A Week in Cyber: My Work Experience at CND
- May 2024

---

CND was privileged to be able to host a work experience this month. We very much enjoyed having this student in our offices gaining an understanding of cyber and peaking their interest to gain further knowledge. We treated the work experience like a new employee so that they would have an idea of what to expect in the real world, please read on for their experience:

“I arrived at the CND office, and introduced myself to the SOC team. I was then set up on the IT, although the IT didn’t particularly seem to like me. My first task was to go through the backlog of emails, including looking at a lot of policies and attempting to set up my signature block. I attended a security induction by the CEO as well as discussed my objectives for the week. We discussed CND’s relationship with the Armed Forces Covenant, as well as more in depth in the background between different employees in CND. I was able to chat with a SOC member about his background, active roles and he gave me some advice for the future to do with university and future employments.

I spoke with the Recruitment Manager, where we discussed certifications that are either useful or necessary to get into this industry, as well as personal recommendations for developing my knowledge. My next meeting was with the DPO with regards to GDPR, as well as a couple of the company policies. Next, I spoke with a second member of the SOC team, where we discussed his background and how he got to where he is now. I was tasked with providing a presentation to the SOC on “The Future of AI in Cyber Security” on the Friday and was given time throughout the week to work on this. The second part of my day was meeting with the COO, where we discussed my DISC results and graph, and talked about how I can utilise this knowledge both in the workplace and my social life. I then partook in an informal interview, throughout the COO provided advice on how to approach the questions.

On my third day, I joined a SOC Analyst to give me an intro to SIEM. We went through the tools they use and what sensors and actions the analysts utilise. This was incredibly useful as I have never come across a tool like this before. This continued on and I then went through the investigation side of being in the SOC, as well as introducing me to the SpyNet tool. The Team Lead then took me through an overview of the SOC, as well as what services are offered by CND. We were then able to chat about incident response, going through the general steps taken by companies to respond to Cyber Security incidents. I was fortunate enough to be able to sit in on a 2 hour ‘Isle of Man government training package’ that was delivered by the CND staff I had spent time with, which was a good reinforcement to my foundation knowledge within cyber security.

Thursday was focused on learning about GRC (Governance, Risk and Compliance). To begin with, we went over an introduction to the GRC team within CND, as well as an overview of the cyber security GRC department. We then went through governance within cyber security, such as the role and importance of policies, procedures and standards. The CND member discussed compliance standards, and the complications of privacy on information security/looking into compliance standards. He then ran through risk management, and took me through the template I would need to use later. He then went through the GRC side of the incident response. My next learning session was with the GRC manager, where he took me through a hands on activity. I then completed 3 essays and a risk assessment. The GRC manager went through my essays and risk assessment and provided me with feedback to act on.

I was able to join the company wide group call, where we all had to answer a couple of questions including what tasks I had for the day, and then after that I went straight into a call with the CEO. We talked about how the week went and went through my objectives for the week. I was then able to put the final touches on my presentation, I then presented to the Tier 2 Analysts, and afterwards I received my feedback:

• Condense the information on the slides, less text as it can be difficult for listeners to process
• Allow some time on the slide transitions, especially on the contents page

I was able to job shadow a tier 1 analyst, which was really interesting, as I got to see him work through an investigation and see what tools and steps he took.

To conclude, this week has been amazing, I really enjoyed my time, and it was incredibly useful for developing my knowledge around this area. It has fuelled my interest in cyber and has given me pointers on where to go next in life with certifications and training. My social and soft skills have also been developed well, which is useful for if I decide to go into a different industry.”