We’ve all seen client case studies, but we want to do something different and showcase our candidates. What better way to do that than by collaborating with them on a Q&A case study? We had the pleasure of speaking with one of our contractors, Tim Brain, who we placed as a Business Analyst in the IAM space at a leading FTSE100 insurance company.
Tim Brain gave some fantastic honest answers from how he found the process to his future goals as a contractor – we hope you enjoy!
Initial Motivations
What motivated you to pursue contracting opportunities and seek support from a recruitment agency?
I realised relatively quickly that I didn’t want to climb the corporate ladder in one particular company.
I’ve stepped in and out of permanent roles a couple of times, and I think that made me realise why I decided to contract in the first place. For me, I enjoy the challenge of being dropped into a new contract, I tend to learn quickly, deliver quickly, and it keeps me on my toes.
As a contractor, you know you can’t become complacent because you’re only as good as the notice period in your contract. And if I’m being brutally honest, when I was a permanent employee, I did find it a little too easy to turn off and wind down, which I realised probably wasn’t ideal. That was really the reason why I went contracting in the first place.
In many cases these days, you don’t really have a choice. Everything seems to go through recruitment agencies. I’ve had to deal with many of them over the years, and some are better than others.
Were there specific challenges or barriers you encountered in finding the right contracting role?
The biggest challenge these days is the sheer number of people who want to be contractors. I’ve been doing this for 15 years now, and the competition is a lot more fierce. One of the biggest challenges I find is navigating applicant tracking systems (ATS), which are a pain – 15 years ago they weren’t a thing. Back then, the phone would be ringing 3-4 times a day with calls from recruitment people. Recently, it’s become increasingly difficult to actually talk to a recruiter.
The domain I work in is relatively niche. There have been a couple of times now where I’ve had to fall back to being a pure business analyst rather than specialising in the privileged access management space. These roles aren’t ten a penny, and when they do come up, you can actually be in a role for quite a long period of time. However, when you come out of a role, securing that specialist contract can sometimes be difficult.
These are the main challenges and barriers I face as a contractor.
Role and Career Trajectory
Can you describe your current contract role and how it aligns with your broader career goals as a contractor?
Currently, I specialise as an analyst in the privileged access management space, which is quite a unique role. It requires someone with not only the necessary soft skills but also the ability to analyse and interpret access permissions with a view to suggesting remediation to improve an organisation’s risk position or risk posture. When necessary, I also get my hands dirty by actioning the remediation, which is a part of the work I find quite satisfying – managing a piece of work from cradle to grave.
In terms of my broader goals as a contractor, I’m being brutally honest when I say I’m pretty happy staying in this sort of position. I’m quite analytical by nature, both inside and outside of work. I enjoy the challenge of interpreting data and identifying improvements. Being a contractor allows me to continue specialising and working in an area where I can close my laptop at the end of the day and genuinely say I’ve enjoyed my day’s work – something I didn’t necessarily experience when I was a permanent business analyst, being thrown into completely different projects week by week, month by month.
What aspects of this contract opportunity stood out to you when you first considered it?
I’ve worked in the privileged access management space domain for about 6 years now. Roles like this one are quite unique and tend to only be found in larger companies that are willing to invest in these types of initiatives – your FTSE 100 and FTSE 250 organisations. After reading the job specification, it was quite clear that this was a role I had experience with before, one that I would enjoy and derive satisfaction from.
Working for a big FTSE 100 company was also a significant attraction. I knew that things would be done right and that the project would receive the correct investment to be delivered correctly the first time. This was one of the main things that attracted me to the role.
Recruitment Agency Interaction
What specific support or insights did InfoSec People provide that were most valuable in securing this contract role?
I found that knowing InfoSec People had a strong existing relationship with the client was important. Ali was able to provide real insight into the company and the project, having already positioned contractors within that team. Ali was able to give a clear overview of the incumbent team members and the project goals.
My initial impression of working with InfoSec People was entirely positive. It was refreshing to experience a more personal approach to recruitment. Unlike many agencies today, they took the time for an initial telephone contact rather than just sending quick messages. I appreciated knowing that I wasn’t working with a recruitment agency that was simply trying to rush a CV over within the first hour just to place someone.
How have you found InfoSec’s contract management process?
The contract management process was efficient. I didn’t have to chase InfoSec People at any point, which in my eyes is an indication of an effective process. The only delays in the entire end-to-end process were really with the end client, waiting for them to respond. InfoSec People seemed to react very quickly when the client did come back.
I have no concerns regarding the initial contract or subsequent renewals – everything has been very efficient.
Impact and Value Add
In what ways do you believe your skills and background have directly contributed to the success of your current contract?
I started out as a developer, but I wasn’t very good at it, so I sidestepped into working as a business analyst with no real technical knowledge. While I enjoyed the analytical side of the role and building strong relationships with people, I didn’t enjoy stepping away from projects once the requirements analysis and definition phase was completed.
My last permanent role was working on a PCI DSS (Payment Card Industry Data Security Standard) compliance project. This allowed me to leverage my analytical skills and soft skills to perform gap analysis and lead the remediation of identified items. When that project ended, I realized returning to a pure business analyst role wasn’t for me. I wanted to continue specializing in what was then called information security and is now known as cybersecurity.
I worked across various domains including PCI DSS, Sarbanes-Oxley, and Privileged Access Management. The controls in these domains have a significant degree of crossover. Now, when entering a new contract, I know exactly what internal and external audit teams in financial services are going to identify as the next priorities because I’ve already experienced these processes from cradle to grave.
This expertise is largely due to having specialised in this space for almost 20 years.
Recruitment Process Insights
What stood out to you about InfoSec People’s approach to connecting you with this contracting role, especially compared to other agencies you may have worked with?
I liked the fact that Ali did his homework. The contact was primarily Ali picking up the phone, which is pretty rare in today’s recruitment landscape. I didn’t feel like I was just one of many CVs being considered for the role. Instead, I felt that the work Ali did was clearly targeted, taking into account my background and work history.
As contractors, we’ve been finding it increasingly difficult to even talk to recruiters in larger recruitment agencies or receive any response to applications, LinkedIn messages, or emails. Working with InfoSec People, a small and niche agency, was a breath of fresh air.
Broader Perspective
How does your current contract compare to previous contract roles you’ve had?
My current contract is pretty much identical to other roles I’ve fulfilled in this space over recent years. Having specialised for so long, I’ve found that while technology always changes, the work I do is largely technology-agnostic. It’s really about looking at access permissions, validating them based on least necessary privilege, and remediating where needed.
What stands out about this role is that every day is challenging. In larger organisations, the “taps are always running” – as quickly as you make improvements, more infrastructure is being set up. When working in these sort of organisations, you always have to have one eye on remediating the higher risk items whilst also looking to implement controls to make sure that any new infrastructure being stood up is compliant from day one – I guess you wouldn’t really get that in smaller companies.
The difficulty lies in accomplishing this while still ensuring the business can deliver change. So it’s challenging because there’s so much going on. It’s not a linear process where you can simply work through a list of bullet points. You might start looking at one thing at 9:00 AM, move to another by 10:30, be on something else by 12, and then coming back to the thing you started in the morning because that’s a priority again.
The majority of my roles are in bigger companies, so that does tend to be the case but that is just my experience from stepping aside and working on a couple of contracts for smaller companies – Being brutally honest, I prefer working for the larger organisations simply because of the fact that it is more challenging and there’s so much going on.
Future Outlook
How do you see this contracting role influencing your long-term career goals and future opportunities?
The role I’m doing now has reinforced what I already knew: I want to continue working on these types of contract roles moving forward. I don’t see that really changing. I’ve tried that before and the people management aspect of working in those sorts of roles wasn’t for me – I really want to be in the details.
In terms of future opportunities, Having an FTSE100 on my CV can only be good moving forward!
If you’re looking for a contract role, we have a dedicated contract team covering all interim Cyber Security and Technology hires. Get in touch if you’re looking for a contract opportunity inside or outside of IR35.
Call us on 01242 507 100 or via email info@infosecpeople.co.uk.
InfoSec People is a boutique cyber security and IT recruitment consultancy, built by genuine experts. We were founded with one goal in mind: to inspire people to find the careers that inspire them. With the success of companies fundamentally driven by the quality of their people, acquiring and retaining talent has never been more important. We believe that recruitment, executed effectively, elevates and enables your business to prosper.
We also understand that cyber and information security recruitment can genuinely change people’s lives, that’s why we take the duty of care to those we represent very seriously. All our actions are underpinned by our core values:
- Always do the right thing
- Be the best we can be
- Add value
We work with businesses in the cyber/tech arena, from start-ups and scale-ups to FTSE100 and central Government, many of whom are always looking for great people.
Call us directly on 01242 507100 to discuss opportunities or email info@infosecpeople.co.uk.