Hello readers, I just finished my final written paper for Y4S2 so I am back with another post on my NTU undergraduate experience. In this post, I will be talking about my internship in Y3S2. While it has been around a year since then, I will try my best to recall as much as I can. The following are the contents of this post for easy navigation:
The "unofficial" introduction to Professional Internship (PI) for NTU EEE (My Version)
My professional interest and choice for PI
PI Experience
Hindsight and Takeaways
Overall Conclusion
The "Unofficial" Introduction to PI
As everyone knows, engineering courses in NTU require you to do a credit-based internship to fulfill graduation requirements. Most students clear their internship in Y3S1 or Y3S2. In the semester before they officially start, applications will open for students to check out and apply for companies that they are interested in. Besides school-related sources, students can also source their own internships and submit them to the School for confirmation. Note that students are also free to do internships during their holidays but these do not count as credit-based.
In my case, I did my internship in Y3S2 (Jan 2021 - May 2021) at Keysight Technologies Singapore. I got it through InPlace, which is the internship portal for EEE and I think other Schools as well. I was placed there as a Product Security Engineering Intern under their Product Security Team.
My Professional Interest and Choice for PI
Even before the intern application season for my batch came, I had already developed an interest in cybersecurity. I will not go into the details of my interest in this post, but it is safe to say that I was determined to do my internship in a cybersecurity-related role by the time internship season rolled around the corner.
Like any other student, I spent time going through the listings for cybersecurity roles both on InPlace as well as from other sources. In a nutshell, InPlace carries out internship applications in 3 rounds, and students who did not get their first choice companies would then participate in the subsequent round, and so on. For me, I managed to get an interview with a company in my first round choice i.e. Keysight. I was interviewed by the team lead and another engineer and received the offer shortly after.
Besides InPlace, I had also attempted to source from external platforms. One reason is because there are simply only that many cyber-related openings for non-CS students. I do not remember exactly which companies I had applied now but there were a few banks in the pool. At some point, I received an invite from a foreign bank to submit an application to my School for further processing (because this was considered external application and hence needed to be approved first) before they could consider me for an interview. However, I did not proceed with this because by then I had already confirmed my placing with Keysight.
PI Experience
My internship was done during the aftermath period of COVID-19. Since we had Circuit Breaker in 2020 and the situation was somewhat iffy then (think: snap measures), I would say that it sort of impacted the overall experience of my internship at Keysight. For example and according to my understanding, Keysight usually sends their interns to the Malaysia site to expose them to more aspects of the business during their internship. There would also be some intern events for bonding and networking. However, due to the pandemic, all of these were cut. Essentially, we only went to office 2-3 times per week and either stayed in the room they gave to us or went up to interact with the full-time guys (they had a separate room for interns).
Besides myself, there were 2 other interns from NUS. All 3 of us were parked under Product Security, although we worked with different team members from the full-time team. For me, my initial main task was to conduct regression testing on the team's Vulnerability Management Tool (VMT). I will not go into further details for privacy reasons. In the second half, I did some research and came up with proof-of-concepts on using an acquired technology to automate the regression testing process. I had to basically redo all the test cases in the first half and write scripts in a rather obscure language to ensure that testing could be automated for every version release of the VMT.
Hindsight and Takeaways
The following is my thoughts while reflecting on my internship. I've formatted it in a pro vs con template to better convey my thoughts. Hopefully it will help juniors who are interested in cybersecurity to make an informed choice in the future. I will start with the cons before moving on to the pros.
Cons: If I were honest, I would say that my internship experience kind of went off a tangent. I was looking for an internship that could give me exposure to penetration testing. One of the reasons I chose Keysight was because they had advertised the role to include PT. However in reality, I did not do much, if any, PT during my time there. I would say that the team was more focused on the scanning phase of the process rather than on PT itself. As mentioned, the second half of my time was spent doing automation-related work instead of getting practical experience on how to conduct vulnerability assessments.
Also, we were pretty much left to our own devices most of the time. Other than the interactions with the full-time guys during lunch time, there were not many work-related interactions except during the regular standup meetings. Overall, it felt more like a software type of role rather a cybersecurity one.
Pros: That said, the full time guys were mostly opened to talk to the interns whenever we had questions. The talks ranged from work-related to certifications etc. At that time, I was taking my CEH and one of the full-time guys was nice enough to provide test past exam answers since he had already taken it before and passed. Sadly, he took v10 but I was doing v11 so it was not really relevant but at least he was nice enough to help. I remember he also gave me a pep talk on doing OSCP and telling me not to worry too much and just go for it, saying it would be an experience to start doing offensive security from nothing. It was encouraging to have that talk because I was still quite the noob at the time compared to now.
Another nice bit of interning at Keysight would be their cafe. The cafe food was nice albeit a bit pricey. Sadly their canteen was mostly closed (cafe =/= canteen) so I didn't have many experiences trying their canteen food.
Work-wise, they had some cool stuff to play around with that usually require a subscription. I think they had Burpsuite Pro, Nessus etc. Unfortunately I was not aware of these and only came to know about them towards the end of my internship.
Overall Conclusion
"Well, I guess I made my choice so I have to stick with it." would be a sentence that could sum up my experience at Keysight. It's not entirely bad, but I am of the view that there could be areas of improvement. During my time here, I managed to clear my CEH and get some motivation for OSCP, so that could be considered as an objectively good thing.
In any case, I made the choice that I thought was the best for myself under those circumstances, so there is nothing left but to look forward to where the future will take me! :)
As for you, my readers, I hope that you have gained some insight into how internship works at NTU EEE and are better informed to make your own choices. :D
