An introduction to NCC Group

Making the world safer and more secure

 We are a leading global cyber
resilience provider. Trusted to protect
and secure our customers’ critical assets.

Sought after for our complete

people-led, technology-enabled
cyber and software resilience solutions
that enable our customers to thrive.
 What we do
NCC Group is a global cyber and software resilience
business operating across multiple sectors,
geographies and technologies.

We work with over 14,000 customers

worldwide to address their challenges in the complex
and increasingly connected digital
world. This includes:

• Getting the basics of cyber hygiene correct.

• Knowing what and how to prioritise.
• Coping with the scarcity of skilled resources
needed to deliver quality improvement, change
and operations.
• Responding to the increasing compliance,
regulatory and legislative burden.
• Quantifying cyber spend efficiency and return
on investment.

5 Welcome to NCC Group

Inclusion and Diversity
We’re committed to creating an This includes a workplace that’s representative
of the diversity of the world we protect, and one
To embed diversity and inclusion in the
workplace, we have four steering committees,
environment where all colleagues that allows every person to share their personal each with an executive sponsor to support our
experiences and have equal opportunities to four focus areas: Gender (including a Women’s
feel psychologically, emotionally achieve their International Network – WIN), LGBTQIA+, Race
and physically safe to be their authentic full potential. and Ethnicity and Neurodiversity.

selves. To help us achieve this, we create Each month, a steering committee takes it in
dialogue opportunities through our Inclusion turn to help drive our NCC Conversations,
and Diversity engagement programme – NCC inviting colleagues to participate in a host of
Conversations – providing colleagues with a safe activities, from workshops and blogs, to policy
https://www.nccgroupplc.com/sustainability/social/inclusion-diversity space to talk about topics they care about. change and much more.

13 Introduction to NCC Group

 NCC Group and
Careers in Cyber
Colin Gillingham
March 2025

Client Confidential
 How often do Cyber attacks take place?

• Nearly 4000 new cyber attacks occur every day. Every 14 seconds, a company falls victim to a
ransomware attack, which can result in devastating financial losses while 560,000 new pieces of
malware are detected every day
• The staggering projected rise to $10.5 trillion in cybercrime costs by 2025 mirrors the increasing
audacity and complexity of attacks.
What percentages of cybersecurity breaches are due to human error? >90%
• 97% of organizations saw an increase in cyber threats since the start of the Russia-Ukraine war
in 2022, demonstrating the profound effect of geopolitical tensions on cybersecurity
• Half of businesses (50%) and around a third of charities (32%) report having experienced some
form of cyber security breach or attack in the last 12 months. This is much higher for medium
businesses (70%), large businesses (74%) and high-income charities with £500,000 or more in
annual income (66%).
Unfilled cybersecurity jobs worldwide will reach 3.5 million by 2025

8
Biggest UK Data Breaches in the UK
 Service Lines at NCC Group – High Level
Securing Technology Disruption: Digital transformation, AI, Post Quantum, IoT and Cloud Migration
Solving Macro Addressing Increased Regulation: GRC programmes, AI governance, privacy and sector regulations
Cyber Problems
Reducing Cyber Threat Impact: Risk reduction, Operational Resilience, platform security, Secure-by-Design, Incident Response, process improvement, consistent control

Govern Identify Protect Detect Respond Recover

• Strategy and Mission • Cyber Security Review • Managed Firewall/ • Managed Detection & • Cyber Incident Response • Gold Teaming
development IDS/IPS Response
• Vulnerability Scanning • Incident Response • Incident Response
• Organisational and
• Penetration Testing
• Employee Training • Security Event Planning & Readiness Retainer
Capability Design Management
• Red Teaming • Cloud Security • First Responder Training • Post Breach - Rapid Risk
• Risk Management Strategy Architecture and • Managed Intelligence Reduction, Cyber Debt
• OSINT & Dark Web • 24/7 Security Operations
• Cyber Risk Quantification Engineering
• Continuous Dark Web Centre Support
Reduction and Build Back

• • Threat Intelligence • Phishing Simulation AJ monitoring

Better Programmes
Third Party Risk • Forensic Investigations &
Management • DDoS Testing • Data Protection and • Cyber Threat Expert Witness
• Leadership Education and • Gap Analysis Compliance Management
• Crisis Management
Mentoring
• Cloud transformation • Secure-by-Design • Compromise Assessment support
• Stakeholder Reporting
• SOC Maturity Assessment • Protective Control • Attack Surface
• Regulatory Alignment Implementation Management
• IDAM Insights, Strategy &
Design

Specialist Hardware Transport Digital Cloud M&A Due

OT Security Crypto Bug Bounty Privacy Board Advisory
Practices Security Security Identity Security Diligence
Service Lines at NCC Group – Technical Assurance
• Red Team – full spectrum attack simulation with an open scope
• OSINT and threat intelligence
• Phishing/vishing, network compromise, privilege escalation and maintaining access
• Avoid getting caught by the Blue Team
• Black Team – physical security assessment
• Physical social engineering, impersonation, tailgating, card cloning, lock picking
• Get Out Of Jail (GOOJ) card to avoid getting arrested
• Cloud Security – review of a Cloud platform (AWS/Azure/GCP) for weaknesses and
misconfigurations
• Mergers & Acquisitions (M&A) Technical Due Diligence – identify and manage security
risks throughout the lifetime of M&A transactions
Service Lines at NCC Group
• Secure Development Lifecycle (SDL) – assess processes and procedures in software
development from a security perspective
• Transport Security – review the security posture of customers in the automotive,
maritime, aerospace and rail sectors
• Hardware Security – assess physical devices
• Hardware teardown of network devices, workstations, IoT devices
• Exploit Development – reverse engineering, exploitation and research
• Bug Bounty – help implementing and managing external bug bounty programs
• Cryptography Services – review secure libraries and implementation of secure protocols
• Review source code for cryptocurrencies
 Penetration Testing/Ethical Hacking
Malware Reverse Engineering
Embedded Software Engineers

Cyber Incident Response &

Cyber Risk Management and Advisory
Forensics

What careers are available in Cyber?

Red/Black Teaming/social engineering
Software Developer/Tool Developer

Vulnerability Scanning
Security Operations Centre Analyst
Product Manager
Sales Associate
Resources for Careers in Cyber Security
Resources for Careers in Cyber Security - UK Cyber Security Council

The UK Cyber Security Council is the

self-regulatory body for the UK's cyber
security profession. It develops,
promotes and stewards nationally
recognised standards for cyber security
in support of the UK Government’s
National Cyber Security Strategy to
make the UK the safest place to live and
work online.

https://www.ukcybersecuritycouncil.org.uk/careers-and-learning/cyber-career-framework/

15
Choose a path and then deep dive

16
17
Cyber Security Job examples
How can I get into that?
• Learn coding – fundamental to
many (but not all) elements of
Cyber Security.
• Read books, articles, blogs -
always more to learn.
• Join up with like minded people –
puzzles, complex problems
solving, teamwork.
• Hard work – perseverance
• Work placements/Internships
Whether you're currently studying, just starting work, or have work
experience but are thinking of changing your industry, there are
many free on-line resources to help you explore the cyber security
industry:
• Capture the Flag (CTF) game and competition platforms
• videos and blogs, which give advice and information from professionals in the
industry
• on-line guidance from cyber security vendors on specialist cyber security
investigation tools and techniques
 Why go into a career in Cyber?
• The industry needs you. By 2025 the industry will have a shortfall of talent, known as the cyber skills gap. So
essentially you will never be out of a job
• It’s changing all the time so there is always new aspects to learn
• If you enjoy a challenge and problem solving
• It’s a rewarding career
• Huge variety of work in every sector

How do you get there?

• Computer Science • Engineering • https://portswigger.net/web-security

• Ethical Hacking • Software Engineering • https://tryhackme.com/

• https://www.immersivelabs.com/
• Computer Forensics • Network Security • https://manchestergreyhats.co.uk/
• Physics • Maths • https://ctftime.org/event/list/
• https://cryptopals.com/
• https://owasp.org/www-project-webgoat/
Have you seen this?
• 2025 marks 10 years of NCC
Group partnering with the
UK TV show “Hunted” for
both their main and
celebrity series.
• ‘Hunted’ is a real-life thriller
where contestants are
instructed to go on the run,
while avoiding an elite team
of hunters with military,
police, or cyber backgrounds
(that’s us!) that can access
the `powers of the state' to
track them down.
Interviewing –
Some Thoughts
and Advice
The Essentials

• Presentation and preparation are key to giving

you the best chance against tough
competition at interview stage.
• Many interviews can be over before they have
begun due to lack of care and attention to
basics.
• Think about…….

24
 • Whilst you may not be able to predict what interviewers will
ask, certain questions arise frequently, and you should make
sure you are ready with responses.
• Look at the role specification or job description to work out
what kind of questions you may be asked. That way you can
align your skill set and experience with the role.

Interview •
•
Tell me about yourself?
Why did you (or are you) leaving your job?
Questions •
•
Why do you want to work here?
What are your strengths?
• What are your weaknesses?
• What are your goals (where do you see yourself in xx
years time)?
• Why should we hire you (or why do you want this job)?
• What salary are you seeking?

25
 • You may be asked scenario-based questions, so try
and give examples and prepare for them. Try to put
a positive spin on them.
• Adaptability
Competency- • Give an example of when you feel you went
based “above and beyond” in your role?
• Describe a time when you altered your work
interview priorities to fit in with another worker or
team?
questions • Tell me when you had to change your point
of view or you plans to consider new
information or changing priorities?

26
 • Client focus (if relevant) could be internal or
external
Competency-
• Give example of how you provided a service to a
based client and went beyond their expectations. How
interview did you identify the need?
• A time when you had to deal with a client
questions service problem? How did you resolve the
situation?

27
 • Communications
Competency- • Give an example of a difficult or sensitive
situation that required extensive comms?
based • Describe a time when you had to pay close
interview attention to what someone was saying and
actively engaged to understand their message?
questions • Describe a situation where the strength of your
comms skills resolved an issue?

28
Competency-based interview questions

• Teamwork
• Describe a time when you worked
successfully in a team?
• Describe a situation where you
were successful in getting people
to work together effectively?
• Describe a situation in which you
were a member of a team and a
conflict arose in the team. What
did you do?

29
Answering tough questions

• Many employers will seek to test

your ability to think on your feet
and express yourself by throwing
some tougher questions in to the
mix. So remember to:

30
 • situation - the situation you had
to deal with
• task - the task you were given
to do
STAR Method – • action - the action you took
verbal or written • result - what happened as a
result of your action and what
you learned from the
experience

31
• When using STAR, remember:
• you can use examples from work, home or volunteering
• keep examples short and to the point
• try to get your points across in a conversational way so as not to appear too
rehearsed
• be prepared to answer follow-up questions about the examples you give

32
Technical Ability Assessments

• Depending on the role and the employer

• Hands on, keyboard, screen, virtual or in-person
• What can you actually do?
• What additional training and development do you need?
Remember

A CV does one thing – it gets you an interview.

The interview gets you the job.
 Q&A

Client Confidential