I’m from Brisbane originally – I’ve lived here all of my 32 years and all of my family are local too. I’ve just bought a house in Cannon Hill so I’m settling down and enjoying life as a single person.
What are your loves in life?
I love to travel the world. I’ve had at least one international holiday every year for as long as I can remember. I really love Europe, particularly Germany. I’ve travelled Europe twice and been to see my family in UK too. I’ve visited Montreal, Japan, Fiji, Singapore, South Korea, New Zealand to name a few. I have a passion for European history – good and bad. I really enjoyed visiting Berlin – the culture, the history and the beer are extraordinarily good.
Otherwise, I love bushwalking here on home turf, hunting down great Asian food and catching up with friends on the weekend. My other love is coffee. When I’m in the office, we go and grab a coffee from a different place every time – it’s part of my adventuring spirit! I think we’ve found the best one but I’m still working my way through others to see if I can better the experience.
I think that kind of sums my personality up. I’m an adventurer. Never complacent. Always looking for new experiences.
How did you get into Cyber Security?
I started getting an interest in IT at school and it quickly turned into a passion. After school, I began to follow the Network Engineering path. I studied a Diploma of IT at TAFE then went to QUT for three years to complete my degree in IT Network Systems.
My first job out of Uni was for Goodstart Early Learning, on Helpdesk, fixing L1 and L2 issues. Then, I moved to Telstra as a Network Engineer, mainly configuring equipment until I got involved in Firewall configurations. This was my first experience of Information Security, and I really enjoyed it.
How did you end up at Equate?
While I learned a lot in larger businesses, I was eager to work in a smaller business where I could directly influence and impact client outcomes. I talked to one of the Founders at Equate and secured a role soon after as a Security Analyst. I initially spent a lot of time on ticket triage, firewall configurations, phishing and spam. After 6 months, I was promoted to Team Lead for SecOps managing a team of people. We’re thriving and hiring more people which will see my team double in size in the coming months.
Your team are a 24 x 7 resource, how does that work?
Our roles are 24 x 7 on rotation, so from 5pm until 9am we’re on standby with a range of other roles across the organisation, ready to tackle incidents, trouble shoot and escalate as necessary. It’s all part of our Managed Security service. We’re there to make sure Clients have peace of mind knowing we’re in the background keeping their assets safe and secure. We also undertake L1 Vendor support, fixing with triage or escalating issues as needed.
What drives you as a Team Leader in SecOps?
I’m extremely focused on being present and growing the capability of my team through mentoring, coaching and hands on technical support. People that know me won’t be surprised to hear I’m an extrovert – quite an unusual trait in the world of Cyber Security. I get my energy from people and enjoy learning about their personality traits and nuances. We’re all different and we each bring something different to our roles and the business – that’s why we are great as a team.
Introversion is common in technical roles – how do you make sure everyone stays connected?
From leadership down, mental health is always a priority at Equate. The lockdowns in the last year massively impacted people in all kinds of businesses in lots of different ways. It doesn’t matter whether you’re an introvert or extrovert, human connection is still really important.
I was a catalyst of ‘get togethers’ organising video and audio calls and online socials to stay connected. Fortunately, the Equate Leadership team is really focused on making sure nobody gets lost or feels isolated with plenty of team meetings and online beers on a Friday afternoon.
What was the impact of the last 12 months on your mental health?
Working solo would never be my preference for me and I certainly struggled on a personal level because I’m such a people person. I was really happy to be able to return to the office earlier this year. I’m in the corporate office two or three days a week and working from home the remainder of time. I’ve definitely seen ‘a shift’ in the way businesses work since the pandemic although Equate has always been a really flexible workplace and people work in a way that suits their lifestyle most of the time anyway.
How has this ‘shift’ manifested in your role?
Businesses are re-configuring how they work. Pre-COVID-19 all of the requests and incidents we received were office based, with very few issues around VPN or remote working technology. Most of our issues these days are remote / cloud based rather than on-premise.
Post COVID-19 lots of Clients still aren’t at full capacity in the office and many aren’t planning to be. It’s a good opportunity for businesses to reduce floor space, save money, and achieve life balance for their people too. I really think the pandemic has driven a real evolution in working practices everywhere. Without it, I believe the transition to this level of remote working would have taken quite a number of years.
What size of businesses are most susceptible to attack in your experience?
There is no ‘normal’ – everyone is at risk. SMB’s often don’t have the infrastructure or policies in place to protect themselves and the financial impact could mean the business is no longer able to trade. Enterprise level businesses have the policies in place, but the risks are higher with more employees unknowingly putting the business at risk.
Can you give me an example of what kind of attacks you see on a daily basis?
We often see the same bad actors attacking the same businesses in different ways. Sometimes they masquerade as the CEO, sending emails to staff members in the finance area, influencing them to make cash payments, send crypto currency, or buy gift cards which they convert into a local currency. Or they hijack email domains, asking individuals to change bank details so that invoice payments go directly to their account.
Using automated, manual interventions and a whole stack of experience, we are able to identify and mitigate risk, and fix problems before they become critical.
What are your top 5 tips to avoid an email cyber-attack?
You’re pretty early on in your career, what’s next for Nathan Tsoumbaras?
I’m people driven with a passion for service so probably something in the Service Management area while keeping hands on with the technical aspects of the role. I want to continue to deliver the best outcome for customers and be in cyber in a smaller business making a real difference.