As students, we get told that college is enough to land us anything we want, I can honestly say from my experience, that was not the case at all. I grew up in a household where education will land you where you want, and you don’t need to be external with the system, so I assumed as long as I have a good GPA to show, any company would want me. You don’t have to do exactly what I did. Honestly, I advise you not to, and you’ll see why. Instead, use this as awareness that you shouldn’t just allow your classes to speak for you and you should get ahead while you have time. I’m going to explain a little about my background in education and then dive into what I did during my 3rd year of university to make me go from being declined from every position I apply for, to having a table full of internship offers that were from many different sides of business, including the medical field.
My Educational Background
I started university at a school that focused on the offensive side of security, I finished 2 years then decided to travel to a different city to attend a new university that titles me as a cybersecurity engineer, so I started to focus on the defensive side of security.
Note that this university has a cybersecurity program that is very well known in the state, that’s why I transferred. So 3rd year hit, I figured it was getting close to start applying for internships for the upcoming summer. I felt like I needed to finally enter this field, 3 years of being JUST a student is enough. I want to finally have a title I loved in the real world.
How it started
It got close to winter break, so I decided to start applying for 2018 summer internships. I felt pretty confident, 3.98 GPA, engineering school, strong courses, and a good university. Unfortunately, this is where it started, decline after decline, not even getting past the first stage prior to interviewing. It felt like not a single company wanted me and I was becoming more and more destroyed after each "We regret to inform you" letter. I felt like the past 3 years have been a waste.
Okay, decline after decline, it’s clearly my fault, I’m doing something wrong, but what? My GPA is really good, I don’t understand why I’m not even getting past the first stage, I felt weak and unimpressive. I opened up my resume and really started looking at it. I tried looking at it from a professional perspective, if I was hiring this student, what am I looking for? Then I noticed it, I’m just a student, I noticed all I have to show was a number (my GPA), and courses I’m required to take for my field, that’s it. I had no other way to show who I AM, other than my resume representing that I am a college student. There was no information about ME, WHAT I LIKE, WHAT I DO, NOTHING.
The 4-month long journey
That’s when I really freaked out, I want so much in life yet all I’ve been is a student that doesn’t work on my career outside of school. Book after book, I’ve been a student, I never really introduced myself to this field, to my future, and to who I want to be. All I’ve been doing is listening to my professors teach me, rather than also teach myself. So, I did the only thing I felt like I needed to do, time to play catch up and get ahead. During school, for 4 months, I began doing side project after side project. This was fun yet destroying my mental and physical health, I slept on average 2-4 hours a night (7 nights a week) on my couch right next to my computer just to get up and continue. I didn’t eat much, didn’t see my family much, barely socialized, and didn’t care to go to some of my classes. A few projects I’ll say I was doing were created/solved cryptography puzzles, built a self-driving car, researched/experimented hacking air-gapped computers, participated in National Cyber League to gain some sort of external experience, wrote security articles, read a lot, introduced myself to security frameworks, and so on. This was around the time where CryptoCypher introduced me to the existence of the infosec community, and I started to meet great people that gave me an understanding of many different aspects of this field.
Being ready
Okay, nearly 4 months later, I’ve strengthened my resume (had about 8 professionals look at it), I’ve introduced myself more to this field, but now I feel like I need to understand what my responsibilities are in a company before I go into interviews. Where do I see myself in 5 years? Why do I want to work here? Many simple questions like that would originally get me speechless. I asked a few friends in class what they would answer, they said typical stuff a student would say, “in 5 years I see myself as a (insert title)”, “I want to work here because as a student being introduced to this type of environment would help my future.”
I saw right through this, my entire objective is to bypass looking like an average student, I want companies to look at me differently. So that's when I started to create small 5-year plans for my future. So, when asked, instead of saying where exactly I want to be in 5 years, I can elaborate on what I want to know in a 5-year window, and the process I'm wanting to take to build my knowledge while getting there, and how the company I’m applying for would strengthen that. The next thing is understanding security from a real-world perspective, so that's when I started to read articles, understanding different titles in security, cyber threat intelligence versus business risk intelligence, and things like that. When I get asked why I want to work here, I can respond with how based off the responsibilities the title represents, I would tailor projects surrounding them to strengthen the company with the team based off real activities with IT as a whole.
BEING ACCEPTED
Well, summer is right around the corner, so it was time to finally start applying, I am ready. Yes, I am still getting decline emails from companies I applied to months ago, but that's okay, I'm in a better position. I started applying, and that's when I realized the past 4 months have been a success. Company after company wanting to interview me from many different areas of business. I started going to interviews, all of them I was super nervous towards but the second I walked in the door I felt really confident all of a sudden, and that's what made me nail so many of them. Confidence.
I don't want to go too deep into how to nail interviews, but please make sure you know yourself, the company, and the position, correlate all 3 of those into the interview. Questions like biggest weakness, strengths, tell me about yourself, all the "basic" questions can really mess up a position, I used YouTube tutorials for hours to learn how to answer each one confidently. Also, when you get asked if you have any questions at the end of the interview session, ASK. It will feel empty if you say, "No Thank you" and walk out. Ask questions like "Working for this company as a (insert your title), what does the day to day look like?" and "As a (insert title) intern, what do you expect from me 30 days into this internship?" and so on, just get an idea of what the company is and show your interest in the position you are being interviewed for.
Conclusion
So that's my story, I hope this helps some of you to realize that companies do care about your side projects, and a GPA isn't the only thing that's important. Be productive outside of classes, read articles then turn the concept into projects, join the infosec community and make friends, ask professionals for help on your resume, know what you want and walk into that interview confident. As far as where I am now, I am getting ready to start my 4th year, working as a cybersecurity engineer intern at a multi-billion dollar headquarter, and finally being introduced to this field outside of being a student, and the only thing I can say to that is I am in love with all of this. Also, I will be attending Black Hat USA 2018 and DEF CON this year, so if you’re there, feel free to make plans with me for a meet-up. Anyway, work for the position you want, I promise you're going to thank yourself for doing that.
