Tom Philippe: From Cybersecurity Consultant to Country Manager

by Wen Sin Lim
Tom Philippe holds the title of Country Manager, UK at Responsible Cyber. He is responsible for spearheading various engagements with customers, ranging from offensive (pentest, phishing simulations...) to defensive (forensics, SoC building, etc.). He also leads the development of IMMUNE's OSINT capabilities and functionalities, provides training to clients and students, and contributes to Responsible Cyber's publication.

1. What motivated you to pursue a career in this field?

"I like hacking things, I'd just rather not go to jail" is a joke I often tell people as an answer to why I work in cybersecurity. Responsible Cyber provides plenty of opportunities to work on different aspects of this ever-evolving field, from the very technically-oriented offensive security stuff such as penetration tests or phishing simulations, to the more high level notions about risk quantification, etc.

2. How did you get started in this industry?

When I was in high school, I developed a keen interest in IT, computers and cybersecurity, so much so I even started programming on my calculator. When I moved to Singapore to finish my studies, I met Magda who offered me a part-time role as a Developer on IMMUNE and cybersecurity consultant for our customers at Responsible Cyber while I attended University.

3. In your opinion, how does your role contribute to the success of Responsible Cyber as a whole?

Before you can "hack" something, or evaluate whether it is working correctly, you need to know how it works in and out, so you are able to pinpoint what makes it insecure.

Over the years as an offensive cybersecurity consultant, I’d like to think I have acquired quite some degree of working knowledge about some relatively niche topics in security and cloud and this has been critical to the success of our various engagements with customers.

4. What do you find most rewarding about working at Responsible Cyber?

There’s definitely the personal satisfaction I get from seeing what I worked on being deployed and actually used by customers. Today, I can go onto the platform and say "Hey, I coded that functionality!" How many people can say that?

Then there’s also “reward” in the knowledge that we are fighting the good fight, which is a rarity in today’s world. We’re not simply a company for profit; We are building something that truly helps our customers be more secure.

Whenever I read about the devastating impact that cyber attacks have on formal institutions like schools and hospitals, I’m reminded of the significance of our work. It reinforces my belief in the importance of our efforts in the cybersecurity domain, and motivates me to continue contributing to the field.

5. What have been some of the biggest challenges you have faced while working at RCPL, and how did you overcome them?

Getting to know things. When I started, I only knew the very basics of cloud: setting up a virtual machine on AWS with a few firewall rules. Figuring out the technology while having to deliver professional grade results was surely the toughest challenge I’ve faced. I believe I overcame them the best way there is: I got my hands dirty, tried things out and made mistakes (and still do).

6. How does RCPL support the professional development and growth of its employees?

The culture at RCPL is extremely supportive in that we are always encouraged to pick up new skills and obtain certifications in relevant fields.  Thus far, the company has supported me in my pursuit of all three of my certifications: OSEP, OSCP & SSCP.

7. What do you think sets RCPL apart from other companies in the industry?

We do good work. We aspire to make the digital world a better and safer place, and our pursuits extend far beyond the pursuit of profit. In fact, we support the vast majority of Women on Cyber’s initiatives to empower and equip women in cybersecurity to achieve their full potential.

8. Can you share a project or accomplishment that you are particularly proud of while working at Responsible Cyber?

Previously, we used to be heavily reliant on third-party products to perform phishing simulations for our customers. However, as an offensive security specialist, I always found these products lacking: yes, they allowed us to send simulated phishing emails and get statistics about how many people clicked or opened them, but they were lacking for the following reasons:

• Email templates were limited, and they looked bad – any slightly motivated threat actor could come up with better looking and/or more convincing phishing emails

• Additional features such as setting up fake login pages or using fake malicious attachments were not always supported and they usually cost an arm and a leg

Therefore, I decided to set up and develop our own phishing infrastructure. This reduced our overhead cost exponentially whilst increasing the quality of the service delivered to our clients.

9. What is it like working at Responsible Cyber?

Without sugarcoating things, work can be demanding – regular progress is expected. However, everyone on the team is also very supportive and we’re all more than happy to help and answer any questions or resolve any doubts on anything at any time.

10. What are some of the activities or hobbies that you enjoy outside of work?

I've been reading a lot recently (or so I’d like to say but I just picked up my first book in 3 years). Things I actually do enjoy are stuff like going to the movies, playing escape games, Netflix, and… doing nothing honestly.

Who should we interview next? Let us know!