From Help Desk to Cybersecurity Expert: A Journey into Offensive Security
In line with Echelon’s value of People with Personality, we are excited to continue our new initiative under our content umbrella designed to spotlight our incredible team members, called Cybersecurity Champions. Through these monthly features, we aim to shine a light on the amazing individuals who drive our success and embody the spirit of our company.
In this interview, Devin Jones, Principal Offensive Security Consultant at Echelon, offers valuable insights into his cybersecurity journey. He highlights the challenges and rewards of his dynamic role, the key lessons he's learned along the way, and the advice that has shaped his approach to both work and life.
Q: What brought you to Echelon, and what got you interested in cybersecurity?
DJ: At the time, I felt stuck in my previous role. After attending a few talks by Dahvid, a former Services Director, I became interested in Echelon. I saw him speak at several security conferences online, which brought Echelon to my attention. After following the company on LinkedIn, I saw a job posting and applied. Fortunately, I was able to get the role.
I've always had an interest in cybersecurity and computers. Initially, I pursued a path in computer science with the goal of becoming a software engineer. However, I realized it wasn’t the right fit for me, so I didn’t continue with college. Instead, I ended up landing a help desk role. During my time there, I connected with the cybersecurity team, and they guided me, helping me land my first job in cybersecurity. I've been in the field ever since.
Q: How would you describe your day-to-day role, and what part do you enjoy the most?
DJ: Most days, I work on client projects, which can include tasks like purple team exercises, red team engagements, or both external and internal penetration tests. I also occasionally conduct web application tests. My day-to-day work is very dynamic, which I really enjoy—it keeps things fun and interesting. On other days, I focus on building tooling, help develop team capabilities, and contributing to our team's documentation. No two days are the same, which is something I truly appreciate about my role.
I particularly enjoy the more challenging client projects, as those are the moments when I learn the most. They also allow me to be creative, experiment with new approaches, and continue growing in my field.
Q: What are the key lessons you’ve learned so far? Do you think your perspective has changed over the years as you’ve gained more experience?
DJ: One of the key lessons I've learned is the importance of humility, collaboration, and helping others. A lot of my success can be attributed to my ability to work well with others, and I’ve often learned new things myself while assisting colleagues. Being humble and approachable has also helped me throughout my career—no one wants to work with someone who isn't easy to collaborate with.
Another important lesson is the need for self-awareness. I've been in situations where I overestimated my skills or knowledge, and those experiences quickly humbled me. I've learned to be brutally honest with myself—acknowledging what I know and, just as importantly, what I don't. There’s always someone who knows more about a particular subject, and being honest about your capabilities will take you much further than pretending to know it all.
Q: What is the best career advice you’ve ever received?
DJ: The best career advice I’ve received boils down to two key principles. First, it’s about having the discipline to constantly strive for improvement—continuously learning and working hard. But equally important is the discipline to take time for yourself. Taking care of your physical and mental well-being is crucial, as everything else builds from there. Discipline, in my experience, will always outlast motivation, no matter the circumstances.
Secondly, I’ve often heard this advice, though not always word for word, “you may not always be the smartest person in the room, but you can always outwork others. Let your work speak for itself and always put in the effort.”
Q: Are there any specific resources, like books, blogs, websites, or communities, that have been particularly helpful in your cybersecurity journey?
DJ: While I can’t recommend many specific books, I read a wide variety of topics that interest me. One book I do recommend is Deep Work by Cal Newport, which focuses on the importance of deep, distraction-free work. It has helped me retain knowledge while balancing my personal life. Additionally, I’m a fan of Humble Bundle, which offers discounted book bundles with proceeds going to charity. These often include cybersecurity and IT-related books, providing a broad range of resources at an affordable price.
As for communities, I’m active in several online groups, particularly on Discord, where I participate in many cybersecurity-related servers. I also attend local B-Sides events and am a member of InfraGard, where I engage in conferences and meetups. Staying connected with former colleagues in the cybersecurity space also helps me continue learning.
Q: When you're not working, how do you like to spend your time? Do you have any hobbies or interests that you're passionate about?
DJ: Working in Offensive Security is almost like a hobby for me, so I often spend my free time doing research, building security tools, or exploring other areas related to the field. Outside of work, I have a broad range of interests. I’m passionate about learning, whether it’s related to home improvement, hardware, software, electronics, or even programming. I also enjoy spending quality time with my wife and family. In addition, I love spending time outdoors, fishing, and, of course, as a true computer nerd, I enjoy playing video games.
Q: What does being a cybersecurity champion mean to you?
DJ: To me, being a cybersecurity champion means protecting both individual and company privacy and security. It’s about combining technical expertise with people skills to mentor others and push the cybersecurity field forward, helping everyone become a little more secure in the process.