From early beginnings with home computers, Roberto Leao, CC, has used his passion for computing and technology to pursue both an education and a career path into cybersecurity.

Roberto Leao, CCDisclaimer: The views and opinions expressed in this article belong solely to the author and do not necessarily reflect those of ISC2.

My first contact with a “computer” was at very early age: just seven years old. After seeing one at a school friend’s home, my father bought me a TK95 (a Brazilian clone of the British Sinclair ZX Spectrum home computer). Back in 1988, I lived in a very small town and we had to travel 25km to a larger town just to buy it. I didn’t know anything about programming, but I became completely hooked on it and was 100% sure that I wanted to work with computers and anything related to them.

Degree Pathway to Cybersecurity

Ten years later, aged 17, I started my degree studies in Computer Science at the Federal University of Santa Catarina (UFSC), without knowing exactly which area I wanted to focus on. I earned my BSc. in Computer Science in 2002 and, in 2004, began studying for an MSc., focusing on computer architecture/power estimation for System on a Chip (SoC). I was eventually awarded my MSc. in 2008 while working as a database developer/analyst full-time.

Before working as a database developer/analyst, I worked as a developer (C#, .NET, Delphi/Object Pascal). However, working as a database developer promoted my interest in database administration. By 2010 I had earned an OCP (Oracle Certified Professional) certification in Oracle 10g, along with an OCE (Oracle Certified Expert) in Managing Oracle in Linux. I also earned the ITIL Service Management Foundation v2 certificate at around the same time.

New Horizons

Then, in July 2010, I emigrated from Brazil to Australia, starting work at the company I still work at today. The original job advertisement to which I responded was for a database administrator (DBA) role – but, being with a small company, I ended up performing lots of tasks related to infrastructure in general, including adding/removing rules to a Juniper firewall, configuring switch ports and physically installing and configuring new servers and operating systems in the datacenter. As the company grew, I found I had more and more to learn, including Oracle VM, for example. All that experience got me more and more excited about network and security and infrastructure and system administration in general.

On one occasion, I noticed unexplained emails being sent from a server. I investigated and quickly learned about a vulnerability that someone had exploited to send those emails. For me, this was the turning point: I understood now how little I knew about cybersecurity and also knew that this situation had to change.

This was somewhat problematic. Without many external contacts to call on (especially in cybersecurity), working from home since late 2012 and with new father duties (2013 and then again in 2017), it took a long time until I was able to start learning more about cybersecurity. By 2022, I had found some good initial learning material and finally had the time I needed to focus on my career change goal.

Working Towards CC

In 2023, via LinkedIn, I learned about ISC2 and the Certified in Cybersecurity (CC) certification. Undertaking this training and certification became my first step towards a real change of role in the near future. Since earning ISC2’s CC qualification, I’ve been really focused on learning more and more about cybersecurity in all its areas. Since I’m already a hands-on IT professional, I’m also making sure I review and improve my existing knowledge, all the way from the basics up, so I can make the difference in this exciting area.

My medium-term goal is to become a member of a Blue Team, as my current role involves many related responsibilities; this helps me to keep focused on my learning and improving my skills. Since I earned the CC qualification, my company has increasingly involved me in matters about the company’s cybersecurity. This includes monthly meetings with key stakeholders, to make sure we improve the company cybersecurity. This typically includes reviewing processes and peoples’ awareness on how important it is to be vigilant these days.

My overall hope is that, with my experience in several distinct areas of computer science and my current (fast) learning of cybersecurity, I can help to make the systems, servers and people I work on (and with) more and more secure.

Related Insights