Playing it safe: As an IT security consultant, Ulf Leichsenring develops and tests the security of networks and software systems in order to ward off potential attackers. His work life never gets boring, because the IT world is in a state of constant development and he works for customers from all industries.
Mr. Leichsenring, you are an IT security specialist who focuses on information security – what’s day-to-day working life like?
My day-to-day work consists of typical project business. In the field of IT security, there are two types of project: Firstly, there are projects where it’s about conceptional security design, for example, if an IoT device is being built or if something needs to be migrated to the cloud. I make sure that a project’s IT security is sufficiently taken into account from the very beginning.
The second type of project is more about “breaking stuff.” The customer has a website, an IT product or an IT solution, and it’s my task to view the entire thing from the perspective of an attacker. I have to try to destroy the website or the IT solution in a controlled manner. One typical example is a penetration test (editor’s note: an extensive security test that tests system components and the applications of a network or software system using the means and methods that an attacker or hacker would use). So, on the one hand, it’s about creating and designing something in a project. But part of my job is also identifying errors.
Have you specialized in any particular industry in your job?
I work for customers from all industries: banks, medical device manufacturers, publishing houses, logistics companies, and companies from the automotive and aviation industries, to name just a few. That’s because it’s not usually important for me to have specialist industry expertise to do my work. Even though you have to recognize and scrutinize the processes, when it comes to technical security, the basic issues are usually the same.
“For me, my work is a mixture of a hobby and a job.”Ulf Leichsenring, IT security specialist
What do you like most about your work?
It’s a job that has to be your passion and lifeblood – personal interest is particularly important here. I’m continuously training and reading about things that I encounter in everyday working life. I think that it’s a highly exciting and dynamic subject area. In the last 20 years, there have been continuous changes and innovations in the field of IT security. For me, my work is a mixture of a hobby and a job.
How did you get into your profession?
When I was 15, I was already interested in home computers, which were an up-and-coming topic back then. Once I finished school, I had the opportunity to study business informatics, and I seized the chance. My studies lasted until 1991, after which I worked in software development for four years. In the mid-1990s, as the internet was beginning its slow ascent, I found a new field of activity that fascinated me. Alongside the communication and information possibilities that it afforded, I noticed that it had a whole lot of potential for damage, especially if somebody had enough creative energy and criminal motivation to hurt others or get rich.
What qualities does somebody need to have to work as an IT security specialist?
An IT consultant in the area of security has to be able to completely focus on one thing in order to fully think through the technical details. But not everybody who is good at IT security is well suited to consulting. You have to have good communication skills in order to explain the problems and possible solutions to customers in an understandable way.
Analytical abilities are also extremely important. They are necessary in order to find out how exactly a complex construct – be it software, a system or a process – works and whether an attacker could get access to information that they shouldn’t actually have access to. It helps to look at problems playfully and to leave the fixed paths or to try to use things in a way that they were not originally intended for. So, sometimes, for example, that means pushing two buttons at once to see what will happen next. For this reason, IT security consultants require, firstly, creativity when it comes to technology, but they also have to be able to look at the technology critically and question things.
Moreover, it’s important to realize that there is no such thing as 100% security or the perfect solution. People make mistakes and, if they are designing systems, it means that those systems will have mistakes, too – even if the product is of very high quality. That’s why having a certain amount of humility in light of the complexity of technical systems is part of it as well.
How often do you work directly for the customer?
In IT security projects, you usually work on your own as a consultant. I usually have several projects on the go, so I might be with a customer on Monday and Tuesday and then spend the rest of the week working on a different project.
I usually spend three to four days per week traveling through Germany and with customers on site. The rest of the time I spend working at our Norderstedt location or, occasionally, by myself at home.
What characterizes Lufthansa Industry Solutions as an employer?
There is a very close sense of cohesion among colleagues. Our corporate culture is shaped by fairness, honesty and authenticity, and by joint quality standards. The main focus here isn’t just the maximization of profits. It’s always about finding the best solution for the customer.
Moreover, Lufthansa Industry Solutions puts a lot of emphasis on promoting communication between employees. Even though, as I already mentioned, we are often working on different projects, there are regular opportunities to exchange information with each other, whether in the form of weekly phone calls or company meetings. This means that we can discuss ideas with each other at a specialist level and exchange information about new developments. This is extremely important, especially for people who work in IT security.
About Ulf Leichsenring
Ulf Leichsenring has been working at Lufthansa Industry Solutions’ Norderstedt location as an IT consultant specializing in information security since 1997. After studying business informatics, he began by working in software development, before becoming an IT security consultant.