We spoke with NOVA cybersecurity student Maseeh Lalee about getting ready for the real world, self-advocacy, and career goals.
Q: Please explain the importance of cybersecurity?
Cybersecurity deals with every aspect touching the digital realm. I think when people think about Cybersecurity, they think about anti-virus or technical stuff like firewalls. In fact, it’s often simple concepts. For example: don’t overshare on social media, guard your digital footprint, use complex passwords, don’t add people who you don’t know, etc. The importance really lies in trying to limit the methods that an attacker can compromise a system or a person by gaining information, which often is publicly available. Also never assuming your data is safe or your privacy is ensured, cybersecurity’s importance is emphasizing that security is a shared responsibility that everybody is involved in.
Q: Generally, why are internships important?
Internships really give you a good look at how work, and to a larger extent business, is conducted in a professional environment. In this internship with CyTalks, I found the access we were given to Office 365 cloud suite gave us an opportunity to experiment with things and to complete the tasks we were given. I also value internships as a networking avenue, I met some people on my team that I’m still in contact with today.
Q: What specific hands-on activities have you engaged in during your internship? What has been your favorite task or project?
We were doing so many things related to Cybersecurity. The first project was auditing our systems to take a security baseline and it gave us some insight into system hardening and the compliance or legal side of Cyber. We reviewed guidelines like the NIST Risk Management Framework which outlines the process of managing risk associated with systems added to a network and the subsequent security controls put in place to secure those systems. I also got to write a paper on the Cyber Skills Gap which was pretty fun just doing research about the field I am actively pursuing. My favorite task or project was actually the most unsuccessful, which was malware analysis. Basically, we ran malware or a virus inside a virtual machine to observe its behavior. Although the malware’s execution didn’t work for me, building this sandbox environment really motivated me to doing this stuff on my own time since it was aligned with what I’d like to do in the future.
Q: Who has had a particular influence on you during your internship?
Dr. Kohy and my team lead Bethany has much influence on me. Dr. Kohy gave us insights in how we should carry ourselves and industry specific advice. Bethany gave our team a lot of motivation and support to stay on top of deadlines.
Q: What’s the importance of soft skills (communication, problem solving, working with people) in cybersecurity and what have you learned during your internship in this capacity?
Soft skills is super important and I think it was stressed on so much that it became ingrained in our mindset. Just working as part of a team let us know the importance of soft skills. For example, managing projects and their deadlines, effectively communicating and resolving any problems with your team. The golden rule I learned is you must be personable and be a self-advocate. Nobody’s going to help you if you’re not willing to help yourself.
Q: How did your experience as a NOVA student prepare you for your internship?
NOVA’s classes were much in line with what we were doing. Mostly I was pulling from self-study and research assignments I’ve done at NOVA to streamline the projects to complete them smoothly.
Q: Explain what you think are the benefits of a 2-year degree in Cybersecurity and also a 4-year degree. Do you plan to go straight into the workforce or transfer after NOVA?
I think there are both direct and indirect benefits. The direct benefits are what people often look to when they’re trying to convince students to go to college, that the degree makes you more employable. However, I think it really depends on the person cause self-study is definitely possible. I know people with 2-year degrees that don’t really know anything. They just went through the classes at NOVA but never retained the concepts. So it’s really about the work you put in. If you’re already an IT professional, a 2 year degree would suffice. If you’re just entering straight out of high school, a 4 year degree could be in your path because there are many fundamentals you have to learn in order to get into Cyber. Simply because Cyber isn’t really entry level even though there’s many “entry level” positions open. As far as my plans go, I’m transferring to George Mason University but am also actively partaking in other internship opportunities and applying to full time IT/Cyber jobs.
Q: What particular area of cybersecurity do you want to pursue?
I want to get into SOC, Incident Response or Vulnerability Management. They’re all Blue Team or defense roles but particularly SOC interests me because being a Security Analyst is my dream job.
Q: What type of software have you used in your internship and how has it equipped you?
It was primarily the Microsoft Office 365 Suite, which was Outlook, Teams, Word, Excel and PowerPoint. It has benefited me because in the internship I’m at now, we primarily communicate through Outlook and Teams. Learning to schedule meetings on Teams was extremely useful.
Q: Tell us a little about the personal side of internships. What are relationships like with peers and with supervisors at Cytalks?
With peers it was great, I had 2 teammates and I really liked them both. One of my teammates his name is Justin, he ended up becoming good friends with me and I got to know him well. My supervisor Bethany was an extremely invaluable resource for me and she was extremely kind. I received great mentorship from both her and Dr. Kohy for guidance as we were navigating through the internship and figuring out our paths.
Q: What has been your biggest challenge or obstacle?
The biggest challenge is adapting. Trying to stay ahead and be able to manage the workload, because if you can’t deliver a project on time, it’s a bad look on your time management skills. I just tried to stay ahead and keep adapting to any new information I encountered.
Q: What has been the biggest game-changer for you in this internship?
I’d have to say the confidence I got with learning self-advocacy and getting myself out there as much as I can. I was taught an interesting lesson. “It’s not what you know but who you know”. It gave me an idea as to how important networking and the need to build connections with your colleagues or people who can become future friends. Even just treating everybody with respect is super important cause if you think about things solely on how someone can benefit you, you’re harming yourself. This internship was a humbling experience seeing people who’ve been in cyber for years volunteering their time made me think in more positive terms.
Q: What else should we know from your experience as a CyTalks intern?
It’s a great opportunity for interns to learn as much as they can. You’ve got to experience it to find out how great of an environment it is. It was insightful seeing how much freedom they gave us interns as to which projects we could choose but also in managing and creating these projects. We were just given a deadline and some guidelines, but as to how we implemented it was up to us and our creativity as a group. I was surprised how much research we did at CyTalks, it was almost like we were in a class but it never felt like a classroom environment. The team leads were always very motivational and supportive to us. I think that’s what really made this internship, we were put into teams and I felt accountable to my teammates and didn’t want to disappoint them.
Q: What are your career goals? Where do you see yourself in 5-10 years?
My career goal is to get into Cybersecurity, specifically the defense side of things. In 5 years I want be a Tier 2 or 3 Security Analyst working on incident response or in a SOC. Eventually I want to get into Cyber Engineering or the management side of things which can happen in 7 years. Cloud computing is a big field now so I would like to also incorporate my knowledge of cyber to become a Cloud Security Engineer which I could achieve in 10 years or just go towards Cyber management like CISO.
Q: Bonus question: Do you have a favorite show that depicts Cybersecurity? What do TV and movies get right and wrong about Cybersecurity?
I don’t watch much shows but I can speak to this a bit. I watched a couple episodes of Mr. Robot, and I can say it was somewhat accurate. Most ethical hackers have a strong background in cyber so they’ll be in a cyber engineer jobs cause there’s simply more blue team/defense jobs than red team/hacking jobs. From watching Snowden, I can say that’s pretty realistic too. Especially the part where he’s downloading files onto a USB and then exfiltrating it off the servers. He was a security analyst so he would’ve had access to those specific files/data and also the biggest threats are often insiders or employees/Ex-employees cause of their levels of access and knowledge of the network’s architecture or inner workings. It would be easy for them to break into a system they know like the back of their hand.