As a part of my Cyber Security Degree Apprenticeship with Thales, I completed a 6-month placement with Gemserv. It was an experience I thoroughly enjoyed and learnt a lot from. I gained experience in areas of cyber security I had not yet come across during my apprenticeship and degree course.
I worked as a part of the cyber team to provide consulting for a variety of clients. At first the work was challenging. It covered areas I had not worked in or studied previously, such as risk assessments, risk treatment plans, threat modelling, information security policy reviews, and maturity assessments. Yet by helping with the client work, and thanks to the support I received throughout the placement from those in the cyber team, I became more confident in these areas. I felt I was able to contribute more without needing as much support from the team. This is particularly true for risk assessments and risk treatment plans. I have gone from knowing nothing about how they are conducted to understanding the tools used, being able to apply the necessary treatment controls to risks and answering questions from clients about the risk treatment document I had worked on.
What appliable cyber security skills did I learn?
Through the work I carried out I gained knowledge of the different legislation, policies and standards that relate to cyber security and information security. These include GDPR, ISO 27001 and 27002, and NIST Cyber Security Framework. I also got to shadow the cyber team when they supported clients in the auditing process for becoming ISO 27001 certified, seeing how the work we carried out is presented to the auditors and the questions the cyber team must answer. The Cyber Threat Intelligence team also demonstrated the threat intelligence platform to me. It was interesting to see the process they go through to pull together and display the threat information.
I am sure I will get to apply the knowledge, skills and experience I gained into future projects and placements. Also, I am sure that I will go into my information security and risk management degree modules with a huge advantage of having industry experience in these areas.
Many of the clients I completed work for during the placement were energy companies. This was a sector I had not been involved with before whilst working in Thales. I learnt about the standards energy companies must conform to, like the SEC and User Security Assessment, and how this affects the way they manage information security and risk. Having to quickly learn about this industry was a challenge but it gave me new knowledge and showed me how cyber security requirements and controls vary in different industries.
Going into this new environment at Gemserv also furthered my soft skills. I gained experience interacting with clients; creating professional and clear documents; and improved my communication skills, specifically with presenting information to the team and clients. I was also encouraged to ask questions which helped me learn and complete my work to a high standard.
Overall, it was a great opportunity that I enjoyed undertaking, and it improved my skills and knowledge as a cyber professional. It was a pleasure getting to know and work with people at Gemserv day-to-day and at events like the cyber business unit day and the company Christmas drinks. The environment at Gemserv is very friendly and social, I quickly felt a part of the team – connecting with colleagues over music and Formula 1, or by socialising after work on the occasions I travelled to the London office.