Building A Cyber Career: Training, Mentors, And Real-World Lessons

Show Notes

Curiosity, clear thinking, and a calm plan can beat even the smartest phishing email. We sit down with Trent, a cybersecurity analyst at Mercury IT, to map a practical path from the help desk to a rewarding security career, showing how real client problems, steady mentorship, and daily learning build the right instincts. If you’ve ever wondered whether certifications or degrees matter more than experience, or how AI is reshaping both attacks and defences, this conversation offers a grounded, human take.

Trent shares why working the help desk was an underrated superpower: it reveals how systems behave, how people really click, and where gaps hide in plain sight. We dive into internal training and phishing simulations that catch staff on those Monday mornings and Friday afternoons, not to trick them, but to build habits that last. From translating jargon for clients to designing controls that aren’t “doom and gloom,” Trent explains how trust and empathy strengthen security far more than fear ever could.

We also explore concrete steps for breaking into cyber: pick one certification aligned with your tools, pair it with hands-on practice, and seek out mentors who explain without talking down. Trent outlines how AI now powers convincing social engineering—and how defenders use automation to remove repetitive tasks and focus on higher-value analysis and incident response. For small businesses who still think they’re invisible, we walk through why size offers no safety and how preparedness beats panic every time.

If this resonates, follow the show, share it with a teammate who needs a nudge toward better habits, and leave a review with the one security tip you think every business should adopt next.

Chapters

• 0:16: Welcomes And Background
• 0:25: Path From Help Desk To Cyber
• 1:48: Why Cybersecurity Caught His Eye
• 3:31: Mentorship And Clear Communication
• 5:55: Making Cyber Less Doom And Gloom
• 7:02: A Day In A Cyber Analyst’s Life
• 8:21: Internal Training And Phishing Drills
• 9:33: AI’s Role And Smarter Scams
• 10:01: Skills, Certs, And Learning Paths
• 12:17: Experience Versus Formal Education
• 14:11: The Hardest Part: Culture Change
• 15:03: Small Businesses Are Targets Too
• 16:03: Interests In AI And Automation
• 17:05: Advice For Breaking Into Cyber
• 18:28: Closing Thoughts And Thanks

Transcript

SPEAKER_01: 0:16

Welcome along today.

SPEAKER_00: 0:18

Thank you very much.

SPEAKER_01: 0:19

Thanks for coming along today. It's great to have a new face on the on the next side, that's for sure.

SPEAKER_00: 0:24

That's good for you, thank you.

SPEAKER_01: 0:25

So you've been at Mercury for quite a number of years. How long? How long have you been here?

SPEAKER_00: 0:31

Probably just this month. Uh finished my seven seven years here. So uh yeah, it's uh been here a while, but uh thoroughly enjoying it.

SPEAKER_01: 0:41

Yeah, goodness, you must have been a youngin' when you started then.

SPEAKER_00: 0:44

Oh yes, back in the day, yes, yes. Um not quite as young now.

SPEAKER_01: 0:49

No, time slips away fast, um so what sort of did you originally start in cybersecurity at Mercury RT or did you come in a different avenue and then sort of head into the cybersecurity area?

SPEAKER_00: 1:03

Yeah, so I sort of I've always had cybersecurity uh in the back of my mind as sort of a a bit of a potential path. Um, but I started here with Mercury actually uh on the help desk, you know, gaining a bit of foundational knowledge um and some experience, which is uh really helpful. Um, and then sort of pivoted into our cybersecurity team, uh, which has sort of grown a little bit since then, even. So uh yeah, it's I obviously know the the company and the culture pretty well, and um to be able to sort of make that shift within the same organization was yeah, really uh something I was uh excited for.

SPEAKER_01: 1:48

Yeah, and what um what originally was your interest in cybersecurity? What made you think that that might be the career path for you?

SPEAKER_00: 1:56

Yeah, so probably going back a while now, back even when I was in school, I always had a bit of a you know, an interest in computers, IT, that sort of thing. And went to an open day at one of the local unis and they had a cybersecurity session, and they were talking about cybersecurity and even back then, how there's quite a quite a demand for roles, cyber roles. Uh, I think it's even grown more now. There's you know, there's not enough roles, not enough people to fill the roles that there is nowadays. It's um but yeah, even back then and uh you know they were talking about cybersecurity and it sort of sparked a bit of an interest then. And I did my uh I did a bit of more of a traditional route of uh bachelors of IT. They didn't really have too much um sort of like specialized cybersecurity courses or degrees or or majors back then. I th I they probably do now because it's quite a yeah, quite a popular field. Um, but I sort of got that degree in IT uh as sort of a yeah, more traditional route. And then yeah, I guess I I was just looking for IT-related roles and sort of just had that cyber path in the back of my mind. Yeah. Uh since then, really.

SPEAKER_01: 3:24

I think probably having the foundations in IT to begin with too would certainly help you with your cybersecurity role.

SPEAKER_00: 3:30

Yeah, yeah. I I think um it was definitely helpful to have uh the experience on the help desk, you know, talking to clients, understanding how uh how all the systems work just internally uh for for one, but also just talking to clients and sort of understanding how the clients work, you know, with their environments and how they behave as well, like their behaviors towards certain things, like um, you know, maybe you know that they've gotten a weird email or something like that. And you sort of sort of pick those things up in in those sort of entry-level roles. And um, yeah, I think that's been quite helpful. Um, but also just staying within Mercury IT. Obviously, I I now know our clients uh as opposed to um you know coming in from somewhere else, so even more beneficial, I think.

SPEAKER_01: 4:26

So and also they have that trust there with you as well, sort of, you know, they know your name, they know who you are, so trusting on the advice that you're giving.

SPEAKER_00: 4:36

Yeah, so maybe they uh they've they've lost me uh for helping them with uh their day-to-day issues, but now they've gained me. That's right. Uh you know, helping them with uh their their cyber stuff. So uh yeah, yeah.

SPEAKER_01: 4:49

And um, I'm sure obviously Chris has been quite the regular on the podcast. I always say he's almost like my co-host. Um yeah, I'm sure that you've learned a lot along the way, you know, working as part of his team.

SPEAKER_00: 5:03

Yeah, yeah, definitely. Uh yeah, Chris has has been a good mentor, especially when I first started. He's obviously you've you've heard him speak and he's been on the podcast, he's very, very knowledgeable. And not only that, he knows how to sort of translate those more technical things uh into a bit more of an easier to understand language. So when he's speaking to uh you know people in in the organization or clients, obviously. Or me. Or me, or me, when I especially when I first started, um, it was very helpful for me to, you know, understand, you know, certain concepts or you know, questions I might have. So yeah, definitely been uh helpful working with Chris.

SPEAKER_01: 5:45

Yeah, that's why I love having him on the podcast too, because you know, he can explain it, and even though he obviously probably scares everyone a lot, yeah, he does it in such a nice manner.

SPEAKER_00: 5:55

I mean, it's it's it's not necessarily uh his fault either. Like cybersecurity can be uh can tend to sound a bit doom and gloomy because it's often associated with uh sometimes negative things like you know a breach or you've lost your uh information, uh data, or even just personally, I'm sure everyone's you know had some experience with you know someone maybe getting their their social media password or something, something like that, um, or being locked out of an account. And it can be quite you know scary if you if you don't know what's happening. So yeah, having someone like uh like Chris or to to sort of explain things and methodically and uh in a clear, clear way, or even myself now, I guess. And as our team grows, as as we sort of start to help clients, you know, um through sort of harder situations, that can we can sort of uh uh help them to be, yeah. Hopefully it's a little less doom and gloomy. Um uh and more being prepared. Yes, yeah, yeah, definitely. Yeah, for sure. That's good.

SPEAKER_01: 7:02

So, Trent, as the one of the cybersecurity analysts at Mercury IT, can you tell me a little bit more about a typical day or you know what you generally do on a day-to-day basis?

SPEAKER_00: 7:12

Yeah, yeah, it's uh a tricky one to answer because we do wear many hats and uh every day can be sort of different, uh, which makes things exciting. Uh it can be simple things like um you know onboarding new clients and uh or talking to the team about the the latest phishing emails that we've seen or some sneaky new scam, those can be interesting. Um also doing a lot of um learning about what kind of uh attacks are currently out there in the wild. Um, you know, we've got to kind of stay ahead of the game. I mean, that's a full-time job in itself. Yeah, absolutely. Um, but uh yeah, you know, it can be um it sort of depends on the day. So, you know, we can be uh talking to clients about, you know, something that they might not have been sure of in their in their that's floated through into their inbox or um you know some cybersecurity training, uh, you know, making sure everyone's uh understanding how important things are. It's sort of just conveying the message of cybersecurity in in general is uh uh is is a big task in itself. Oh, for sure.

SPEAKER_01: 8:21

And what people might not realize is that even though you we are an IT and cybersecurity company, we I actually do our own training for our own stuff, don't we? Like I love getting those fishing emails. Oh yes, yes, yes.

SPEAKER_00: 8:33

No, obviously uh it's not we've got to sort of walk the walk, you know. So we we also uh have internal training and um everyone uh everyone is well uh familiar with that. Uh definitely, yeah.

SPEAKER_01: 8:47

Yes, I feel like they always come at those moments when you might just have your guard down, maybe a Monday morning or Friday afternoon.

SPEAKER_00: 8:54

Yeah, yeah, yeah. Those are the two yeah, trickiest times. Yeah, they can be uh very sneaky.

SPEAKER_01: 9:00

Um they definitely can be. I have to definitely look twice.

SPEAKER_00: 9:04

Yeah, which is why why when you see one in the wild, it can be uh really interesting. Um, especially when it is something that you haven't seen before, and you see, well, how it can be uh impressive sometimes. You know, you you don't know. Yeah, you don't you don't want to credit these uh these people, uh, but it can be quite um very convincing, yes, uh, which is yeah, obviously why we have uh the training and we go through those sort of practice ones.

SPEAKER_01: 9:33

Yeah, and probably with the AI progressing so much too, that's you know, aiding not only us, we mortals, but also the cyber criminals as well.

SPEAKER_00: 9:42

Yeah, it used to be just uh you you could spot it a mile away, you know, with the grammatical errors or uh where it was the the weird email address that was coming from. But uh yeah, I think m most people are well aware they've everyone's received one now. So uh yes, yeah, very important. And yeah.

SPEAKER_01: 10:01

Um, Trent, for someone looking to get into cybersecurity, what do you feel are your like probably the best skills? It doesn't have to be technical, it can be non-technical, just yeah, skills that you think have helped you along the way.

SPEAKER_00: 10:13

Yeah, I I think it it doesn't even necessarily need to be technical. Um I started on the help desk, but cybersecurity-wise, I I sort of built those skills as I as I went. I think more a desire and uh eagerness to learn is probably a uh not so much a skill, but more of a mindset that you probably need to have if you're looking at uh cybersecurity just because it moves so fast and it does seem to, doesn't it? Yeah, we we we need to sort of stay ahead of the game, really. So I think you know, when we're always trying to, you know, stay on top of the new thing that's happening. Uh so uh definitely uh an eagerness to learn uh would be one.

SPEAKER_01: 10:59

And how would you uh how do you generally stay on top of what's happening? Like, do you do extra training or certifications or that sort of thing to try and keep?

SPEAKER_00: 11:09

Yeah, uh I think uh similar to the approach to uh defending with cybersecurity, there's there's probably not just one approach that will cover everything. So we'll do um you know certifications, there's uh a lot of uh good, you know, depending on what what you what your organization's working with, but obviously uh Cisco, Microsoft uh two big ones. Uh there's there's there's so many certifications now, so you can sort of uh go down a big rabbit hole there. Uh also probably just um there's a lot of uh you know just free material out there too. So uh even just uh cyber security podcasts, uh that kind of stuff. Um you know, conferences. We we sort of have some team members uh attending conferences uh throughout the year as well, just to sort of um stay on top of things. And um also the you know, if you haven't uh done so already, there I wouldn't throw out um sort of formal education completely, like uh getting a degree or a master's or something like that. Um it can be tricky though if you've not got the experience. If you're looking to sort of get into cybersecurity and you you're you're only relying on like a degree uh or something like that, it can be uh you know, really excellent theoretical knowledge, but the the experience is really key. Uh so um yeah, I would say, you know, you know, broaden your range, you know, look into the certifications as well, but also, you know, get into the uh get your skills developing um firsthand, you know, get yeah, getting some work experience and or do your degree and work experience at the same time.

SPEAKER_01: 13:01

I think that's how I got my first marketing job as just some voluntary work experience.

SPEAKER_00: 13:06

I mean, I I had a I I went down the degree route, but I think uh eventually, you know, ultimately uh it was that that role in the help desk that sort of you know uh got me introduced to the world and it started building those skills that helped me uh you know move into that cybersecurity area. Definitely. Um and probably gave you the foot in the door too.

SPEAKER_01: 13:29

Yeah, Mercury and sort of seeing firsthand the you know the cybersecurity team and yeah, and what they deal with, you know, being able to uh chat with them and that kind of stuff.

SPEAKER_00: 13:37

So um I think and even while you're you know uh in that entry-level role on the help desk or or whatever it may be, you can also uh yeah, uh learn part-time. Uh, you know, a lot of organizations will really um be happy if uh they'll help you with these, uh, you know, to get these certifications. So yeah, but they want you to stay on top, yeah, yeah, definitely. So uh yeah, there's a few different ways that you could do that.

SPEAKER_01: 14:06

Yeah, and um what do you find the most challenging thing about the role?

SPEAKER_00: 14:11

Oh the most challenging thing, um, I think about cybersecurity in general is is uh it's definitely getting better, but convincing people how important it is and how that they're they're actually everyone is part of the cybersecurity team. So it it is a constant uh you know, not so much a battle, but uh perhaps uh just educating, isn't it? Yeah, it's just um just uh sort of um getting our our our point across, I guess, that uh everyone everyone's part of the team, you know.

SPEAKER_01: 14:48

Yeah, you don't want to be the weakest link.

SPEAKER_00: 14:49

Yeah, well yeah, that's that's right. So um, you know, it is everyone's job at the end of the day. So yeah, uh everyone's part of the cybersecurity team, I would say.

SPEAKER_01: 14:59

So it is a tricky thing to um for people to wrap their heads around though, isn't it? It's and that that's why we host like the cybersecurity events and you know, the true cost of a cyber attack, because it's really is showing like a true case study of you know how they can get in and just how easy it is. And I think as I've said many times on this podcast, people think, oh, it won't happen to me. I'm too small, but that's not necessarily the case. And yeah, that's right. I think we're forever uh trying to get that message out there.

SPEAKER_00: 15:28

Yeah, it's it's probably just going to be a an an endless uh um uh something that we'll be doing for a long time, I think. Um, and yeah, you don't really think about it until uh something happens. So, you know, getting that message across before something happens is is ideal. So you can be prepared, I guess. Exactly.

SPEAKER_01: 15:50

Sometimes ignorance isn't bliss. No, unfortunately not in this sense. No, that's for sure. Um, and are there any particular areas that now that you're obviously well and truly in the cybersecurity space that uh interest you? Like are you interested in you know the more of the AI cybersecurity space, or is there some something in particular that you're thinking that you might like to learn more about?

SPEAKER_00: 16:12

I think uh yeah, I AI is obviously a big one. I've heard Chris talk about it uh a fair bit, um, but also just as sort of a semi-related uh piece of that, probably probably the automation side of things of of security, uh, because being able to look into that uh even internally, that sort of frees us up to uh it's it's not necessarily uh replacing us, it's sort of freeing us up to to look at the more sort of value-adding things for our clients, you know, that we can sort of bolster them even further. Uh so I think that yeah, that I mean, just generally that all of that stuff will be very exciting coming into the future and scary.

SPEAKER_01: 16:56

Yeah, yeah, that's it, isn't it? Yeah, it's um and that's yeah, another thing to try and you know wrap your head around and keep on top of.

SPEAKER_00: 17:05

I I mean a lot of people can portray it as a bit of a doom and gloom uh topic, but I like to take a bit of a positive approach to it.

SPEAKER_01: 17:12

So yeah, yeah, that's it exactly. And um, is there anything else you'd like to share about your role in cybersecurity or any advice you'd give to anyone that's sort of considering it as a career choice?

SPEAKER_00: 17:25

Yeah, I I'd say if you're if you're interested in it, definitely give it a go. I as I mentioned I touched on before, it's not all doom and gloom. You know, there's a lot of uh great aspects of it. You you're not just an isolated team member that um, you know, you're you're often working with different teams and and clients and stuff like that. So um yeah, if you're interested, definitely give it a go. Make sure you're uh have that mindset of prepared to be, you know, learning a lot uh and uh ongoing learning. Um and yeah, um definitely don't just rely on one thing uh if you're trying to get break into the industry, just uh definitely try and uh get your foot in the door somewhere, get that foundational skills built up and uh ideally with an organization who may have a cybersecurity team who you can you know start to talk to and uh maybe pick their brains a bit while you're while you're learning. Um and yeah, it's a it's a great path to get into, I think.

SPEAKER_01: 18:26

Yeah, excellent. Well, thanks so much for coming on the episode. And um, yeah, I mean it's great to get another take on cybersecurity. As I said, Chris has been quite irregular, but it's yeah, it's nice to have a different face on and you know a different perspective. So thanks for joining us.

SPEAKER_00: 18:43

Thanks very much.