A few months ago, I was asked by a teacher at a local school to come in and talk to year 10 and year 11 students (aged 14-16 or so) about my job, what I do, my background, how I got into my job and to give any further thoughts and advice. Today I got the chance to go in and talk to them.
I very much enjoyed myself, and hopefully it was interesting for the pupils as well. I went over my past – from being “a bit of a geek at school” through to some of the stuff I need to know to do my job now – and also talked about different types of work within IT security. I was at pains to point out that you don’t need to be a great mathematician or even a great coder to get a career in IT security, and talked a lot about the importance of systems – which absolutely includes people.
What went down best – as is the case with pretty much any crowd – was stories. “War stories”, as they’re sometimes called, about what situations you’ve come across, how you dealt with them, how other people reacted, and the lessons you’ve learned from them, give an immediacy and relevance that just can’t be beaten. I was careful not to make them very technical – and one about a member of staff who had lost weight while on holiday and got stuck in a two-door man-trap (which included a weight sensor) went down particularly well.
The other thing that was useful – and which isn’t always going to work in a C-level meeting, for instance – was some exercises. Codes and ciphers are always interesting, so I started with a ROT13, then a Caesar cipher, then a simple key, then a basic alphabet substitution. We talked about letter frequency, repeated words, context and letter groupings, and the older group solved all of the puzzles, which was excellent.
There was time for some questions, too, which included:
- “how much do you get paid?” Somewhat cheeky, this one, but I answered by giving them a salary range for a job which someone had contacted me about, but which I’d not followed up on – and gave no indications of the reasons for rejecting it
- “do you need an IT or computing degree?” No, though it can be helpful.
- “do you need a degree at all?” No, and though it can be difficult to get on without one, there are some very good apprentice schemes out there.
I went into the school to try to help others learn, but it was a very useful experience for me, too. Although all of the pupils there are taking a computing class by choice, not all of them were obviously engaged. But that didn’t mean that they weren’t paying attention: one of the pupils with the least “interested” body language was the fastest at answering some of the questions. Some of the pupils there had similar levels of understanding around IT security to some C-levels who aren’t in IT. Thinking about pace, about involving members of the audience who weren’t necessarily paying attention – all of these were really useful things for me to reflect on.
So – if you get the chance – consider contacting a local school or college and seeing if they’d like someone to talk to them about what you do. Making it interesting, be ready to move on where topics aren’t getting the engagement you’d hope, and be ready for some questions. I can pretty much guarantee that you’ll learn something.
1 – one of my daughters, who attends the school, gave me very strict instructions about not talking to her, her friends or anyone she knew.
2 – (which I have every intention of ignoring, but sadly, I didn’t see her or any of her friends that I recognised. Maybe next time.)
3 – though possibly not with the senior manager who had to come out on a Sunday to rescue him and reset the system.
4 – and you’re willing to engage a tough audience.