Craig is the Penetration Testing Manager based in London, He joined AWS in June, 2020.
HereAtAWS: Tell us about your career journey. What brought you to your current role at AWS?
Craig: I left my home country, USA, seeking adventure in 2008. I found it in SE Asia. In 2012, I was running my own education consultancy in Bangkok, Thailand. At the same time, the news was flooded with victims of online scams. People were losing their life-savings and businesses were closing down because of hackers. That really struck a chord with me, and got under my skin.
I left SE Asia and moved to the UK to study information security and privacy to pivot into cyber security. After studying, I took a graduate role at a telecommunications company. Within three years I was promoted to Head of Ethical Hacking for EMEA.
When I saw that AWS was building a team of penetration testers in Europe, I jumped at the role. Many of my telco customers faced security issues related to their digital transformation. Working at AWS gives me the opportunity to secure the technologies that businesses rely on to serve their customers.
HereAtAWS: Can you explain in simple terms: your role, who your customers are, and how you help them?
Craig: I manage a team of penetration testers. These engineers are 'mimic criminals' that test AWS services in the same way that 'criminals' would. We serve AWS customers by supporting AWS product and service teams. When AWS releases new services or service updates, my team tests for vulnerabilities. When we find a problem, we work with our colleagues to fix it, keeping the secure bar high and keeping our end customers secure.
HereAtAWS: What technical and/or soft skills do you need to succeed in your role?
Craig: This role requires a combination of technical and non-technical skills. Each tester must be able to read source code and find vulnerabilities in that code. Each tester must be able to script solutions to unique problems. Each tester must be able to look at an application, understand how it was built, and then think of ways to make it do things it was not meant to do. Each tester must have the skill to describe problems in a way that is easy to understand. This role requires breadth and depth of technical security knowledge with a malicious mindset.
HereAtAWS: Have you had to learn any specific new skills (technical or soft) for your role?
Craig: We test AWS services, so I’ve had to learn not only how to use AWS services, but also how AWS services are built. I’ve also learned to write ‘the Amazon way’, which is unique to the company and really exciting.
HereAtAWS: How does your work with customers help to make a positive impact on society?
Craig: We work tirelessly to keep our services secure. All of our customers – from large multinational business to start-ups and everything in between – trust us to keep their systems secure. The livelihood and economic security of so many people rely on our systems staying available, secure, and robust. It feels great being a part of that.
HereAtAWS: At work, are you involved in any activities outside of your role?
Craig: I am involved in several Affinity groups and am actively involved in mentoring. I am relatively new to AWS, so once I find my niche I will focus on public speaking, training, and bar-raising.
HereAtAWS: What’s the most exciting part of your job?
Craig: I get to work with the state of the art. My colleagues have patents that get built into products. Then we get to hack those products! It’s awesome.
HereAtAWS: What’s the most challenging part of your job?
Craig: It’s hard to know what not to work on. There are so many cool things going on, and so many things that need to get done, that it’s easy to say yes to everything. I am a people-pleaser – I want people to trust and rely on me and often think that means saying yes when they ask for things. The most challenging part of my job is saying no to cool, impactful, awesome ideas.
HereAtAWS: What advice would you give people joining AWS?
Craig: Take your time to learn the nuances of your team and the peculiar ways we work. You were hired for a reason. Lean into what makes you a bar raising candidate and find your niche.
HereAtAWS: What three words would you use to describe workdays at AWS?
Craig: Varied. Challenging. Inspiring.
HereAtAWS: Do you have any needs or commitment that require flexibility in your role?
Craig: We are new parents (Autumn, 2020) and will definitely need (and receive) flexibility. Honestly, I was surprised how generous and kind everyone has been. I’ve received a lot of advice, tips, and support and feel confident the flexibility I need will be met. That kindness has driven me to work hard and deliver for my team.
HereAtAWS: What do you love to do outside work?
Craig: We enjoy cooking and fitness, and try to spend most weekends out in the countryside. London is a metropolis, but we are a short drive from ancient woodland and gorgeous beaches. We are going to be new parents by the time you read this, so that’s the challenge we are attempting.
HereAtAWS: Is there anything else you would like to add about your personal journey?
Craig: I often leap before I look. It’s how I’ve ended up doing fun things all over the world, but also why I’ve failed so often. I didn’t realise at the time, but that constant trial and error means now I am right, a lot. AWS encourages rapid experimentation and doesn’t punish people for making a mistake once.