Back on Campus: Sharing my Journey into Cyber Security with Cardiff Undergrads

This week I had the pleasure of visiting my former university, Cardiff University, to spend a day with the Computer Science and Software Engineering students. It was great to be back on campus and talk through my personal career path, from completing my BSc to my current role as a Penetration Tester at Modux.

I delivered a presentation that aimed to give some insights into my career path in cyber security and offer some practical guidance. This started with a quick introduction: I am a Cardiff University graduate in Computer Science and I went on to do an MSc in Cyber Security at the University of Edinburgh before joining Modux in 2024.

I started by explaining what penetration testing actually is and what my day-to-day work involves. Very simply put, we conduct authorised security testing to find weaknesses and report them back to clients, so they can be remediated before malicious actors can exploit them. Our work covers everything from infrastructure and web app testing to cloud and physical security reviews. Fun fact: Modux is the leading cyber security consultancy in the rail sector, which is why I’ve spent a surprising amount of time plugging my laptop into trains over the last year!

While we offer a wide range of services to many different clients, the overarching goal of our work is largely the same: identify vulnerabilities and misconfigurations, show how they are exploitable, and provide a clear report for remediation. My daily schedule is a mix of hands-on technical work, reporting and interacting with clients. The variety is one of the things I like most about my role, where there is usually something new on the calendar each week.

In the second part of my presentation, I talked about how to build useful skills while at university to prepare for a career in cyber. I emphasised that besides gaining a good technical foundation through university modules, it is worth building practical, hands-on cyber skills in safe environments (like Capture the Flag, Hack The Box and TryHackMe). I also encouraged the students to create and showcase their own labs, as in my experience, this is one of the best ways to gain a deeper technical understanding of security vulnerabilities.

I addressed the challenge of finding junior roles in a field where practical experience is often listed as a key requirement. This included sharing my own path to landing my first full-time role: I went from doing a summer internship and part-time work during my Bachelor’s, onto my Master’s, and then my current role. Reviewing this progression, I highlighted that employers often highly value a clear demonstration of passion for technology and the ability to learn.

The Q&A part of the session allowed students to dig into the practical aspects of applying for roles. I got several questions about what to include on your CV and the job search process itself. I talked about where to find job opportunities (I used LinkedIn, Indeed and contacted companies directly) and what they can expect from different interview stages during a typical application process.

I wrapped up the talk with a few key takeaways that I learned from my own path into cyber:

• Never stop learning - Cyber security is a constantly evolving field, so be curious and ask questions.

• Collaboration is essential - Success in this field is a team effort. You’ll spend a lot of time working with colleagues, clients, and managers. A big part of the job is communicating and working well with others.

• Don’t forget about the soft skills - Technical ability and knowledge will only get you so far. The ability to talk to clients, communicate complex technical issues to diverse audiences, and understand the context and bigger picture of your findings are just as important.

All in all, it was a fun and rewarding day, and I hope I’ve inspired these students to get into cyber security and given them the actionable advice to get started.