Hello readers! It's been more than half a year since my last post and I'm back to update my blog.
Firstly, this post is written and published on Chinese New Year 2023, so I'd like to wish a Happy Chinese New Year and hope for a good year ahead for everyone :)
A lot has happened in these past ~7 months and I've since graduated from NTU and am currently working in the civil service! :)
There's a lot to write about, and I'm aware that I have yet to update my course review for my final year modules when I was still in NTU. I've been meaning to write about them but the inspiration keeps coming and going before I can pen down anything meaningful, but I promise it'll be up sometime this year, hopefully in the next few months! For this blog post, I thought I would share a bit about my current job and what I've been doing since graduation.
I've adopted a QnA format to write this post, so I hope you enjoy! As always, please drop your comments if you have any and I'll be happy to answer them. :)
If you are an existing NTU junior and have questions related to cybersecurity as a career, feel free to drop them in the comments as well and I will answer them!
A short timeline of my job search journey
If you've read my post on my EEE internship, I wrote at the time that I wanted to pursue a career in cybersecurity. For the uninitiated, cybersecurity can be broadly categorized into two groups: offensive security vs defensive security. The former is the branch of cyber that deals in proactive security and is perhaps most glamourized in mainstream movies (think: a person in hoodie in a cold server room typing on his laptop and the classic "I'm in!" scene), while the latter deals mainly in reactive security such as investigating and containing cyber attacks.
As written in my previous posts, I was primarily interested in offensive security. Specifically, I was looking for roles in penetration testing and/or exploit development while job searching in Y4S2. In layman explanation, these are roles that deal with testing the security of various applications and/or technologies. For example, if a developer codes a website that accepts certain input, my job would be to test if the input field accepts certain characters and if so, exploit it to do bad stuff to the website.
Offensive security roles typically require some prior experience to land the role. Therefore, there were not a lot of jobs who were willing to take fresh graduates with no prior experience in the field. I had to sift through a few companies (off the top of my head, maybe around 10? Not too sure how many I applied to as I write this) and only managed to secure two offers within about a month (around Feb - March 2022). Due to time constraint and wanting to focus on other things, I stopped my job search and made my choice between these two offers shortly after I got them.
What am I doing today?
Currently, my role involves Vulnerability Assessment & Penetration Testing (VAPT). I also do bug bounty triaging and vulnerability research. It's a really fulfilling role and I count myself lucky that I get the chance to pursue a career that I'm passionate in (I can't imagine the horror of waking up everyday and dragging yourself to a job that you have no passion for).
You studied EEE! Why change to cybersecurity?
Why not?
I've come to learn that cyber is a field that requires passion to sustain and thrive, and this means being willing to put in the work to get better everyday. Of course, this applies to everything else in life, but in the context of this field, it is especially important. There is so much more I could write on the topic of "What I feel it takes to succeed in cybersecurity", but I'll save it for another post.
To answer the question more directly, I would say that throughout my time in EEE, I did not manage to feel a burning desire to want to learn beyond what was taught compared to the experience when I first dipped my toes in cyber. It was always "oh I'm just going to study this to pass" or "I have absolutely no idea what the lecturer is talking and I can't be arsed to find out more if it's not going to be on the test". Simply put, I'd say that I just didn't feel anything that stirred my heart in EEE. And when cyber came along, the experience made me realize that it was what I wanted to do.
Looking back, the closest I came to wanting to learn would probably be the Computer Communications / Computer Networks modules that were taught partly by Dr Michelle, and I suppose credit has to be given to her good teaching that made me want to find out more beyond what the course syllabus required.
Modules in NTU EEE that have relevance to cybersecurity
Digital Electronics: Understand the concept of 0/1 and the different gates.
Microprocessors: Assembly language is fundamental for writing exploits (exploit writing is not covered in this module obviously, but assembly is required for it).
Computer Communications: Absolutely fundamental to learning about TCP/IP and IPv4 etc.
Computer Networks: Largely relevant for the same reasons as Computer Communications.
Information Security (the MPE, not the UE): Teaches some common terminology and introduces important topics such as encryption etc (however, it's nothing too technical).
FYP: search for a relevant project or simply come up with your own! I came up with my own and did everything from scratch since there was no precedence FYP for my research topic.
If you would like to access my FYP, you can do so here.
