Conor Hogan | Commercial Director & Go-to-Market Architect, BSI
Tell us about your journey into the industry
My route into the cybersecurity and privacy field wasn’t a straight line—it was a gradual, deliberate shift into a world that fascinated me. I originally studied Engineering before moving into Commerce, before pivoting into technology audit and risk management. I hold several professional certifications, including CIPP/E, CIPM, CISA, and CISM, all of which helped ground my expertise across both governance and technical domains. I’ve always been curious about how systems work, and how they break, so roles in privacy, data protection, and cybersecurity felt like a natural fit.
I’ve worked across consultancy, financial services, and standards bodies, building programmes and teams focused on digital trust. What drew me in was the idea that cybersecurity isn’t just about stopping bad actors; it’s about enabling society to function safely, and individuals to thrive with their rights protected. That felt like work worth doing.
My biggest role model is my late father. He taught me the value of integrity, service, and doing the hard things even when no one is watching.
Tell us about your current role.
I currently serve as Commercial Director & Go-to-Market Architect within BSI’s Digital Trust Consulting practice. We’re part of the British Standards Institution, best known for shaping trusted frameworks and certifying organisations against key benchmarks. My job is to lead strategic growth, develop innovative service lines across cyber, privacy, and digital risk, and ensure we’re solving real-world problems for clients, from breach readiness and AI to data protection, privacy, and beyond.
Our impact reaches every part of society, whether that’s helping healthcare providers secure patient data, supporting critical national infrastructure, or guiding organisations through complex regulatory challenges. My role blends commercial insights with technical strategy, and I work closely with clients, subject matter experts, government partners, and global stakeholders.
Salaries vary, but entry-level roles in cyber consulting tend to start between £30,000–£40,000 in the UK, with senior roles ranging from £90,000 upwards depending on sector and responsibility.
What does a typical day look like?
No two days are the same, but most involve a mix of virtual meetings, collaborative problem-solving, and strategic planning. I might spend the morning reviewing service performance and pipeline forecasts, then switch gears into working sessions on new client solutions or presenting at webinars. I usually work from home, though I travel to client sites, and to key industry events and internal management and planning sessions.
While I do spend a fair amount of time in front of a screen, the most rewarding moments often come from face-to-face interaction, whether with clients, colleagues, or peers in the wider cybersecurity community. My working hours are generally 8am to 6pm, with flexibility when needed.
What are your career goals/plans for the future?
I’ve always been driven by impact rather than titles. In the years ahead, I want to help shape how Europe and the UK approaches digital trust. That could mean playing a more public role in shaping policy or helping lead transformative initiatives that make cybersecurity more accessible, inclusive, and human-centred. But ultimately, I want to continue doing work that matters, with people who care.
What is the best thing about working in the cyber security industry?
You’re at the frontlines of change. Every week brings a new challenge, a new threat, or a new innovation. It’s fast-paced, meaningful work where you get to protect people’s rights, support businesses, and shape the future of society. Plus, the community is incredibly collaborative and purpose-driven.
What advice would you give to others thinking about pursuing a career in cyber security?
Don’t be intimidated by the jargon or tech-heavy image. Cybersecurity needs all kinds of people, problem-solvers, communicators, strategists, and ethicists. Start where you are, stay curious, and don’t be afraid to reach out to people already in the field. Most of us got here through winding paths, and we’re usually happy to help others find theirs.
What would you say are the 3 most important skills you use in your role, and why?
Strategic thinking – because navigating risk in today’s world requires you to see both the bigger picture and the fine details.
Empathy – whether dealing with clients under pressure or advising boards, understanding human needs is critical.
Communication – translating complex topics into clear, actionable messages is half the battle in this industry.
What do you think we could do to encourage more people into a career in cyber security?
We need to change the narrative. Too many people still see cybersecurity as a purely technical field, reserved for coders, hackers, or IT professionals. In reality, it’s a broad, diverse profession that also needs communicators, analysts, designers, policy thinkers, and educators. We should be showcasing these career paths more clearly in schools, colleges, and at career events, especially through relatable role models and real-world stories.
We also need to make it easier for people to retrain into the field. Many professionals in law, compliance, risk, or other tech-adjacent roles already have 70% of what’s needed, they just don’t realise it. Short, accessible learning pathways, industry-recognised certifications, and strong mentorship networks can open doors and build confidence.
And finally, we should invest more in storytelling. When people truly understand why cybersecurity matters (e.g. protecting lives, rights, infrastructure, and society) they’re far more likely to see a place for themselves in it.
How can the cyber security sector offer better support to retain and progress those currently in the industry?
Retention starts with recognition. Cybersecurity professionals operate in a high-pressure, fast-moving environment. We need to ensure people feel valued, supported, and not left behind. That includes better mental health support, flexible working policies, and clear, visible progression routes, both technical and non-technical.
We also need to normalise nonlinear or squiggly career development. Not everyone wants to become a people manager; some want to specialise, consult, or move between domains. We should celebrate those paths equally.
Finally, the sector needs to double down on mentorship and community. People stay when they feel connected to their purpose, their team, and their growth. A strong support network can make the difference between someone burning out and someone thriving.