We recently caught up with NEBRC student alumni, Setareh Jalali Ghazaani, who is now Lead Auditor (IT) at British Assessment Bureau. Setareh spent one year working at NEBRC as an ethical hacker within our student services team, gaining valuable real-world experience alongside her studies.
The NEBRC student programme works in partnership with both Sheffield Hallam and Northumbria University, offering work experience opportunities to students who are studying cybersecurity.
When did you first become interested in cybersecurity and where did you study?
I came to England four years ago to complete my Masters in Cybersecurity at Sheffield Hallam University, having previously studied Computer Engineering at Islamic Azad University (IAU) in Tehran, Iran.
I often describe myself as a “big nerd”, I’ve always been interested in computers and technology and it was actually a lecturer from my undergraduate degree called Tooska Dargahi that really helped develop my interest in cybercrime. While studying, Tooska assigned us a research project on information security topics. While exploring the subject, Shahrzad Zargari then introduced me to steganography, which is all about concealing information. This is where my interest started to grow, I knew I had the passion and skills to be able to create a career for myself from this.
How did you hear about the NEBRC student programme and what made you decide to apply?
I think it was during my first semester at Sheffield Hallam. The university uses a portal, where tutors and relevant organisations can share information with students. It was here that Shahrzad Zargari told us about NEBRC and advertised the scheme. I knew I needed experience in a work setting, so decided to apply.
Applying was really simple, I just had to send an up-to-date CV, along with a brief description of what I wanted to do, my experience and why. After applying, the NEBRC shortlisted candidates and I was both excited and nervous to be invited for an interview.
I needn’t have worried though, a couple of the NEBRC team interviewed me and they were each really friendly. They weren’t trying to stress you out or asking awkward questions. They asked straightforward interview questions, allowing me to share about my interests and hopes for the future. I was asked what areas I found most interesting in my course and I remember naming both ethical hacking and web application testing modules. Which I think helped influence the experiences I gained while working at the NEBRC.
When did you undertake the placement and what were your responsibilities?
I started university in 2020 and joined the NEBRC programme in January 2021, so all of my studying was online. Despite the world still being under restrictions due to COVID-19, I found the experience worked well and the NEBRC were very organised – I was still able to fully engage.
My role day-to-day varied and I was given different attacks and tasks to approach. Usually, a more senior team member sat down with me and guided me through what to do. The teamwork is excellent, as a student, the expectations aren’t unrealistically high as they understand you are still learning.
My experiences included things like writing an article for enterprise businesses that would be proofread and published by my seniors, to conducting an assessment (for a School). This type of project/test is very time-limited, with all sorts of restrictions. For example, it can’t be within the workday. This taught me to work under pressure and I wouldn’t have been able to gain this real-world experience without being supported. It was comforting being in a group of people who had done the task before (Joe Cockcroft who I worked with was a great help, giving instruction and guidelines).
This test made me realise that actually, everything my course had taught me so far fit into real scenarios. This is something I would have been guessing and wondering about if not. I could put the theory into action, applying my knowledge in a real-world scenario.
What did you most enjoy? What were the biggest learnings?
I most enjoyed working within a team, I appreciated all of the help and support from everyone. Every person in my life and career path has impacted me but, Shahrzad and Martin at the NEBRC and my module leaders at university, all helped without expecting anything in return.
When you leave university and apprenticeships like at the NEBRC, you are no longer within that same supportive team, it is more about individual work. Whereas at NEBRC there are knowledgeable people all around you who are willing to give up their time to teach you. Not all roles are so team based and you have less support.
Because of this, there is also a real need for continuous learning and certifications after leaving. A master’s degree isn’t enough to see you through your entire career, you have a responsibility to keep learning.
Having moved jobs twice since graduating, the only way each organisation can prove you are on top of what you are talking about is by a certification. You and your skills need to be verified.
What challenges did you face?
My academic course was often gamification-based which I thought wasn’t as close to the “real world” but, my time at NEBRC proved that actually, the experience for both are the same. I gained so much knowledge on my course.
Despite being the highest achieving student in the year in my ethical hacking module (gaining full marks), I was scared I didn’t know anything. Confidence was a huge challenge for me. The NEBRC placement helped me realise that the knowledge I’d gained was all extremely relevant and placed me in a good position when it came to approaching future work projects.
Martin was key in pushing me to take on new challenges and reassured me that I’d be supervised throughout. I needed to be pushed out of my comfort zone and the NEBRC helped me do this within a safe environment.
Another challenge I found was that in cybersecurity, everyone tells you it’s ever-changing and that you need continuous learning and this is really true. You get to know this when you leave uni and there is still so much more to learn. Facing new cases each time in my work experience gave me new topics to learn and instilled this idea of continuous learning to overcome new challenges.
How did the experience help you in your career to date?
The NEBRC was my very first job related to cyber security and it massively helped to boost my self-confidence. I’ve had 3 different experiences since leaving. Firstly as a cybersecurity lecturer at Sheffield Hallam, then working for a small organisation and now working at the British Assessment Bureau.
My experience helped me get my next role as I spoke about the NEBRC in my CV and interviews. I’m now a third-party cybersecurity auditor, so working within auditing for a certification body. The skills I learned working within the NEBRC helped me to speak with technical people, participating in meaningful conversations. Also, I think people often underestimate the value of soft skills such as listening and communication.
In the future I’d love to be a CISO at an enterprise level organisation but, the next step for right now is to gain more certifications and experience to verify my knowledge.
What advice would you give to any current students who have applied?
My advice to students… just say yes! You will learn a lot and be able to see which areas of cyber security you are most interested in, where your strengths lie and where the skills gaps are.
I honestly believe it is the best experience you can get as a student – you have no idea of the real world until you do it. People either think they know everything or nothing at all, but this work experience puts your knowledge into context and allows you to learn in a safe environment.
Find out more about the NEBRC student services programme, please contact us at [email protected]. You can also stay up to date with the ever-changing digital landscape and security threats, by signing up for our free core membership.
The NEBRC is a Police led non-profit organisation that seeks to educate, inform, and support businesses across the UK on how to protect their business online through good cyber security practices.