By Stephen Chapendama
My name is Stephen Chapendama and I’m currently the Infrastructure Engineer (Platforms Lead) for a global IT services company working in their Advanced Threat Centre focusing on maintaining and managing internal platforms development, working with the SOAR (Security Orchestration, Automation & Response) team and also working as Technology Manager for Foundervine, a social enterprise delivering programs to change the global face of entrepreneurship through immersive programs focused on entrepreneurship, business development and also delivering programs in Higher Education. I graduated in 2016 with a BSc (Hons) in Computer Science (Networks) from the University of Hertfordshire having completed a placement year at BlackBerry.
As someone who didn’t actually study IT at A Level, choosing Computer Science for Uni was actually a steep learning curve for me, and as I was going through 1st year and 2nd year covering different themes of tech, from programming to cryptography to networks, finding which stream of tech I was interested in and would want to focus on first was a challenge. As I approached 2nd year I was lucky my University heavily pushed placement years, I was able to secure a placement as a Network Operations Centre Analyst at BlackBerry as at the time I was interested in Network Engineering. The placement year definitely helped me see other roles within tech and also sample streams that weren’t even offered on my course. It also introduced me to the steep learning curve we face as engineers in Tech. Often, based on customer environments we quickly had to get to grips with new tech on the job. Whilst training and support is offered, unlike University where you are given time to learn the theory before you put it into practise, working as an engineer in a NOC environment involves using the resources around you to learn, i.e the other engineers. Baptism by fire if you will. I did find out a lot about myself during this placement, like for example, coding really isn’t for me. I didn’t enjoy it and I knew my career would never be as a software engineer. I was however introduced to Linux and system administration which would eventually lead to a focus on cyber security.
Upon the completion of my placement, I was able to refocus my efforts and select modules more reflective of cyber security and networks as this was where I saw my future headed. I was able to complete another 6 month placement during my last few months as a student with a Age UK Hertfordshire, supporting their Business Systems as an IT Graduate. Work experience in any industry is important, for those in tech, being able to demonstrate you can comfortably work in a team, work in an agile manner and have hands on experience will definitely put you ahead of the rest of the candidates in the now very competitive graduate scheme recruitment field. I decided to focus my dissertation as well on a topic I knew I could speak about with passion in interviews, and I chose to focus my research on running Hadoop on a Raspberry Pi. I was able to blog about how I did it a few years later, you can read it on my blog!
One learning point I definitely want to point out to students and recent graduates is utilize the resources your University provides, especially those looking to get into technical fields. If your University has access to LinkedIn Learning or Azure credits, now is the time to start redeeming and learning skills. The more you have to showcase your intent to learn and pick new skills, the more it shows recruitment teams and manager your passion for tech. In an age where we are now seeing the popularity of Degree Apprenticeships, Coding bootcamps and other avenues to enter tech, as a graduate, sometimes having a degree isn’t enough, you need to place yourself above the rest. For those looking to get into Cyber Security, getting to grip with open source tools is a good way to start.
Because you have never seen the tool kits being quoted, it’s always worth actually researching what the open source alternatives are. Let’s say for example, you have seen an advert for a Security Operations Centre Analyst, looking to recruit graduates but you feel you don’t have the work experience to support your application. Well actually researching these tools and using them is a good start. So one of the market leaders in SIEM (Security Incident Event Management) toolkits is called Splunk, they offer a free module which you can easily deploy and actually test out some functionality. You could even go deeper and have a look at the Elastic Stack of products (Elasticsearch, Kibana and Logstash). Projects such as honeypots are a great way to bring in data and I wrote about how you can deploy your own honeypots so you can start building dashboards and running machine learning jobs if you are interested in taking your career this way.
A home environment is important when looking to enhance your skills. This applies for developers as well, so being able to code and practise new skills will help keep your skills sharp and also upskilling is an important part of a tech career. My career has drastically changed from the graduate who walked down St Albans Cathedral in 2016 and so has my technology stack. In part it’s due to the constant learning but I won’t lie to you, it’s not easy always having to learn. For 2 years I worked as an Assistant Systems Consultant for a Higher Education institute where often I was working with legacy systems and not so common technology such as Solaris servers. This meant sometimes the documentation from years ago was my best guide, and it’s working on these projects that have helped me understand modern architecture more.
Some resources I’ve found useful along the way:
- Security Onion - For those interested in cyber security, I recommend checking out and installing Security Onion. It is a free and open source Linux distribution for threat hunting, enterprise security monitoring, and log management. It includes Elasticsearch, Logstash, Kibana, Snort, Suricata, Zeek (formerly known as Bro), Wazuh, Sguil, Squert, CyberChef, NetworkMiner, and many other security tools.
- T-Pot Honeypots - Honeypots are a great way to understand the cybersecurity landscape using real active malicious threats in a secure environment. T-Pot is a honey system where you can deploy and access a Kibana dashboard and also push the data to the latest version of the ELK Stack and run machine learning jobs. Great for those looking to understand cyber security log data. I wrote about how to install and utilize it here.
- Pluralsight - I highly recommend Pluralsight as my development platform of choice. If you’re working in tech, it’s worth asking your manager for a license as it’s one of the best learning platforms around.
- TryHackMe - If you are interested in penetration testing, I recommend you start using platforms like TryHackMe for running virtual labs and getting to grips with Linux and other cyber security exploits and tools.
- Seidea - For BAME women looking to get into cybersecurity, Seidea through immersive programs and initiatives offers women the tools and support to get them into careers in Cybersecurity.
Community is an important part of your learning journey in tech. I’ve been lucky to come across so many communities and initiatives where I have been able to connect with other people in tech across all stages, from students to professionals who’ve been in the industry for years. So happy for initiatives like arkisites who are dedicated to bridging the access gap between the tech sector and minority ethnic groups. It’s important for us to open the door for the ones who will come after us in tech so if there’s any way I can help definitely reach out to me via the arkisites Community Slack or on social media! Twitter: @StevenChap or on LinkedIn: Stephen Chapendama and you can also check out my blog on Medium!