Internships are one of our most effective paths into cybersecurity careers, giving employers a low-risk way to “trial” a new hire. A successful internship often leads to a permanent job later, or even an immediate transition from intern to employee.
The financial and logistical impact of COVID meant far fewer internships this summer, and some companies even withdrew confirmed places. I realised this back in April after speaking with colleagues across the industry: right across Ireland, internships were being scrapped or put on hold.
Having led security teams for many years, I know the value of internships and was concerned at the impact. A whole cohort of graduates and career changers would be disadvantaged, not just in the short term but for years to come, since their CVs would be weaker, networks smaller, and skills less sharp.
I felt something could be done to address this, and that the Irish security community would respond. The “Lost Summer” project was the result: a 4-week structured bootcamp for those missing out on internships in 2020. I am happy to share here how we did this, and some of the lessons learned.
The Response: A Community-Driven Bootcamp
Our goal was simple: to reduce harm and try to instead give a boost towards a successful security career. To do that we created a “bootcamp” to build skills, boost confidence, and demystify security careers. The project was delivered entirely by volunteers from the Irish security community, who gave up their time to plan the programme, deliver talks, lead practical projects, and mentor participants.
COVID did not just prompt this, it also made it possible. Without interns to mentor within their companies this summer, experienced professionals had time to spare. Our planning had to be virtual, which made it easier to participate (and avoided being Dublin-centric!). Most importantly, the programme had to beentirely virtual, which avoided hassle with space, insurance, catering, etc.
On the other hand, a clock was ticking: Ireland’s travel restrictions were due to ease in August and we expected everyone’s availability would reduce from then. The result was a productive scramble, where planning only began in late May and the programme started in July! In that time, we defined a curriculum, built talks, prepared career advice, and recruited participants.
The Programme: The Basics of Security in 5 Tracks
Our group had hundreds of years’ experience and could cover virtually any topic. To put a shape on the programme, five volunteers came up with a brilliantly simple structure, breaking the most important elements of security into 4 key streams. We then added a fifth stream, covering security careers, to get this structure:
This structure was our lodestone for planning, making it easy to see gaps or where we risked overdoing a topic. It was also a reference for our participants, giving a sense of different paths into and through security. For instance, we hope it helped show that they don’t need to be equally strong in every area, and that there are great opportunities without going far down a technical path.
Applicants & Selected Participants
Over 100 people applied to the programme, which incidentally gave a fascinating look at Ireland’s early-career pipeline. Many of us organising it expected to hear mainly from specialist security courses, and particularly students close to finishing. Instead we saw a wide range: general technical courses, non-tech programmes, non-university / non-IoT students, mature students, and career changers.
Looking at those who applied, the largest group by far had already graduated or were otherwise actively seeking their first role. Many were applying for internships because they could not find a full-time role. Others had been searching for some time and were turning to us to build their network and round out their skills.
As a glimpse at geographic and institutional spread, our largest groups came from UCD, TU Dublin, National College of Ireland, and Queens. We had under 5 applicants from each of the remaining universities and institutes of technology, which is surprising for institutes with specialist security courses. The applications also highlighted several security courses which were new to me, including at Griffith College in Limerick, and Dublin Business School.
In a challenging selection process, several volunteers whittled the applicant pool down to 30 participants who we accepted onto the bootcamp. Just over half of those came from TU Dublin or UCD. The remainder either were studying or had graduated from Griffith College, IT Carlow, NCI, NUIG, Trinity, UCC, WIT, Queens, and several FETAC colleges.
Highlights & Reflections
Lost Summer was a great success, thanks to the dozens of folks who made it happen. In just a few months we delivered a really significant programme which gave a tremendous boost to the participants. In all, it included:
- 44 insightful educational sessions
- 35 fantastic speakers
- 6 great practical projects (details)
- 20+ tailored 1:1 career sessions
A clear highlight was the community collaboration to deliver all of this, with no formal organisation, and effectively no resources. Dozens of security professionals from around Ireland recognised a problem and came together to solve it, delivering a solution in just a few months.
Reflecting on what we learned, Ireland has a sizeable number of graduates and career changers seeking to enter security. However, there are significant barriers to entry, in particular there are very few truly entry-level roles and (even in a normal year) too few internships. The early career hiring experience is also extremely poor and demoralising, and from an employer perspective the quality of educational outcomes varies widely.
These challenges need to be addressed (and in my view we can improve almost every aspect of talent management), however they are balanced by a clear desire in our community to give back and develop the next generation of professionals. In fact, many have already asked about repeating Lost Summer, and that appetite for more must be seen as positive for the future.
Lost Summer would not have been possible without our fantastic volunteers, who are listed on the website. I am also indebted for their support to Cyber Ireland, ISACA, and to Michael Murphy at Enterprise Ireland.