As I finished my second year at the University of Warwick pursuing a degree in Cyber Security, I was eager to return to Bays Consulting where I had previously completed an internship last summer. If you have not read my last blog, you can find it on their website titled ‘An Internship in Cyber Security’. As I returned, I was able to instantly continue my role as a cyber security analyst starting with an initial planning phase to maximise the efficient use of my time at Bays.
During my time at Bays, I was able to use a combination of what I learnt during my first and second year studying Cyber Security, and apply it to the various projects that I was assigned to. Within these projects, I was able to divulge into the business looking for key aspects of development that built upon my previous knowledge of how a business is structured and organised. It was very insightful to see how adaptations made during the COVID-19 pandemic have had a lasting effect upon how companies conduct business in a remote working era highlighting how fast moving the field of cyber security is.
One project that I developed during my time at Bays was forwarding their progress to achieving the iso27001 certification, similar to what I did last year with attaining the cyber essentials certification. Iso27001 is the leading international standard providing requirements for an informational security management system (ISMS), consisting of a framework of policies and controls. Working closely with an external company and the Head of Delivery at Bays, I was tasked with drafting iso27001 compliant documents and ensuring the correct implementation of controls that I stated was in place. These controls ranged from network security and cryptography to the attack surface reduction at Bays.
Being able to apply skills that I learnt from the various modules that I took over the two years I have spent at university aided me in various ways throughout my internship from people management in a cyber space, being able to spot risks and vulnerabilities, essential time management in relation to risk mitigation and more, in which I learnt from specific modules such as the information risk management module that I conducted in my first year, and the human behaviour module that I completed during my second year, enabling me to complete tasks assigned to me with confidence.
One project that I partially enjoyed was testing Bays security awareness and developing a security culture. I did this by conducting a phishing attack and sending each member of the team at Bays a targeted email with the intent of eliciting a response, or for a member to click the link that would pull their IP address and allow me to know who may need further security training. I was impressed that nobody was deceived by the email and that many members had reported it to the incident-reporting support channel instantly.
Having grown in size from when I was last worked at Bays, I was not surprised to be welcomed back into a positive and creative working environment with a supportive and agile team who were all happy to answer the plethora of questions that I had for them regarding information security. I particularly liked how every morning the team meets together for a virtual daily huddle to talk through and discuss what we were working on yesterday and what our goals are for today. This was a quick and easy way for me to discuss my plans to the team as a whole, gain direction on places where I felt stuck, and created solutions for areas of work in which I was blocked. It also allowed me to keep the team informed on changes that I was making and the impact it may have upon them.
I would like to thank Bays for allowing me to return to them for a second internship where I have learnt a lot more about the field of cyber security gaining practical hands-on experience with projects that have a direct correlation to my course. This will allow me to take the skills and knowledge and re-apply it to my final year at university. Hopefully I will be able to return to Bays once I graduate from university.