Cyber Security Graduate - Ask me (almost) anything

Watch
username5204820
Badges: 14
Rep:
?
#1
Report Thread starter 1 year ago
#1
A bit of background for those that have never seen me lurking over in tech. I'll be graduating my Cyber and Forensics undergraduate degree this summer with a guaranteed First. I've interviewed at a handful of organisations and have a competitive job lined up for when I finish. My primary interest is in offensive cyber (pentesting/red teaming) and research.

I'm happy to give advice and answer questions about breaking into the industry (as a career changer, as a school leaver, whatever) or any other general questions about cyber. I won't be answering questions that involve sharing personal information (what uni I'm at, where I'm going to work on graduation, my salary, etc.).
0
reply
oldaccdullserver
Badges: 8
Rep:
?
#2
Report 1 year ago
#2
(Original post by Acsel2.0)
A bit of background for those that have never seen me lurking over in tech. I'll be graduating my Cyber and Forensics undergraduate degree this summer with a guaranteed First. I've interviewed at a handful of organisations and have a competitive job lined up for when I finish. My primary interest is in offensive cyber (pentesting/red teaming) and research.

I'm happy to give advice and answer questions about breaking into the industry (as a career changer, as a school leaver, whatever) or any other general questions about cyber. I won't be answering questions that involve sharing personal information (what uni I'm at, where I'm going to work on graduation, my salary, etc.).
Hey man, do you mind if I ask you a few questions? I would definitely be considering following similar steps to you (taking an undergrad in cyber security) although I will definitely not be as successful as you

I've spoken to a few people who are currently at university looking to work in the Cyber Security profession, there has been a pretty mixed opinion as to whether it is better to take Computer Science at university then study cyber sec in your free time (so no doors are closed) or to just take Cyber Security (the more direct and obvious choice). Do you mind sharing your opinion, are you enjoying the degree or do you think it would be more beneficial to have taken Computer Science.

Thanks,
0
reply
username5204820
Badges: 14
Rep:
?
#3
Report Thread starter 1 year ago
#3
(Original post by RobbeD)
Hey man, do you mind if I ask you a few questions? I would definitely be considering following similar steps to you (taking an undergrad in cyber security) although I will definitely not be as successful as you

I've spoken to a few people who are currently at university looking to work in the Cyber Security profession, there has been a pretty mixed opinion as to whether it is better to take Computer Science at university then study cyber sec in your free time (so no doors are closed) or to just take Cyber Security (the more direct and obvious choice). Do you mind sharing your opinion, are you enjoying the degree or do you think it would be more beneficial to have taken Computer Science.

Thanks,
I don't think there's a right or wrong choice, but I do think it depends on how clear you are on your goals.

One benefit of CompSci is that you have a much broader choice of options. If you try to specialise in Cyber and hate it, you fall back on CompSci instead. However in my experience, my Cyber degree is so broad that I've got foundational knowledge for a lot of other stuff. I wanted to transition to software dev, or networking, or whatever I'd have to put time in making up the knowledge deficit but it doesn't really close any doors. A big part of Cyber is knowing a little bit about a lot of stuff, which in some ways makes it more flexible than regular CompSci. Personally I think if you're unsure, taking a gap year may be a good choice. I actually started uni 3 years "late", taking an additional 2 years at college because I didn't know what I wanted to do and then taking a gap year. I'd say rushing into the wrong decision is worse than taking your time thinking about it.

I'd say on the whole I've enjoyed my degree, largely in part to how diverse it is. I get bored easily, and knew that I didn't just want a degree where I'd be programming all day. In that regard, my degree is a good fit for me. That said I also wish I'd aimed at a more challenging uni, since there's a bunch of times where I've been disinterested purely because the material was too easy for me. Cyber as a field is quite demanding, and stagnating is one of the worst things you can do.

All things considered though, I don't think I made the wrong choice. I'm really glad I didn't take CompSci as it simply wouldn't have been interesting enough for me. Your mileage may vary though and it depends where your interests lie. CompSci, and CyberSec, courses are very different between unis so the sort of stuff you cover will vary a lot. I think it's important that you choose the course that looks most appealing, because you need to put yourself in a position where you want to do stuff in your own time. CyberSec really emphasises that, as roles in Cyber are very rarely 9-5.
0
reply
oldaccdullserver
Badges: 8
Rep:
?
#4
Report 1 year ago
#4
(Original post by Acsel2.0)
I don't think there's a right or wrong choice, but I do think it depends on how clear you are on your goals.

One benefit of CompSci is that you have a much broader choice of options. If you try to specialise in Cyber and hate it, you fall back on CompSci instead. However in my experience, my Cyber degree is so broad that I've got foundational knowledge for a lot of other stuff. I wanted to transition to software dev, or networking, or whatever I'd have to put time in making up the knowledge deficit but it doesn't really close any doors. A big part of Cyber is knowing a little bit about a lot of stuff, which in some ways makes it more flexible than regular CompSci. Personally I think if you're unsure, taking a gap year may be a good choice. I actually started uni 3 years "late", taking an additional 2 years at college because I didn't know what I wanted to do and then taking a gap year. I'd say rushing into the wrong decision is worse than taking your time thinking about it.

I'd say on the whole I've enjoyed my degree, largely in part to how diverse it is. I get bored easily, and knew that I didn't just want a degree where I'd be programming all day. In that regard, my degree is a good fit for me. That said I also wish I'd aimed at a more challenging uni, since there's a bunch of times where I've been disinterested purely because the material was too easy for me. Cyber as a field is quite demanding, and stagnating is one of the worst things you can do.

All things considered though, I don't think I made the wrong choice. I'm really glad I didn't take CompSci as it simply wouldn't have been interesting enough for me. Your mileage may vary though and it depends where your interests lie. CompSci, and CyberSec, courses are very different between unis so the sort of stuff you cover will vary a lot. I think it's important that you choose the course that looks most appealing, because you need to put yourself in a position where you want to do stuff in your own time. CyberSec really emphasises that, as roles in Cyber are very rarely 9-5.
Yeah it's interesting to hear that you think that the Cyber Sec degree is much more interesting. I think, like you, I would get bored of just programming all day, so it's good to know your opinions on it.

Obviously for security reasons I don't want to ask about your employment after graduation, but are there many opportunities for newly graduated students? I saw that your future job was highly competitive, so this might not be specific to you but in your opinion is it easy for a newly graduated student to find a decent job.

Thanks again for being so helpful
0
reply
username5204820
Badges: 14
Rep:
?
#5
Report Thread starter 1 year ago
#5
(Original post by RobbeD)
Yeah it's interesting to hear that you think that the Cyber Sec degree is much more interesting. I think, like you, I would get bored of just programming all day, so it's good to know your opinions on it.

Obviously for security reasons I don't want to ask about your employment after graduation, but are there many opportunities for newly graduated students? I saw that your future job was highly competitive, so this might not be specific to you but in your opinion is it easy for a newly graduated student to find a decent job.

Thanks again for being so helpful
On the whole yes, there's a huge demand right now in Cyber and that translates into a lot of jobs.

In terms of how easy it is, that depends a lot on you. As with most industries, if you're fairly average and competing for average jobs then there's a lot of competition. But as soon as you make yourself stand out there's way less competition. It's a little counterintuitive, but getting an average job is harder than getting a good job.

To give you an idea of what myself and some of my peers have been through though:
  • Myself and my flatmate did placement years. I ended up getting two simultaneous comeptitive offers and had to choose between them. My flatmate got turned down from a load of jobs based on the HR psychometric tests and stuff like that, went to his first assessment centre the other week and landed a job. I wouldn't say either of us have struggled.
  • The class used to be around 15 students, and I'm still in touch with 4 of them. One went on to do a Masters, 2 had jobs and 1 is still looking a year later. It's not a huge sample, but I'd say this is fairly representative of what you could expect.
I think the important thing, as always, is to make yourself as marketable as possible. If you start getting involved with projects, CTFs, do a placement, etc. then you'll have no trouble. If all you do is go to class, you won't be all that interesting to employers. This sort of goes back to what I mentioned before about wanting to do stuff in your own time.

Roles also vary wildly. I was choosing between a research job and a grad scheme going on to do pentesting. My flatmate has a SOC role. One of my old classmates is doing analytics. There's jobs which focus on networking, secure coding, crypto. If you're less interested in technical stuff there's auditing, data protection and similar. Transitioning towards Forensics is also quite straightforward. And you can choose between public and private sector work, with benefits and drawbacks to each. There's a huge variety of roles available and if you know what you are aiming for, then make yourself stand out then it's fairly easy. That said, decent job is of course subjective.
Last edited by username5204820; 1 year ago
0
reply
oldaccdullserver
Badges: 8
Rep:
?
#6
Report 1 year ago
#6
(Original post by Acsel2.0)
It's a little counterintuitive, but getting an average job is harder than getting a good job.
No that makes a lot of sense to me, I think that is the case in pretty much every competitive industry.

Can I assume all the placements/CTFs were organised off your own back, the university didn't provide anything right?

Also, it kind of ties in with what you said a bit later on about the private/public sector, can I ask for your opinion on that? I know it's quite a broad subject but do you think it would be better to go into public cyber security roles such as in the GCHQ when you are younger, then maybe go private when you're older and more experience to make a bit more money aha.
0
reply
AnonymousNoMore
Badges: 16
Rep:
?
#7
Report 1 year ago
#7
Why red team and not blue team? Or for best of both purple team? What about pen testing interested you?
0
reply
GreenCub
Badges: 20
Rep:
?
#8
Report 1 year ago
#8
What's the gender balance like in cyber security?
0
reply
username5204820
Badges: 14
Rep:
?
#9
Report Thread starter 1 year ago
#9
(Original post by RobbeD)
No that makes a lot of sense to me, I think that is the case in pretty much every competitive industry.

Can I assume all the placements/CTFs were organised off your own back, the university didn't provide anything right?

Also, it kind of ties in with what you said a bit later on about the private/public sector, can I ask for your opinion on that? I know it's quite a broad subject but do you think it would be better to go into public cyber security roles such as in the GCHQ when you are younger, then maybe go private when you're older and more experience to make a bit more money aha.
Yes and no. Obviously the uni won't outright get you a placement, but at least for me there was all sorts of support if you needed it. CV reviews, making you aware of jobs, that sort of stuff. I didn't personally utilise any of it, but my flatmate was struggling to find a placement and ended up getting one with a company our placement team was notifying people for. In terms of CTFs, it's a mixed bag. If you want to do them yourself you can go ahead. We've had stuff run through our societies as well, and if you want to run one but the uni isn't there's probably nothing stopping you setting it up yourself. Obviously this isn't uniform across universities, but it should be fairly representative.

I'll be honest, I've heard two ways of looking at it. If you go into public sector roles (GCHQ, Police, MoD, etc.) then you get all the perks assocaited with it and you never take work home with you. However pay can be much lower than the private sector, and it can be a mixed bag whether you are doing really cool stuff or really mundane stuff. If you go private, it's basically the reverse. You could be expected to work long hours, but the pay is typically going to be much better. There's also a lot more opportunities for travel. I think it really comes down to what sort of lifestyle you'd prefer.
0
reply
Quady
Badges: 20
Rep:
?
#10
Report 1 year ago
#10
(Original post by Acsel2.0)
A bit of background for those that have never seen me lurking over in tech. I'll be graduating my Cyber and Forensics undergraduate degree this summer with a guaranteed First. I've interviewed at a handful of organisations and have a competitive job lined up for when I finish. My primary interest is in offensive cyber (pentesting/red teaming) and research.

I'm happy to give advice and answer questions about breaking into the industry (as a career changer, as a school leaver, whatever) or any other general questions about cyber. I won't be answering questions that involve sharing personal information (what uni I'm at, where I'm going to work on graduation, my salary, etc.).
ELK or Splunk?
0
reply
username5204820
Badges: 14
Rep:
?
#11
Report Thread starter 1 year ago
#11
(Original post by AnonymousNoMore)
Why red team and not blue team? Or for best of both purple team? What about pen testing interested you?
Red teaming just interests me so much more, not just the technical element but stuff like social engineering as well. I've seen blue team and SOC style work and it doesn't appeal to me. Of course being a good red teamer requires you can also do defence, but given the choice between the two I'd almost always rather break stuff.
0
reply
username5204820
Badges: 14
Rep:
?
#12
Report Thread starter 1 year ago
#12
(Original post by GreenCub)
What's the gender balance like in cyber security?
I can only answer based on my experience, but my courses have been very male dominated. IIRC there were 2 girls in my class (of around 15-20) before I went on placement, and my post placement class there's only 1 girl. However like the rest of STEM, there's a huge push to get more women involved. At the moment it's much like traditional CompSci though and very male oriented which is quite disappointing. The Cyber Security Challenge puts the figure at 20% though, a lot better than my classes have been.
0
reply
NonIndigenous
Badges: 20
Rep:
?
#13
Report 1 year ago
#13
Does Alexa work for the government/NSA?
2
reply
username5204820
Badges: 14
Rep:
?
#14
Report Thread starter 1 year ago
#14
(Original post by NonIndigenous)
Does Alexa work for the government/NSA?
Not that I'm aware of
0
reply
oldaccdullserver
Badges: 8
Rep:
?
#15
Report 1 year ago
#15
(Original post by Acsel2.0)
Not that I'm aware of
Ah my friend, you clearly haven't reached the inner INNER circle if you don't know that fact.
0
reply
username5204820
Badges: 14
Rep:
?
#16
Report Thread starter 1 year ago
#16
(Original post by Quady)
ELK or Splunk?
I've got basically zero experience with Splunk, but given how much faff I went through setting up ELK on my placement I'd probably take Splunk. Definitely not my area of expertise though
0
reply
username5204820
Badges: 14
Rep:
?
#17
Report Thread starter 1 year ago
#17
(Original post by RobbeD)
Ah my friend, you clearly haven't reached the inner INNER circle if you don't know that fact.
You say that like it's a bad thing
0
reply
oldaccdullserver
Badges: 8
Rep:
?
#18
Report 1 year ago
#18
(Original post by Acsel2.0)
You say that like it's a bad thing
Yeah, I don't think the life expectancy is too long in the inner INNER circle. I guess that's politics for you
0
reply
GreenCub
Badges: 20
Rep:
?
#19
Report 1 year ago
#19
Can you go into cyber security with any other STEM degrees besides computer science and cyber security itself?
0
reply
username5204820
Badges: 14
Rep:
?
#20
Report Thread starter 1 year ago
#20
(Original post by GreenCub)
Can you go into cyber security with any other STEM degrees besides computer science and cyber security itself?
Absolutely! More than that, you don't need STEM specifically as many places accept graduates of any kind and put you through a training program. Nor is a degree an absolute necessity, there are alternative pathway in with the most common being apprentiecships.

That's not to say a CompSci, CyberSec, or otherwise related degree won't be useful. You'll learn an awful lot of important stuff, and even a lot of STEM degrees at least have easily transferable skills/knowledge. If you try to break into the industry from any other route not only will you have a lot to learn but you'll need to demonstrate an interest (which will basically amount to being self taught). But not having a relevant degree doesn't disqualify you.

Cyber is also unique in that there's a huge field and it's not just all computer stuff. Maths is really important if you want to go down the Cryptography route. Psychology and some other social sciences relate to aspects like social engineering and phishing. Cyber isn't purely technical. But it's a broad field and really comes down to what you want out of it.
1
reply
X

Quick Reply

Attached files
Write a reply...
Reply
new posts
Back
to top
Latest
My Feed

See more of what you like on
The Student Room

You can personalise what you see on TSR. Tell us a little about yourself to get started.

Personalise

Poll: What factors affect your mental health most right now? Post-lockdown edition

Anxiousness about restrictions easing (30)
5.32%
Uncertainty around my education (65)
11.52%
Uncertainty around my future career prospects (66)
11.7%
Lack of purpose or motivation (75)
13.3%
Lack of support system (eg. teachers, counsellors, delays in care) (32)
5.67%
Impact lockdown had on physical health (28)
4.96%
Social worries (incl. loneliness/making friends) (60)
10.64%
Financial worries (35)
6.21%
Concern about myself or my loves ones getting/having been ill (22)
3.9%
Exposure to negative news/social media (34)
6.03%
Difficulty accessing real life entertainment (15)
2.66%
Lack of confidence in making big life decisions (56)
9.93%
Worry about missed opportunities during the pandemic (46)
8.16%

Watched Threads

View All