This is the first community spotlight, which is a series of articles highlighting people that take part in the local Danish non-profit Infosec communities/organisations in Denmark.
Tell us a little about yourself, work, background and why you got interested in information security
My name is Christian Henriksen, and I graduated from Aalborg University with a BSc. In Information Technology in 2020. After 3 years behind books, I decided to serve my conscript within the Danish military. I was so lucky to get accepted to the Danish Cyber Conscript, which I finished in 2021. As the serving was 10 months, I knew that I had to find a job afterwards or stay within the military. I therefor applied for a job in Region Midt, which I got, and since then I have been working on, how we can better secure the Danish hospitals. I actually just signed a new contract with Trifork.Security, where I will be working as Cyber Security Consultant. During my bachelor’s degree, I studied a semester abroad, in San Jose California, at San Jose State University. At the university, I had a lecture on business systems and policy, where my professor worked with IT security at the municipality in the local area. He told me how this organization’s approach was in regard to this topic, and it created seriousness and interest in me. Likewise, I attended a lecture and workshop on IT security, where, among other things, speakers from the NSA, Lockheed Martin etc. participated in the National Cyber Security Day.
Could you explain are bit more about being a cyber conscript and what the requirements are?
Cyber conscription is a political initiative that will hatch approx. 30+ new digital security talents a year - some of the purpose is to be ambassadors for good IT security in the Danish kingdom. The conscription period is a total of 10 months, divided into two sections:
- 4 months basic military service, in one of the three armies (Army, Air Force or Navy)
- 6 months of cyber training at the Leadership Support Regiment in Fredericia. The training also includes a two-week internship and ends with a one-week incident response exercise.
There are different requirements to be able to be admitted to this education, you must i.e. be able to get security clearance of TOP SECRET and pass a test that maps your IT skills. However, it must be said that one does not need to have high technical skills, but simply a curiosity to learn, and a basic understanding of the components a computer and a network consist of.
After completing this intensive training, one can either choose to continue in a military position in the Armed Forces or take the civilian leap.
Today, there are several former cyber conscripts who, for example, work as incident responders, cyber analysts, and penetration testers in companies such as the Danish Health and Medicines Authority, Region Midt and F-secure. Some also have chosen to continue in the Armed Forces at, among others, the Leadership Support Regiment, the Intelligence Regiment and Group IT.
You can find out more about being a cyber conscript here:
That sounds interesting I hear that you started an alumni program for the cyber conscripts?
After we (the board) had completed our military service ourselves, we felt a lack of a central point in which one could cultivate the unique community of cyber conscription and build on the qualities that one had acquired over the last 10 months. The FDCA was therefore set up both to cultivate camaraderie, but also because it saw potential in creating a central focal point, where, among other things, competence and career development are offered.
At present, the board consists of 6 enthusiasts who run the association in collaboration with a wide range of the association’s members.
Okay so what are you doing in FDCA?
The association was established in September 2021 and has since held 2 physical events - one was a Capture the flag day, which was held at Aalborg University in Copenhagen. The second was a Purple-teaming event, focusing on threat hunting in collaboration with David Clayton (Combitech) and Nichlas Falk (Improsec), at Combitech’s facilities in Aarhus. For this event, the APT group “WizardSpider” was analyzed and their TTP’s was simulated in a closed environment. This helped to provide inspiration on how to approach your threat-hunting - so the members got to expand their “hands-on” experience. The association has also held an online CTF event, participated in OWASP lectures and had various social gatherings. Although the social aspect is highly valued at all events, the association’s members always go home with knowledge or experience that can be used directly in their work or education.
What is the future for the association?
Our goals show that the association has some pretty serious ambitions, and those are the ones that we are going out to hunt now. Of course, it can be difficult to define and measure how and when we make the entire Commonwealth safer. We are convinced that if we continue to recruit a lot of alumni and can offer them qualified “state of the art” skills and career development, then we will definitely succeed. Specifically, we are now spending a lot of energy on stacking up some lasting collaborations with various companies. We believe that external partners are essential to accelerate our path towards our overall visions, but also that we have a lot of expertise that we can share. In addition, we have a lot of exciting events in the pipeline, which we are very much looking forward to being able to talk more about.
If you should give any advice to yourself when starting your infosec journey as what would it be?
I would stay curious to why your organization is doing what it’s doing. You have “fresh eyes” on the subject, so you should definitely ask questions. Never stop learning! This is so important, as the cybersecurity field is evolving every day. So, I recommend to keep “grinding” for certifications that makes sense, and you find interesting. But this might be my best advice, and that is to join a community like VSec by either joining the VSec Community Discord, or attending the CitySec events etc. You get to meet and discuss with some really cool and competent people that you can learn a lot from!
How did you find VSec and how long have you been a part of the VSec community and what are your thoughts about the infosec community in Denmark in general?
I think I got referred to the VSec community by one of my mentors, David Clayton. I have been part of the community for almost a year, and I enjoy being part of this community.
What handle/alias can we find you behind on the VSec Discord server and how is it possible connect with you?
Thank you for talking about the Cyber Conscripts, FDCA, yourself and in general sharing your thoughts with the community! If you should point to someone in the community that the next community spotlight should be about, who should it then be?
It would be awesome to interview @ahoffskov, as he is always involved with some cool stuff, and happily enters a discussion on the VSec Discord Server.