Interview: Hela Lucas, Cybersecurity and Digital Forensics Student, Edinburgh Napier University

At the end of last year, Infosecurity conducted some unique research into how the trends uncovered in our State of Cybersecurity Report affected the next generation of cyber-professionals.

The results of that research were published on our next-gen section throughout November and December. More recently, Infosecurity connected with Hela Lucas, who shared some of her thoughts on Infosecurity's findings along with her own experiences of being a student of cybersecurity and digital forensics and her ambitions for the future.

Are you looking for a career in cybersecurity, and what part(s) of it is of interest?

I am planning to work full-time in cybersecurity once I graduate. I really like forensics at University, and the puzzle of DFIR in general, so I initially wanted to go into that area, but I think I am going to end up being a security engineer. This standard title seems to be the generic name for someone getting a cyber-related grad job in a large corporation, and in my experience that can mean anything.

I am prioritizing working for a fantastic employer, with good tech and training opportunities over choosing to work in a specific niche which I am interested in.

Did you do a degree in cyber or a computing-related area?

Yes, I am finishing up my BEng Cybersecurity and Digital Forensics at Edinburgh Napier University. I chose to do a placement year, which means I got to work (in Morgan Stanley's Cyber Security Fusion center) for 12 months, which extended my degree by one semester. I will graduate in December 2020.

Have you been involved in any work placements, internships, or apprenticeships – if so, were they easy to find and were places and employers easy to source?

I have done an internship every summer since I joined University, and I consider myself very lucky to have had that opportunity. In my experience, once you have one internship on your CV, it becomes much easier to pass CV screens for subsequent ones.

Getting that initial opportunity seems to be a challenge for many people. I was lucky to work on some research at my university for my first one, and I managed to learn enough to be considered for great opportunities down the line.

However, I do think there is a shortage of 'first time' jobs. I also have found that I have to travel for the best opportunities. Edinburgh, where I am based, did not have many cyber-related placements or internships when I was searching for them, so I had to move to Glasgow and London. I also found that Google alerts and the alerting function on some job boards were helpful in finding out who is hiring.

Have you been involved in university hacking societies or any local hacking conferences or groups?

Absolutely! I am a proud member of ENUSEC (Edinburgh Napier University Security Society) and I used to be on the committee. I try to go to the local DEFCON meetups and as many conferences as I can – shout out to university conferences such as Abertay HackSoc's SecuriTay and ENUSEC's Le Tour Du Hack! I am also a member of Women in Cybersecurity Scotland.

I really like the cybersecurity community and I think Edinburgh provides many opportunities to grow your network and give back. Although I am very keen on these events, I have personally not found that they are particularly impactful in terms of my career.

You have mentioned on Twitter that you’re looking for something for next summer, and I saw a few offers in Europe – are you finding jobs available in the UK?

As I mentioned, I have done an internship every summer at University. I have had the privilege to find opportunities with some brilliant employers, however I do not feel like I have been spoiled for choice. I had to move to get the best opportunities.

I have seen internships in large, profitable companies that didn't pay enough to cover basic living costs, which I found quite shocking. Thankfully I was in the position to turn those offers down and choose something different, but had I not had the luxury of time to apply to lots and lots of different companies, I may have not been so lucky.

If you are constrained in terms of location, finding an entry level job in the UK is difficult. I think the job market in the US offers much more in terms of the sheer volume of internships within the sector, and that's why I have been trying to apply for internships on the other side of the Atlantic this year.

Sadly, due to COVID-19-related cancellations, the positions I was applying for have become unavailable. I have been using my network to search for a remote alternative. I have lots of promising leads, because internships are now remote, the previous constraints of location have gone, so I can apply to jobs in Germany, England, or other locations. I am still looking, so contact me if you are hiring!

"If you are constrained in terms of location, finding an entry level job in the UK is difficult"

Would you consider working abroad?

As someone with both British and EU nationality I feel lucky to have to option to move away and work elsewhere. As I mentioned I am attempting to try work in the US, I would also consider going back home - based on what I hear from my network in Poland, the cybersecurity industry is fairly immature there, which to me sounds like it has a lot of potential. I would definitely consider working abroad, but then, I currently consider myself to be 'abroad'.

Is it clear what employers want from you in terms of qualifications, experience, or even capability?

Yes and no - this varies a lot. It's clear that a basic level of knowledge in networking and programming and aptitude for problem solving is expected, but past that there doesn't seem to be a specific standard.

I have, at times, been surprised by how easy some technical interviews have been, and there are some I struggled to get through at all. At my level, qualifications seem to not matter very much, professional experience tends not to be expected, but is very helpful in terms of differentiating your CV, and capability is really all over the place.

What’s Hot on Infosecurity Magazine?