Archana Singh, known by many as Archie, has been a penetration tester at OnSecurity for over two and a half years. On a typical day, her role involves collaborating with fellow pentesters to assess the security of web applications, APIs, network infrastructures, and cloud audits. But what truly sets Archie apart from her peers is her unconventional journey into the world of cybersecurity.
Unlike many of her colleagues, who have often emerged into the role with formal degrees in computer science or extensive experience in IT, Archie’s path to pentesting has been anything but traditional.
Before joining OnSecurity, Archie was a dedicated paediatric oncologist- a hands-on profession far from the algorithm-driven realm of cybersecurity. Her remarkable transition is marked by resilience, adaptability, and a passion for tackling new challenges head-on.
With such an incredible professional history, I was keen to hear all about Archie’s navigation of her unique career journey, and how she conquered a huge learning curve changing industries to become the pentester she is today.
Can you describe a bit about your former role and educational background?
“I studied medicine as an undergraduate for six years,” Archie shares. With a traditional, non-doctorate degree lasting only three years, the educational dedication required to establish a career in healthcare is not for the faint of heart.
After graduating, Archie became a doctor with the NHS. “I had a twenty-year career as a doctor. Five of those years I spent working in Cancer Research. I’d trained as a paediatrician and so later specialised in paediatric oncology (a children’s cancer doctor).”
What inspired a career change into pentesting?
Working for the NHS is a highly demanding role, with often poor work/ life balance for many of its healthcare professionals. Archie expressed that she loved her job as a doctor for many years- and found purpose in helping her patients- but eventually, there came a point where she needed change and a better lifestyle balance.
However, she didn’t want to walk away from a long career without transferring her skillset meaningfully. “I wanted to utilise the skills I’d developed during my medical and research career,” Archie says.
“During my research years, I was introduced to big data and became interested in machine learning and the potential of Artificial Intelligence (AI) in health technologies. I started looking into study courses and happened to come across courses being offered for cybersecurity.”
With progressive technology continually being utilised in the healthcare sector, it’s no surprise that Archie found herself interacting with machine learning research.
“It fascinated me and immediately struck me as an important industry which is essential in many aspects of our daily lives, much like healthcare. I decided to attend a 3 month Cyber Intrusion Analyst bootcamp and during this course was introduced to the discipline of Penetration testing which just appealed to me instantly as a potential career path within cybersecurity.”
From there, Archie felt a natural affinity for cybersecurity, and ventured to enhance her skillset to transition into a new and promising sector.
What kind of tools/tutorials did you use to teach yourself how to pentest?
Of course, there was still lots to learn about the practicalities of pentesting. Fortunately, it isn’t necessary to do a university degree to learn how to pentest, and Archie committed to teaching herself using online resources. “Like many ethical hackers, I used gamified platforms such as ‘Try Hack Me’ and ‘Hack The Box’ and other learning web platforms such as ‘Pentester’s Lab’, PortSwigger’s ‘Web Security Academy’ and ‘INE Academy’ alongside many other resources which are open-sourced and freely available on the internet (e.g. YouTube, Podcasts)”.
Would you say pentesting and your former role as a doctor hold any similarities? If so, could you describe these a little bit?
“Yes, definitely.” Archie says. “Both doctors and penetration testers assess risks to diagnose potential issues, doctors for health and pentesters for system security, aiming to prevent harm through proactive measures. They conduct thorough examinations, identify vulnerabilities, and recommend tailored solutions to mitigate risks.”
“Just as a doctor uses tools like stethoscopes or MRIs, a pentester employs security tools like scanners and exploit frameworks. Both roles require staying updated on emerging threats, whether new diseases or cyberattack methods. Ultimately, their goal is to safeguard the well-being of a person or an organisation's digital assets. Both also have to be really good communicators which is one of the key ingredients to success in both careers.”
Why OnSecurity?
Transferring from an organisation as immense as the NHS to a start-up with no more than fifty employees (even less, when Archie joined) is a drastic change for anybody. Archie expresses that she was actually enthused by the idea of leaving behind a large organisation for a more intimate working environment. “I liked the idea of working for an established start-up with a proven track record. It was exciting to be part of their rapid growth phase.”
She expands to detail how the platform itself stood out as a major point of interest. “I could see the immediate benefits of the online OnSecurity platform that is used by both the clients and the testing team to make reporting an efficient process.”
“As a relative junior joining the company, I knew I would be supported by an excellent team of pentesters already employed who would help me learn and develop as a pentester.”
Finally, what is one thing you’d say to others looking to get into pentesting as a career?
Archie’s career trajectory is a testament to the fact that anybody can self teach, regardless of their professional history. She notes that resilience and hard work are key to success, and the ability to recycle skills from former roles can also prove hugely beneficial, regardless of the sector you previously worked in.
Archie closes our interview with some concise, but incredibly powerful, advice: “Be prepared to work hard, as it is a technical field so there is much to learn. If you have the passion to learn, and an analytical and inquisitive mind, I believe anybody can become a pentester, regardless of their background.”
Read more about Onsecurity’s remarkable journey…
From a bootstrapped startup to a thriving pentesting business, OnSecurity has continually undergone rapid and exciting growth. We couldn’t have progressed without the support of our brilliant team, and our Employee Spotlight series brings light to those working hard to further our success. You can read more of our employee spotlights on our blog page.
