Like many of us in this space, Emily Etchell didn’t start her career in cybersecurity.
Instead, Emily began her career in biomedical engineering, designing and building medical devices.
Next, Emily started to learn about and work on securing medical devices. And that’s where Emily’s journey into cybersecurity began. Several years later, Emily is now honing her skills in reverse engineering at Cosive.
In this interview we sit down with Emily to cover many different topics, like:
I’m a Security Consultant at Cosive, currently based in Sydney. I have experience in medical device cybersecurity, penetration testing and recently have been getting more involved in reverse engineering.
Whilst I’ve spent the last few years in security I initially began my career in biomedical engineering. Given where I am now it’s a little way away from where I came from but each step felt logical as I stepped through it, and only now do I feel like I’m far from where I started!
I started my career as a biomedical engineer working for a small manufacturer of a cervical cancer screening device where I got to work in design, development and clinical trials. It was wonderful being part of a small team and I loved getting to see all the goings on outside my role.
Life then took me to Canberra though and, like a large number of Canberrans, I ended up working for the Government. It was in my first role in Canberra that my supervisor at the time raised the idea of exploring medical device cybersecurity and for me it sparked the start of my cybersecurity journey. With no prior experience, I began a deep dive into all things cyber with online courses, CTFs, talking to security professionals around me and turning up to community meet-ups.
I realised I wanted to really concentrate on this newfound interest which prompted my shift to a purely cybersecurity role where I was so grateful to find myself surrounded by another group of extremely supportive and lovely colleagues. It was especially wonderful seeing how many people around me had not necessarily come to cybersecurity in a direct manner but had previous careers as teachers, nurses or other non-IT based backgrounds.
“It was especially wonderful seeing how many people around me had not necessarily come to cybersecurity in a direct manner but had previous careers as teachers, nurses or other non-IT based backgrounds.”
— Emily Etchell
I was able to spend time learning and immersing myself before life took me to the private sector in Sydney where I found myself wanting to reconnect with the people aspect behind work, rather than just the technical. Whilst this sparked a shift to study nursing it wasn’t long before I missed the technical challenge of chipping away at cybersecurity puzzles. I realised I wanted to be somewhere that placed value on people at the core of what they did, but that would allow me to re-immerse myself in cybersecurity challenges.
That’s what eventually brought me to Cosive. I feel lucky that I’m surrounded by inspiring minds that also care strongly about the impact their work has on the world.
Biomedical engineering is problem solving for biological and medical problems. It can look like a lot of different things, whether it’s making sure medical devices are safe and functioning properly, or designing new medical devices to improve patient outcomes or make their medical journey just a little bit easier. With biomedical engineering, you’re taking your skills in mechanical or electrical or some other engineering and applying them to medical problems.
For me biomedical engineering has involved investigating when medical devices weren’t working. Trying to pull them apart and understand why it’s not working, which part of it isn’t working and what would it look like for it to be working safely. I’ve always had an interest in health and the clinical side of things, understanding how we function as cells working together. And I also liked trying to understand what was happening with how we might be feeling physically at different times. I feel it overlaps with the engineering side of things, with wanting to figuratively pull things apart and understand how they work.
I find it so interesting as it’s ever changing, there is always someone discovering something new, someone breaking something assumed to be unbreakable, and someone redefining how we understood things to be. It's always on its toes with constant defence and attack and everything in between - everything just seems higher stakes.
It’s the start of a journey for me that I’m really excited about. Coming into this industry without much background I felt like I started on this wave where I wasn’t sure where I would go and it has taken me through some amazing jobs and experiences. However I recently stepped back and reflected on where I want to be in cybersecurity and realised I wanted to knuckle down and really delve deep to carve out a little spot for myself.
“I recently stepped back and reflected on where I want to be in cybersecurity. I realised I wanted to knuckle down and really delve deep to carve out a little spot for myself.”
— Emily Etchell
Reversing really appealed to me as a bit of a puzzle, perhaps a holographic puzzle without borders and irregular shapes, but with (hopefully all) the pieces in front of you. I love the idea of tapping away at things, trying to understand how they work and what is going on. And to me reversing is figuring out how something works. I feel like it’s similar parts frustrating and oddly therapeutic going through each puzzle piece to try and figure out the bigger picture.
Outside of work I really like getting away from the computer and changing things up. I’ve recently started to get into hiking, going out somewhere a little more remote than car camping, and I absolutely love it.
Sydney has some beautiful coastal walks that are just stunning, especially when you’re walking for hours across beaches and clifftops just sandwiched by ocean views or native flora. But it’s also opened up this whole world of lightweight hiking and camping equipment that I wasn’t prepared for. And I’ve been losing myself in the rabbit hole of finding things that are light enough just so I don’t feel like my back is breaking by the time we get to the camp spot.
Making a career switch can definitely feel intimidating, particularly switching into cybersecurity. But there are so many resources out there to help you learn, you don’t need to have a specific degree of any sort.
I think my biggest tip if considering making the switch is getting to know people in the community. People are so wonderfully welcoming and there are so many meet-ups or accessible conferences where you can get to know others in the field. And it is such a supportive community, people are so happy to share their knowledge, their journey, what books or courses they found useful and any advice or recommendations they have.
I also think it sometimes can seem like such a jump, and that you need to know so much before you can make the switch. However I’ve found that so many employers are open to you learning on the job, if you can show you have the ability to learn and the drive to want to do it - you don’t need to have 10 years of experience under your belt to start trying.
A big thing coming to Cosive that I really appreciated was that [Cosive Managing Director] Kayne always said “we just want to do good.” I think it really says a lot about Cosive and what I really love about Cosive. Plain and simple, we want to do good. We understand we all have an impact and want the projects that we take on, the people we hire, and the work we do to reflect our values.