The Doors You Stopped Counting

In cyber security, the people who notice the most aren't always the ones with the longest CVs. Sometimes they're the ones who've spent their lives looking at the world a little differently to everyone else.

The fish tank. The printer. The pair of glasses on the desk opposite. Most of us walk past these things every day without a second thought. A small number of people don't.

In the fifth episode of the Arcane Link podcast, host Ruben Clarke sat down with Amanda Crossley, Lead for Cyber and Information in the defence industry and a volunteer with TechVets. Amanda's career didn't follow a straight line, and that turns out to be the whole point. This conversation is about the doors most people forget to count, the satellites quietly governing more of your life than you realise, and what it takes to build a cyber career when nobody draws you the map.

The full conversation is available on YouTube and all major podcast streaming platforms:

• Spotify

• Apple Podcasts

• Amazon Music

From the Royal Navy to a Cyber Lead Role

Amanda's route into security took the long way round. She left school without much in the way of qualifications, drifted through a few jobs, and signed up to the Royal Navy at 22 because she was tired of standing still. The Army had an 18 month waiting list. The RAF wanted a degree. The Navy could get her in eight weeks. That was the deciding factor.

Four and a half years later she left the service when she had children, and walked straight into something every veteran recognises.

I lost my identity massively. I lost that family connection that you have with the military.

She raised her children, ran a concierge business that COVID eventually broke, and somewhere in the middle of all that started an Open University degree in cyber security. What began as something to keep her brain active became the career.

She found her foothold in the industry through TechVets, joined a defence company as an information security analyst, moved through security architecture, fell hard for operational technology, and is now leading on cyber and information for a brand new system being built from the ground up. Not a straight line, and Amanda is the first to point out that linear cyber careers tend to be the exception rather than the rule.

The Fish Tank That Started Everything

The thing that pulled Amanda into security wasn't a course. It was a story.

A casino had been hacked. The entry point wasn't the firewall or a phishing email. It was the smart thermometer in the lobby fish tank.

How clever is it that someone's found a way in through a fish tank?

She walked around her own house and started counting. The smart speaker. The robot vacuum. The LED strip lights. The Bluetooth bulbs. The printer.

Each one is a small door. Some are well secured. Some are not. The point is that almost nobody stops to count them.

Forget the Hacker From the Films

A large proportion of people who arrive in the TechVets community open with the same line. "I want to be a pen tester."

Then comes the reality check.

They don't really tell you that 70% of the time you're doing reports rather than the actual hack in itself.

Amanda herself thought she wanted to be a security architect, joined an architecture team, and quickly discovered her brain naturally worked in risk rather than design. Her advice for anyone starting out is direct:

• Keep the goal in sight, but expect the path to bend.

• Try as many corners of the industry as you can before you commit to a ladder. Once you start climbing, switching gets harder.

• Use the free stuff. TryHackMe. A Raspberry Pi project. YouTube series from people like Mike Holmes for OT and Professor Messer for CompTIA.

Cyber isn't a single career. It's a planet. You don't know what you like until you try it.

Every Device is a Doorway

Most people don't think of their printer as a security risk. Amanda does.

A printer has to hold data, even briefly, while it processes a page. It's networked. It's often out of warranty. It's almost certainly out of support. And it's still talking to everything else on the network.

The same logic applies to the rest of your smart home, especially the cheap stuff. Amanda mentioned a friend in the industry who bought a set of Bluetooth LED strip lights from Amazon and discovered malware embedded in the firmware. No warning. No flag. Just there.

You've just got to be mindful of what you're bringing into your house.

And the attacker isn't in a hurry. State sponsored actors sit in systems for months. They don't need to grab everything in one go. They take a name today, a habit tomorrow, a credential next week. They build a picture of you. And then they use that picture.

The Smart Glasses Nobody Wrote a Policy For

Halfway through the conversation, Amanda mentioned something that hadn't fully landed for her until that week.

She'd been looking online for new frames and realised modern smart glasses now look exactly like ordinary ones. No obvious camera. No tell. Then came the thought every security professional eventually has.

What happens if someone walks into a secure environment wearing a pair?

We don't get the heads up. The tech just gets put out there and we scramble.

That sentence is the modern security professional's job in one line. New technology arrives. Policy hasn't caught up. Regulators are years behind. And someone, somewhere, has to write the rule that didn't exist last week.

Looking Up: The Satellites You Forgot You Depend On

Somewhere over Low Earth Orbit the conversation took a turn.

There are now tens of thousands of satellites above us, with thousands more launching every year. There's a satellite graveyard above the outer orbit. There's an ocean graveyard for the ones that fall back. And there are defunct satellites still floating with just enough fuel to be nudged.

Which raises an uncomfortable question. If they can still be nudged, can they still be hacked?

The Outer Space Treaty, the closest thing the world has to international rules up there, was signed in the 1960s. Many of the people who signed it are gone. The countries who signed it don't all agree with it anymore. Meanwhile, GPS spoofing is already a documented tool of modern conflict, with Russian vessels spoofing their location during operations in the Black Sea and aircrews routinely losing comms in certain corridors.

The scenario worth planning for isn't the dramatic one. It's the quiet one. A financial satellite goes dark. A GPS signal distorts. An autonomous vehicle ends up somewhere it shouldn't be. And you find out the hard way that your business continuity plan was written for a different century.

The Veterans' Quiet Superpower

Amanda is honest about why veterans struggle when they leave the military.

The gate slams behind you. The mission is gone. The pack is gone. Most veterans describe some version of the same drop, and the support on the way out is often more of a CV review than a transition plan.

But the thing veterans undersell, every single time, is work ethic. The willingness to be the person in the room who does the job properly, even when nobody is watching. In a civilian environment where shared purpose isn't always the default, that's a genuine edge.

In the military, you are just told to get on with it. And you do get on with it because you are all trying to hit the same target.

That mindset doesn't switch off when the uniform comes off. And it's exactly why TechVets matters. The bridge between leaving service and finding a foothold in tech is wider than it should be, and Amanda spent time helping others across it before she ever crossed it herself.

Enablers, Not Blockers

One of the moments in the conversation worth saving was Amanda's reframe of the security professional's job.

She told a story about an engineer who wanted to replace a 20 year old machine with a brand new one and just plug it in. Like for like, in his mind. Amanda had to walk him through, in detail, why that wasn't safe. It took time. But by the end of it, that engineer was running every future project with a security mindset of his own.

We don't want to be blockers. We're enablers. And a big part of enabling is educating.

Security teams get hated when they say no. They get respected when they teach people how to ask the right question in the first place.

Key Takeaways from This Conversation

• Count the Doors: Every smart device on your network is an entry point. The fish tank, the printer, the LED strip lights. Inventory matters more than most people realise.

• Forget the Hollywood Job Title: Cyber is enormous. Try corners of it before you commit to a ladder, because changing direction gets harder the higher you climb.

• Policy Lags Technology, Always: Smart glasses, AI tools, anything new arriving in your environment is probably arriving without a rule. Write it before the incident, not after.

• Look Up Occasionally: Satellites, GPS, autonomous systems and critical infrastructure are increasingly interdependent. The quiet outage is the one worth planning for.

• Veterans Are an Asset, Not a Niche: Work ethic, calm under pressure, and the ability to operate inside a mission are still rare in civilian environments. Hire accordingly.

• Be the Enabler: Saying no protects nothing if it doesn't change behaviour. Teach people to ask the right questions and they'll do the work for you.

Why We Are Doing This?

Arcane Link exists to lift the lid on the human side of security, to have the conversations that normally stay off camera, and to remind people that you are allowed to be pragmatic, curious, and occasionally unsure.

We are not here to scare anyone.

We are here to help businesses understand the why, so the how becomes manageable.

If Episode 005 resonates and you are looking for a consultancy that prefers light touch systems over paperwork marathons, you already know where to find us.

If you are a service leaver, veteran, or military family member trying to find your way into tech, TechVets is the community Amanda credits with helping her find hers. They are well worth a conversation.