can take a bit of time. The big thing for me was that with the PhD programme, the university mandated that I remain on the programme for a minimum of three and three quarters of a year, which meant for a while I had my PhD thesis written, but I couldn’t submit it,” he says.

Compromised passwords

Regarding cyber security, Ali is known publicly for developing what is believed to be the first compromised credential checking protocol, which checks if a password has been used following a data breach.

The technology has been adopted in Apple and Google products, among others. In 2020, Troy Hunt, founder and CEO of Have I Been Pwned, credited Ali with special recognition for the implementation of the Pwned Password k-anonymity model, on which his company’s password checker is based.

Ali says he is very excited about how the industry is moving to tackle compromised passwords. There are, he says, initiatives focused on risk-based authentication and the growth of two-factor authentication.

The experts working on protecting against compromised passwords are, in Ali’s experience, applying their know-how tangentially to other areas of cyber security.

Effort leads to opportunity

The conversation with Ali illustrates how people who leave school with no formal education are able to work their way into a career in IT. Looking at his experience, Ali would admit the challenge is not an easy one – juggling a full-time job with evening classes to complete a degree course requires immense focus and commitment – but such efforts do pay off.

While there are opportunities for cyber criminals to exploit, there will always be demand for cyber security professionals.

Read more security interviews

Read more on IT technical skills