Ireland has been pushing to become a Cyber Security Centre of Excellence, but this can only be achieved with the right talent. Two recent graduates landed jobs with local vulnerability assessment and consultancy Edgescan, and spoke to Infosecurity about their experiences in getting certified, jobs and what challenges they faced in finding their first career opportunity.
Conor Cronin is an information security consultant, and after completing an undergraduate degree in computer science at Technological University in Dublin, which included networking and programming, was offered an internship in his penultimate year and reached out to Edgescan, spent nine months at the company and upon graduating was offered the full time job.
“I had heard of them and a member of the team had previously gone to the college, and had an internship so set up a partnership to offer a place and I went for it and got it,” he said. “There were some opportunities where you could get a place yourself and the college had to sign off on them, and the college had some approved ones and Edgescan was one of the approved ones.”
Almost two years into working for the company unofficially, Cronin said that it was “quite different to when I did the internship” in his first year working for the company, as he was now working with companies. Daily, he admitted that days are not typically the same, but he was carrying out risk assessments on web apps or network assets. “For Edgescan it is doing those assessments, gathering the evidence and reporting it to the client,” he said.
Also joining Edgescan from the same college was James Mullen, also an information security consultant, who recently graduated with a Digital Forensics and Cyber Security honors degree. He told Infosecurity that he had been a mature student and started college at 27 after returning to Ireland in 2014, and had participated in capture the flag (CTF) competitions and joined Edgescan after being introduced to them whilst he was in college, and after switching to graduate from Parkland College he had been at the company for two years.
So what was different from the internship to the day job? Cronin said that they had got a lot more involved with responsibility for testing, whilst on the internship they were more about learning “the tricks of the trade whilst when you come back full time you’re tasked with a lot more.”
Mullen admitted that he did not have much training in cybersecurity specifically, and what he had learned had been self taught and what he had picked up from the CTFs. “I co-owned an internet café in Manila, and I opened a learning center which was about getting kids into IT in general, and I came across a few issues on security and I studied a bit on the architecture, and I thought that it if I am trying to help these children I should learn it myself,” he said.
“The education was quite expensive so I came home to Ireland and studied IT security to boost programming as it is an up and coming area. Over there, there was not a lot of IT security companies but there was a lot of programming and Java so I saw it as a way to introduce jobs to people abroad.”
He went on to say that there are job opportunities in Manila, but only if you could afford the education “and that would not be the case for many families.”
Upon returning to Ireland, Mullen said that the course he found was relatively new, whilst Cronin said that on a computer science course “most people would have liked a job in cybersecurity if you had talked to them about it” but there was not the accessibility like there is now, but both men agreed that the main thing was about “getting a foot in the front door” and Cronin said that the internship was the start of a path of certifications and learning.
Mullen said that the evidence was there on social networks that there is a shortage of skilled people, and he went from one day “wondering if I will ever get a job to feeling like one of the most wanted people in Ireland because of the education.” He also praised OWASP meetings which provide opportunities to network, as they often involve people looking to hire.
Mullen said: “There is definitely a shortage of workers, and the positions are really opening up, it’s just a matter of the information reaching people at the endpoint who would want those jobs but would not know about the education [required].”
Ireland and Northern Ireland have also seen a lot of American companies open offices in the region, and Mullen said that more opportunities coming and “to be here during the time that they are coming, it is enough time now for people to get into the education and build up a decent resume in the IT society.”
Concluding, Infosecurity asked Mullen and Cronin what they felt were the best tactics for employers to get involved with offering internships. Cronin said that at the end of the final year he had to submit a project and this was presented at a project fair, and employers attended those, while hacking societies will look for sponsors for competitions and CTFs “and it opens the door between the company and the students.”
Cronin also said that these opportunities also get introductions made between the people that want to hire, and those that want to be hired.
It seems that things are moving in the right direction in terms of opportunities across the board in Ireland, let’s hope that other employers and academia see the benefits too.
A message from Infosecurity, 12/11/2020: Conor Cronin very sadly passed away in November 2020. At the time of his passing, Conor was raising funds for men's health. You can donate to his Movember fundraising page here.