Now in his mid-20s, former barista from Adelaide, Kristopher Bergamaschi, spent years testing the waters of various qualifications and industries before securing a job he loves.

“I studied civil and structural engineering, then physical therapy but didn’t enjoy any of it much,” Bergamaschi said.

“I’ve been mucking about with computers tinkering kind of figuring them out how they work ever since I was eight years old.”

Bergamaschi stumbled into the path of information security – one of the most in-demand and well-paid parts of the IT sector – where he found an immediate interest.

“When I first started off, my cousin showed me the ropes with how things work, why they work, and how to break them,” he said.

“It was stuff that the more I looked into, the more I enjoyed it.

“I had some really good people in my life who noticed that I enjoyed this work and said ‘well why don’t you pursue this as a career’ and I progressed from there.

“In my spare time I did the Offensive Security Certified Professional (OSCP) certification and I was lucky enough to get a job from there.”

OSCP is a course teaching the fundamentals of Kali Linux – an operating system with hundreds of pre-installed penetration testing programs like John the Ripper, Wireshark, and Metasploit.

Graduates have to prove their mettle in a grueling 24-hour exam where they hack into a live network.

Bergamaschi said his self-determination to complete the OSCP came from a passion which he had never felt about other pursuits and career paths.

“It was about really enjoying infosec and wanting to keep up to date and hone my skills,” he said.

“Now that I’m working, it’s fantastic and I really enjoy getting exposed to a bunch of different, interesting, and cool things.”

Bergamaschi (pictured above) now works for the cyber security firm CQR.

He takes his passion for hacking and helps shore up the information protection procedures of organisations in the best way he knows how – by breaking in.

“The majority of my job is penetration testing,” he said.

“It’s almost like a game. People have implemented these systems to try and stop you and you have to figure out a way they might not have thought of to try and get in.

“Physical tests are some of the most enjoyable ones. You’re given a scenario to try out like ‘okay try and get into this building and go unnoticed and test user awareness’ -- they’re always very enjoyable.

“I use social engineering techniques or do simple things like tailgating someone into the building. Then it’s about seeing if any other users in that building notice that I’m not meant to be there.

“There’s also internal penetration testing on network environment where the aim is to be as sneaky as possible, trying to make sure that the detection systems they’ve deployed can’t find you.”

Ethical hacking is all part of the push-and-pull necessary for maintaining effective and dynamic cyber security systems.

Businesses continue to discover the costs of cybercrime and are learning that there is no one-size-fits-all solution to the complexities of information security.

More organisations are working with consultants like Bergamaschi, hiring in-house security specialists, or up-skilling staff in existing roles.

Bergamaschi said there are many ways to feed your natural curiosity about the ins and outs of cyber security.

“There are a lot of really good resources that are perfectly legal,” he said.

Hack the Box is a great place to start, but you can also test your own networks. At home I’ve developed my own lab environment where I can test and trial new things to figure out what works and what doesn’t.

“One of the tricks of this industry is to make sure you’re permanently on top of it. If you’re not already on the next thing, you’re behind.

"It is vital to stay up-to-date and on the bleeding edge.”

Do you have a great story about how you ended up in IT? We'd love to hear it! Email us at ia@acs.org.au.