A week in the life of a graduate security engineer
Giuliana De Bellis is a graduate security engineer at Atlassian, specialising in penetration testing (ethical hacking)! Read on to see what she gets up to in a typical week!
Giuliana De Bellis is a graduate security engineer at Atlassian, specialising in penetration testing (ethical hacking)! Read on to see what she gets up to in a typical week!
Monday mornings often involve me setting up my to-do list for the week and updating my team on my plans for the week ahead. For me, Mondays are the days I have the most work meetings. I have a one-on-one with my manager, a whole team meeting, and sometimes a check-in with my team’s technical lead. I spend this time discussing my current tasks, any blockers I might be facing, personal growth objectives and give feedback on process and team improvements.
I might also be spending this day getting set-up for a new penetration test (or pen test), which is a pre-approved, simulated cyberattack on an internal Atlassian system to evaluate it’s security - a.k.a, ethical hacking. This might involve a meeting with the software engineers and owners of the system to organise access permissions, discuss the architecture and design of the system, and any security concerns they might have with it.
In the evenings I will usually spend time planning and administering content for COMP1531 (since I work for UNSW as a course admin during my spare time), or tutoring a class.
After scoping out a penetration test, the next step is usually to gather as much information as you can that will help you with the test - for example, finding the location of code, setting up a development environment, prioritising the areas of the system I am going to test, and setting up the tools I am going to use to do so.
Since days like this require a lot of focus and writing documentation and to-do lists, I like to break this up with a home workout, either around lunch time or after work. I like strength training! So I have a squat rack and barbell set up at home, and write my own workout programs with some of my friends that we follow every week.
Wednesdays are usually a day I can focus more deeply on the technical-side of my job. I might spend the day running scanners to look for vulnerabilities in a system, manually testing an application for certain necessary security restrictions, and following suspicious leads I may have uncovered in the set-up phase. Essentially, here I am trying to hack into a system to prove it is vulnerable. This activity is quite time consuming and takes a large degree of focus, so I will usually break it up with doing some other hobbies I like.
I might bake something (like muffins or cookies), do another workout to offset the consumption of said cookies and enjoy them while watching YouTube, or a TV show.
While pen testing can be a time-consuming, tiring activity, I find it’s one of the only work-related activities that makes me lose track of time in enjoyment from the consistent small doses of adrenaline that it feeds from finding new vulnerabilities!Â
Thursdays are often when I will go into the Atlassian office. We have company-provided breakfasts, lunches and snacks which definitely make my day a little easier, social and more enjoyable. Right now I don’t live too close to the office, but if I did I’d go in more frequently for this reason! We have a games room, massage chair/nap room, soccer table, bar, tea counter, and best of all - a whole bunch of friendly Atlassians around to talk to!
On this day I will usually try to catch up with people in person, like my grad buddy (mentor), grad friends, colleagues from the security department, or other friends who like to visit my office (we’re allowed guests, and those guests also get our free food!).
Atlassian also has a monthly social event on Thursdays from 4-8pm, so I might be going to that or some other event/catch-up with friends. Since Thursdays can be more social work, I might get a bit less work done on this day - but that’s all a part of the balance which is full-time work life.
On Fridays I will usually be wrapping up the work from the week. For pen tests, this may involve writing a handover document with any findings from the test for the software developers to read, understand the issue, and know the correct remediation steps to fix vulnerabilities. I might also have a meeting to discuss this with the team - it is super important to communicate during and at the conclusion of a pen test to ensure your work is both valued and understood, so it can make an impact on the system you devoted time to.
Friday afternoons the security team often has a virtual ‘Security Labs’ workshop I take part in, where colleagues will demo something cool they learnt in the week and the participants can follow along, recreating vulnerabilities and learning about new hacks!
Friday nights I will usually plan my weekend, and I might continue the learning by studying for a security certificate to upskill in pen testing - since I am fairly new to the field. At the moment, I’m studying for my Offensive Web Security Assessment (OWSA) certificate.Â
Saturdays and Sundays often interchange for me, they’re filled by things like events with family and friends e.g. birthday celebrations, shopping for groceries or other things, going out for a lunch or dinner at a new food place I really like/always wanted to try.
I also like to make time for a long walk, hike, or workout at least once over the weekend. Hikes are my favourite out of the list, since they’re perfect for long sunny weekends, I can explore new places, and reward myself with a big feed once it’s all over!
I’d also like to mention that my weeks are rarely as perfect as this. I have days where I experience burn-out, I do pen tests and find no vulnerabilities/struggle with understanding concepts. There’s times where I forget things and struggle to meet deadlines. Sometimes I procrastinate and feel demotivated or uninspired by my day. But I don’t let this stop me from moving on, recharging, and facing the next day with the energy I can muster and devote.Â
I try to remind myself to be grateful for what I have, for how hard I’ve worked, and to treat myself with kindness (I hope you can, too).
For more information about studying computer science at UNSW Sydney, see the School of Computer Science and Engineering.