From IT Consulting to IT Security – A Field Report

Through his studies, Covid-19 and new training programmes, his path was not always mapped out but was nevertheless crowned with success. His move to CIS – Certification & Information Security Services GmbH underlines the fact that even non-traditional IT specialisations can be successful in the field of information security.

Portraitfoto Eden Burton

“I’ve always had an interest in the systematic aspects of IT. But it was through my work and experience with ISO 27001 that I realised how fascinating and important this area is,” says Eden Burton.

From IT consulting to IT security

Eden Burton completed his computer science degree at the UAS Technikum Wien, the last two semesters of which were severely affected by the Covid-19 pandemic. These circumstances made it difficult to specialise in his studies, but Eden found a way to deepen his interests outside the classroom. During his studies, he worked at NAVAX Consulting GmbH as a project management assistant, where he first came into contact with the ISO 27001 standard. “Back then, I was often told: ‘Here, read up on the standard. That sparked my interest,” he recalls. This interest ultimately led him to the course Information Security Manager according to ISO 27001 and a corresponding certification at CIS.

After graduating, Eden decided to continue his career as an IT consultant. In this role, he took on greater responsibility in the Information Security Management (ISM) team, was jointly responsible for certification and eventually completed the ISO 27001 Information Security Auditor course at CIS. “The course was very professionally run, and it made me want to sit ‘on the other side’ of an audit.”

 

The path to CIS and the challenge of the first audits

Eden moved to CIS in January 2024. Within three months, he completed his observer audits, which led him to four different audits with a total of ten audit days. After a further two months, he was officially appointed as an A1 auditor. He carried out audits in various phases, including Stage 1, certification and recertification audits as well as surveillance audits.

However, his first audit as Lead Auditor was not without its difficulties. “Even the best training cannot replace practical experience, so working on autopilot is not possible at the beginning, you have to familiarise yourself with all areas – but the sense of achievement together with the customer outweighs this,” says Eden. Despite the challenges, he was able to successfully complete the audit, which was a significant success for both the customer and himself.

 

Varied tasks and challenges

Eden’s work at CIS is very varied. He is not only active in on-site audits, but also in the “back office”. His tasks include appointing new auditors, assigning auditors to clients, preparing and following up on auditor calibrations and representing the Audit Services team in various specialist areas such as EN 50600, ISO 42001 and the World Lottery Association. “It’s often challenging work, especially when it comes to finding suitable auditors for specific projects. But it’s also a very fulfilling job that gives me a lot of insight into the different aspects of information security.”

Eden Burton shows that a career in IT security does not only require the traditional route via IT training, but is also possible through commitment and interest in the subject matter. For him, the work remains exciting and challenging, especially due to the variety of tasks and the opportunity to develop further in new areas.

Our training team will be happy to advise you on which training programme suits your personal career!

More news

Bleiben Sie Up-to-Date
to the News