Every Monday, Daniel Tan attends a morning meeting, plans his week’s schedule, and works on his projects, before wrapping up his day after a scrum meeting with his supervisor.

But unlike any other internship, Daniel, a third-year NTU computer science student, plays the role of a “hacker” during his eight-month stint with local cyber security company Ensign InfoSecurity.

He is part of a group called the “red team” that runs “penetration tests” to find bugs and vulnerabilities in clients’ websites and networks that can be exploited by hackers.

“Before the internship, I’d never conducted testing on an actual website,” says Daniel, who only had experience finding bugs in test websites such as those in hacking competitions and computer science classes in NTU and polytechnic. “But now, I’ve gone through the complete testing process. It’s an eye-opening experience.”

There is also an urgency in the tests as he needs to find security gaps before cyber criminals exploit them. A similar gravity pervades the work of other NTU students in cyber security stints.

In website testing, Daniel puts himself in the shoes of a hacker to figure out how a cyber crook would exploit clients’ websites. He then suggests steps clients can take to fix the issues.

Ms Serene Yeo, Vice President of Human Resources at Ensign InfoSecurity, says that the NTU interns with the company “bring fresh perspectives and ideas” and contribute to “meaningful and impactful work”. 

​Don Lim defended systems for power generation that cannot be shut down to deal with cyber attacks.

Monitoring cyber threats has its challenges. NTU student Lee Zhiyong, who is on an eight-month internship with local information technology services company NCS, helps to look out for threats its customers may face.

When a security issue is flagged by NCS’s systems, Zhiyong must quickly assess if it is a genuine threat so that incident response colleagues can swiftly step in to contain the problem if needed.

Keeping up with the fast-paced nature of his work was initially difficult for him. But he got up to speed after reading up on his own and learning from his colleagues.

Potential threats he has encountered include suspicious users going through foreign IP addresses – instead of Singapore ones – to access the systems of local customers. It is then a race against time for Zhiyong to establish the facts of these flagged cases promptly.

​

CAREER BOOST

Zhiyong chose the threat monitoring internship because he sees it as a stepping stone to becoming an incident responder in future and possibly working in digital forensics, which seeks to understand how a cyber attack happened.

“I’ve always wanted to be a detective and being in cyber security allows me to be like a sleuth solving puzzle-like challenges,” he explains. 

Reading about big corporations getting hacked in the news spurred him to learn how to keep digital spaces safe as well.

Zhiyong says his NCS stint gave him a better idea of the professional certifications he needs to boost his career prospects, adding: “The internship reaffirmed that cyber security is the right path for me.” 

Besides technical skills, Zhiyong also picked up communication skills, such as learning how to communicate clearly and quickly about time-sensitive issues.

Don’s time at YTL made him even more interested in cyber security than before. He first encountered the topic when a Minecraft video game server he hosted for friends was hit by a suspected cyber attack.

“I thought cyber defence was about protecting one computer system in an organisation and keeping hackers away,” says Don. “But I realised there are actually many linked systems that need defending, which I found very interesting.”

“Even though I was just an intern, YTL was open to hearing my suggestions on how the company’s systems could be protected,” he adds. “My supervisor also gave me the opportunity to join meetings with vendors and attend an industry seminar, which exposed me to even more real word cyber security scenarios and applications.”

HACKS TO GET INTO CYBER SECURITY

Many hiring companies consider students with computer science degrees, like NTU’s, regardless of whether they specialised in cyber security. 

But employees need to eventually apply for professional cyber security certifications to perform better.

However, Zhiyong points out that many enter the profession midway from unrelated fields, like accounting and chemistry, after obtaining certifications.

“They attended online courses, some of which lead to professional certifications. Many institutions offer such part-time and short courses,” he says of this alternative route into the hot sector. For instance, NTU’s Centre for Professional & Continuing Education offers short courses on network security and ethical hacking.

“You may start at an entry level, but with more experience, anyone can succeed in the industry. It boils down to this: You must be hungry to learn,” Zhiyong adds.

Daniel says that students do not need to be overly anxious and think they must rush to get the certifications at the start. Instead, they can take a divide and conquer approach.

“Small steps are very important,” he says, adding that students can develop foundational cyber security skills through platforms like hacking competitions in NTU, as well as online learning programmes. “Progressively build up your skills and knowledge. The certifications will come in time.”

Some employers support their employees in getting certified. For NCS, its talent programme for university graduates has a cyber track that sponsors professional certifications.

In Daniel’s case, even though he is an intern, Ensign assisted by covering the examination fee for one of his certifications in web application penetration testing.

“My managers were very supportive and encouraged me and the other interns to pursue the certification. They gave us time to practise and take the exam,” adds Daniel, who took on the Ensign internship after speaking with the company’s staff at a career fair organised by NTU’s Career & Attachment Office.