Cybersecurity Career Paths & Industry Trends: Q&A with Peter Vorhees, Security Consultant


Preparing the next generation of cybersecurity professionals is a starting point to building stronger defenses. As part of National Cybersecurity Awareness Month, we’re highlighting the various cybersecurity roles and paths that have led some of Burwood’s best and brightest towards highly fulfilling cybersecurity careers. We sat down with Peter Vorhees, Security Consultant at Burwood Group, to discuss his current role and common misconceptions about his job.

1. Tell us about your current role at Burwood as a security consultant. What areas are you focusing on right now?

My role as a security consultant at Burwood ranges from assisting clients as they navigate the evolving cyber threat landscape by assessing the maturity of the systems and capabilities, to actual testing of a client’s security systems and networks. Central to all of our clients however, is the importance of becoming a trusted advisor in the client environment. It is my goal as a security consultant to help clients to achieve the optimal impact from their technology investments.

2. What made you want to focus on security as a career path?

Security in my mind is a constant act of discovery and teaching. Security is a constant dance between discovering vulnerabilities, whether technical or procedural, and assessing the impact of the findings. I come from a background in liberal arts and digital policy where my job was to identify connections between disparate data sets and assess the impact on the source or target. Security operates in exactly this same way. I am tasked with analyzing a client’s environment, identifying weaknesses in the security posture, and designing and/or implementing a security architecture that remediates the findings. It is incredibly fulfilling and rewarding to know that I have a hand in helping clients secure their most valuable assets and therefore protecting their business as a whole.

“Security is a constant dance between discovering vulnerabilities, whether technical or procedural, and assessing the impact of the findings.”

3.  Cyber attacks are becoming more and more advanced each day. What do you do to stay on top of the latest threats and cybersecurity trends?

You can find me at most regional security conferences, work groups, and visiting usual blogs to keep up to date with new and emerging security threats and trends. In a nutshell, as a security consultant, I am tasked with working in highly varied client environments and analyzing network equipment, technical solutions, and procedural documentation to identify holes in an organization’s security posture. These security holes vary by industry based on the type of assets located in each type of environment, and it is critical to stay on top of evolving attack vectors being actively used and engineering remediations for those vectors.

4.  What are some of the biggest misconceptions people have about your job?

People in general assume that life as a security consultant is a purely technical position. While the technical aspects of the job take a large portion my time, a career as a security consultant is more about defining and clarifying organizational goals, then finding the technology that achieves the end goal. A typical conversation with a client is less centered as a ‘technology-first’ discussion. Rather, I’ll hold discussions and assist clients by defining organizational goals and identifying current critical pain points, then holding the discussion on what specific technologies can be used to enforce security goals and remediate identified deficiencies.

5.  If there was one thing you wish technology leaders knew about cybersecurity, what would it be?

Cybersecurity can be a scary thing for technology leaders to come to terms with. Leaders are constantly told to upgrade their network and computing systems in an attempt to combat evolving threats, but technology is, by nature, always going to be behind the curve compared to the methods used by attackers for intrusion and exploitation. Reactive tools are not a suitable way to combat progressively advanced traditional and fileless malware, as well as social engineering attacks.

For businesses of all sizes to succeed, technology leaders need to understand the value and necessity of designing an overarching security program that fosters a security-conscious culture and incorporates a security mindset at the onset of any technical initiative or project. Security must be seen as a shared responsibility across the technology practices and team members of an organization to minimize risk and maximize the organization’s investment in security. 


October 11, 2018