Interview: Insights into our 2020 NCSC CyberFirst Bursary Students

Hi, I am studying BSc Mathematics at University of St. Andrews and due to graduate in 2021. I hope to secure a role in the financial sector post degree. I particularly enjoy the number theory part of my course. CyberFirst has been a great opportunity for me to gain knowledge and apply skills in the field of cyber security which will be extremely valuable post-graduation. I have had the opportunity to network with businesses across the UK and gain a developed understanding of how organisations in London specifically are working together to fight cybercrime.

I am studying BSc at Durham University and due to graduate in 2021. I hope to move into a software development role afterwards and I particularly enjoy the web development part of my course. At the CyberFirst Academy I learnt a wide range of skills in cyber security which I then used in my university networks and systems module. I was also invited to CYBERUK where I gained fantastic exposure to cyber security companies, giving me great insight in the field.

I have just graduated in BSc Computer Security and am studying MSc Computer Systems Security at University of South Wales, due to graduate in 2021. I particularly enjoy the ethical hacking part of my course and hope to secure a role in malware analysis or threat intelligence post degree.
Cyber First has helped me in many ways - Due to the financial benefits of Cyber First, I am able to concentrate on my studies and not worry about acquiring work around university. It has also given me the extra time to compete in multiple cybersecurity competitions including Deloitte CTF. As well as this I am working on a technical guide for malware analysis, which was started during my undergraduate degree and is an evolving project of mine that continually gets updated as I learn.
Being able to secure multiple summer placements through my undergraduate degree has given me the opportunity to work alongside some of the best and most talented professionals within the field, and has allowed me to be exposed to a wide range of cybersecurity tools, techniques and procedures.

That’s great - Bob, John, Sam - which aspects of cybersecurity particularly appeal to you?

Being part of the cybersecurity community and being involved in discussions related to topics that I feel passionate about is a large part of what draws me to cybersecurity. I also have a deep interest in understanding how things work and operate. I think this interest has drawn me into researching binary and malware analysis as part of my undergraduate dissertation project.

Recently studying a course in number theory at University, I became interested in the mathematics behind modern crypto systems. I delivered a presentation to other students last semester on the topic of elliptic curve cryptography and its applications in cryptocurrency. I hope to explore this topic further in my undergraduate dissertation.

The area that most interests me is building secure software. I am also interested in building tools for the cyber security industry.

Bob, Amy - How did you become interested in cyber security?

Before entering the world of cybersecurity, I worked as an IT technician. As part of this role, I also became the family’s and friend’s goto guy whenever things went wrong with their devices. As more and more family and friends started to become affected from internet scams and fraud, I became more and more interested in how these scammers were conducting their activities.

I first took an interest in cyber security after attending a week long course run by CyberFirst before joining the scheme. I already had an interest in computer science and the course gave me an insight into an area that I hadn’t really thought about before. I particularly enjoyed the ‘Capture the flag’ event on the last day which introduced me to pen testing techniques.

And in your opinion what cyber hygiene practices most need improving amongst your non cyber peers?

Several of my friends have spoken about receiving fraudulent emails or text messages. They know not to reply to them or click on any links and will delete the messages but they are sometimes not aware that they should also report these messages as well. This is particularly true for Smishing text as they are unaware of how to report these to their service provider.

As reports suggest, phishing has been a strong attack vector for multiple years. To combat this, everyone should be taking the extra time to validate each and every email that is received. If anything about the email seems suspicious, then contact your IT security team for further investigation.

Bob - How do you think we can better get the cyber hygiene message across and what about the industry itself?

A lot of companies provide cyber security training in a way that is similar to a recipe for baking a cake. A step by step instruction manual of what they should be doing. But just like a recipe, not many people are taught why they should be adding two eggs instead of one, just like why they should be suspicious of every email that is received. I feel that to properly equip staff to identify and tackle cybersecurity problems, they should also be taught the reasons for their actions.

There is much for industry to do, for example ‘the S in IoT stands for Security’. The security for IoT devices has been bad for such a long time that it has become a serious problem. In order to shut down the massive botnets that are plaguing the internet, IoT device manufacturers need to start taking security seriously. Default credentials, SQLi vulnerable interfaces, authentication bypasses and many more vulnerabilities are giving botnet creators easy access into millions of devices worldwide and this needs to change.

I know you are all working on a variety of different projects with us at GCA and it’s great to have you with us. What attracted you to join Global Cyber Alliance this summer?

I was attracted by the wide variety of projects GCA were working on with many other companies. As someone who is just starting their cyber career I thought being exposed to several different areas of cyber security will help me to narrow down my future career path.

I was attracted to join GCA this summer as I wished to gain experience on both the technical and non technical sides of cyber security. GCA offers numerous free to use tools which play a key role in securing individuals and SMEs. Overall, this gives me the opportunity to understand both the code behind the tools available and the positive impact they have on the organisations using them.

I was looking for a way to improve my skills in a variety of areas and GCA offered a diverse range of work that allowed me to accomplish this. They also perform a key role in the Cyber Security landscape and it’s exciting to be part of that

GCA is an organisation committed to improving the security of the internet by helping SMEs to improve their companies security posture in a way that is low or zero cost. I believe that by helping these SMEs to protect their networks, it also helps the internet as a whole to be more secure.
As the number of attack vectors decreases, the number of attacks proxying off these vulnerable networks is decreased and less attacks are launched against other companies.