Confessions of a Cyber Security Graduate
With my graduation finished, the realisation that my student life was coming to an end started to sink in. It was now time to finally find myself a job in the Cyber Security industry and make the transition from student to professional. No more staying up to 3am every night, sleeping in till midday or living the easy life of a student.
So to start off, I took the advice of my parents and career advisors - trawl through the various job sites on the internet and apply for the positions listed there. The unfortunate truth of this approach is that most positions advertised were for mid-highly experienced people with a minimum of 5 years in the security industry. Without letting this knock my confidence, I decided to apply for the positions anyway and stated that I would also want to be considered for any graduate roles at the company. After a few weeks of this, I received practically zero responses, not even an automated reply stating they had received/considered my CV. A lot of my friends also experienced this lack of response that I was getting, so I decided to change my tactics. If I didn't have any experience in the industry then I would showcase my experience to them in the form of a blog.
Over the next couple of weeks, I setup a WordPress blog and started to add content to it. Some examples of my content were:
- Capture the Flag (CTF) write ups
- Analysing my log files to identify some real world attacks that were taking place against my server
- My thoughts on recent hacks/vulnerabilities/exploits
Along with my WordPress blog, I setup a twitter account related to it. On this twitter account I found a vast amount of companies in the Cyber Security industry that I followed and emailed about any graduate positions they had. After updating my CV on the job sites to include my blog, I started to get noticed by various recruiters. I eventually started to get phone call interviews off various Cyber Security companies for graduate roles. Some common questions I received were:
- What services run on specific ports (usually the database ones: 1433, 3306)
- Why I'm interested in computer security
- Thoughts on were the security industry is heading
A note I would like to make is that as Cyber Security is a relatively new field, most companies are positioned in main cities. So all the interviews I had were for positions in London/Edinburgh. This has started to change, now that Cyber Security companies in the UK have established themselves to the level where they can expand to create offices in Manchester etc. Luckily for me however, I wanted to come to London so this was not a problem.
After various interviews, I finally got offered a job as a junior security consultant. I was given ample time to relocate and find a place to live in London. My end goal as a junior security consultant is to pass the CREST registered tester exam. Once I obtain my CRT, I will be allowed to perform penetration tests on clients all by myself. So far, I love the job. It's a nice transition from the student life to professional life. The office has a laid back atmosphere, me and the fellow workers are always having fun and laughing with each other but we still get our work done on time and in a professional manner. Which has given me a new meaning to the saying 'work hard, play hard'. Some daily activities I perform are:
- Research into various security related fields
- Pick the brains of the fellow security consultants
- Shadow the senior security consultants to learn from their experience and expertise
A final note for anyone wanting to get into the Cyber Security field - accept that the field is very broad and is a continually expanding with new threats, techniques and counter measures appearing every day. Don't let this discourage you though, as this is what makes the Cyber Security field so interesting. You will be constantly learning something new which stops the job from getting dull. Let your brain act like a sponge and absorb all the knowledge it can and have fun whilst doing it!