Tech can feel overwhelming, especially when you feel like you don’t belong. I’ve been there. As a cybersecurity student, I’ve learned to look past the initial assumptions. It’s not just about hacking; it’s about protecting people and sticking with it when things get tough (and trust me, things get tough). So if you’re starting your journey now, here’s the lowdown on what I’ve figured out so far.
If you’re here, there’s a reason for it.
Every opportunity I have had comes with that little whisper in the back of my head that says “this was just luck.” Even when I know, deep down, that I have put in the effort, taken the initiative, asked questions, and stayed up late trying to figure things out.
Imposter syndrome, I’ve realised, often stems from a quiet disbelief in your own ability, even when you’ve clearly earned your place. It’s something that does not always go away with time or achievement. Sometimes, in fact, the more you grow, the louder the voice gets, like you are just getting better at pretending. It took me a while to realise that this feeling is incredibly common, especially in the world of tech. In a space that moves fast and celebrates brilliance, it’s all too easy to forget that you deserve to be here too.
Imposter syndrome, while uncomfortable, can fuel meaningful growth. If you are questioning yourself, it probably means you care. It means you want to do a good job. You are open to learning, you seek feedback, you are trying and that is more powerful than you think.
I have had to remind myself that I deserve to be here and that I have worked hard. That no one starts off knowing everything and that everyone is learning, all the time. People have different strengths and ways of thinking, and you do not need to be good at everything to be considered valuable.
So when that voice of doubt creeps in, it’s easier said than done but I try not to shut it out. I listen, then I answer it. Yes, this is new. Yes, it is hard. But I am here, and I will figure it out.
So if you are feeling like you do not belong, please know this, you are not alone. The fact that you care, that you are reflecting, that you are showing up anyway, already says so much about who you are becoming. Keep going. The industry needs people like you.
Cybersec does not have to be you and your code against the world.
While cybersecurity can be an enjoyable technical puzzle, what draws me in is the human impact—knowing that the work we do protects real people from real harm. I care deeply about the stories of individuals and organisations who fall victim to phishing, identity theft, ransomware, and social engineering. This desire to help others is what led me into this field, alongside a love for technology and the challenge of keeping the shell unbroken in an increasingly fragile digital world.
I do enjoy the technical side, and I have learnt so much from hands-on labs, tools and capture the flag challenges.
But the part I think more students should hear about is governance, risk and compliance (GRC). It’s not as flashy, and often doesn’t get much airtime at university. Most discussions centre around penetration testing or security operations centre roles. But GRC is the backbone of a strong security program.
It is what connects people, processes, and policies to reduce risk and build long term resilience. It is also an area where empathy, leadership, and proactive planning are just as important as technical skills. Too often, the less technical roles are undervalued, yet they’re the glue that holds the entire system together. Where would we be without risk assessments, policy frameworks, compliance audits or proper incident response planning?
GRC roles ask us to zoom out and look at the bigger picture. Instead of just reacting to incidents, you’re implementing safeguards that stop them from happening in the first place. You translate complex technical risks into language that stakeholders can understand and act on. You’re asking the hard questions, what could go wrong? Who does this affect? How do we recover? Then building the structures to answer them. I would consider it strategic and people focused work that underpins every security control, every alert and every investigation. And while it may not always make headlines, it is often the reason a company stays out of them.
Trying to land a graduate program in the tech world? Welcome to the ultimate endurance test.
The first thing a lot of people don’t realise is that applications come out almost a full year beforehand, so you need to apply early. For example I graduate at the end of 2025 (touch wood), but I began applying in March 2025 for a job in February 2026.
If you miss that window, you might have to wait an entire year (2027!) for the next round of grad roles and for many, that’s just not an option.
So, where do you start? First, hit up GradConnection. It’s a goldmine for finding open programs. Most applications follow a similar pattern: you’ll start by submitting a resume (keep it plain and professional). If you’re shortlisted, you’ll get invited to complete a psychometric assessment, often within 48 hours—no exceptions. These tend to land right when you’ve got a major assignment due or a late shift at work. No pressure, right? The tests can take over an hour, covering maths, logic, verbal reasoning, and emotional intelligence. Ignore the “there’s no right or wrong answer” messaging, trust me, there is. I recommend practicing on sites like the Psychometric Institute so you’re not blindsided by the style of questions.
Next comes the assessment centre: a 2–4 hour marathon where the company observes how you interact, problem-solve, and present. From the moment you walk in, you’re being assessed. Are you too quiet? Too dominant? Do you include others? Do you have solid ideas?
Then comes the one-on-one interview, where you’ll need to show that you’ve actually researched the company. Practice common questions like “What’s your biggest weakness?” or “Describe a time you handled conflict.” Use the STAR method as that’s what they expect, and yes, it takes practice (at least it did for me).
Here’s a tip: keep an Excel spreadsheet (I loveeeee a good spreadsheet) of every place you’ve applied, which team, and what stage you’re at. If someone calls you two months later asking, “Why did you apply to our cloud infrastructure team?” you’ll want to at least sound like you remember.
And finally don’t get discouraged. I didn’t land a summer internship, and that felt rough (like really rough). But I kept applying, kept practicing, and now I have multiple graduate offers. The process is tough, but it’s survivable and honestly worth it when you crack your first offer.
And if you’re still waiting, still applying, still unsure, that’s okay. This process doesn’t define your value, and it definitely doesn’t mean you’re not good enough. The grad process might make you doubt yourself. But it doesn’t mean you don’t belong.
I hope more students see that cybersecurity has so many different avenues, all of them critical to achieving the same goal: protecting people and driving positive change. And yes, sometimes, it is also about knowing when it is time to wear the hoodie. But choosing a path you care about doesn’t mean the journey is always smooth. I’ve learnt that the hard way, too.
-