Get to know SylvainSylvain Luiset, with a Master of Science in Communication Systems from EPFL, is a Senior Consultant and has been working in the Information Protection and Business Resilience team in Zurich since June 2014.
at KPMG Zurich
After my studies in Communication Systems where I specialized in Cryptography and Communication Security, starting a career in Cyber Security was the next logic step. When I started my studies at EPFL, Cyber Security was a trendy topic and I was very interested in it from the beginning. Right after my Master, I worked for an international company in Fribourg, mainly focusing on internal projects. As I was interested in client-facing work, I started researching consulting companies that offer such positions in Cyber Security.
I saw KPMG’s job ad in the Information Protection and Business Resilience team on a job platform and found it very appealing from the beginning. During the recruitment process, I realized that I really wanted to work in consulting and that KPMG was the right employer to start my consulting career. I got the feeling that the position was made for me. At KPMG, I can work on multiple projects at the same time and also work at the clients’ premises. It was a more challenging position as I had never worked directly with clients before but I was ready to take on this challenge.
On my first day, I participated in the official KPMG Welcome Day. At this introduction day, I not only learned more about KPMG and its vision, I also met colleagues from other departments and built up my first network within the firm. I spent the first week here mainly reading all of the provided information. I also had a mentor who showed me around and explained everything to me. This was very helpful and I still contact him whenever I need advice on career or practical topics.
In Information Protection and Business Resilience, my team offers both Cyber Security and Certification Services for our clients. In particular, we perform penetration testing and vulnerability assessments and offer a wide range of certifications. This means that I not only work on Cyber Security projects but also do Certification projects, which focus more on audit. My first client project was the certification of a Public Key Infrastructure. I worked directly at the client’s premises conducting interviews to confirm that the client was fulfilling all of the requirements. I did this project together with my mentor and learned a lot about interview techniques. I particularly like the Cyber Security projects and mostly penetration testing. In such tests, I put myself in hackers’ shoes, initiate cyber-attacks and thus try to find security issues within the client’s infrastructure and processes. Based on these findings, I can make recommendations for the client so the client can effectively protect itself against cybercrime.
There is no typical workday in Information Protection and Business Resilience. Every day is different. I work on various projects with multiple and different team members. I am either at the client’s, doing on-site penetration testing or at KPMG writing reports. We also have a Cyber Lab on our premises for remote penetration testing. There, we have specialized tools, dedicated hardware and vulnerability scanners and the ability to simulate cyber-attacks.
The diversity of the projects, the variety of clients and the fact that all of my projects are challenging and I can learn every day. I particularly like penetration testing. The more experience you have with these tests, the faster you become and it gives the opportunity to always apply the newest hacking techniques. What further motivates me are the report discussions with the client, where we meet with highest level of the organization. These meetings are interesting but also challenging as we need to translate all the technical information into business language and make relevant recommendations.
In my opinion, the most challenging part is time management. I normally work on multiple projects at the same time and need to switch quickly from one client to the other.
Working in a client-facing job as I do is very interesting. My clients are mainly from the finance, industrial manufacturing, telecommunication and energy production industries. Many of them are international companies but some are not very well-known smaller companies. I like this diversity as I learn a lot about different processes and industries and get to know many people with different technical backgrounds.
I travel quite a lot due to international client projects and on-site testing. So far, I have gone to Dubai, Germany, Singapore and India and worked in very international KPMG teams for multinational clients. I really like the traveling part in my job as I can experience new cultures and ways of working together.
KPMG offers external and internal trainings. I just recently did a certification in ethical hacking in Germany and a training on “Industrial Control Systems security” in the United States. Internally, I can attend courses to improve my leadership, sales or presentation skills.
When working in Cyber Security, it is important to have a thorough understanding of the field of cyber security, cyber-crime and networking. My colleagues either have a similar background as I do, or hold a Bachelor or Master’s degree in Computer Science or Information Technology. Personality-wise, one needs to like working with clients and have the ability to both quickly adapt to altering situations and to think out of the box.
Get in contact with potential future colleagues as soon as possible. This could be during a job fair or at one of the specific Campus events. You should also not hesitate to contact future team members on professional platforms, such as Linkedin. In this way, you learn a lot more about the different career opportunities and, more importantly, get to know an employer’s corporate culture.