#NSBCS.089 - From Student to Intern: Starting my Journey in Cyber Security

Written By Shane Bell

Source: NSB Cyber

 

From Student to Intern: Starting my Journey in Cyber Security

This semester, I began my internship with NSB Cyber while completing my Master of Cyber Security Analysis at Macquarie University. It has been an exciting step forward, bridging the gap between academic study and hands-on industry experience.

Like many students, I did not come from a purely technical background. My first degree was in psychology, and at first it was not obvious how that would connect to cyber. But the more I learned about phishing, social engineering, and the psychology of deception, the more I realised that cyber security is not only technical, it is multidisciplinary. The field thrives on diverse skills and perspectives.

Before stepping into this role, I dedicated time to building a foundation in the field. I studied for certifications to strengthen my knowledge of security fundamentals, worked through online simulations to apply concepts in practice, and created small projects to test tools and workflows. These steps gave me the confidence to connect theory with practice and helped me to develop the skills that employers look for.

At NSB Cyber, I have been able to put this preparation into practice. Some of the projects I have worked on so far include:

  • Mapping threat actor infrastructure through open-source intelligence

  • Tracking phishing and social engineering campaigns to understand how attackers exploit human behaviour

  • Applying frameworks such as the Diamond Model and Cyber Kill Chain to real-world cases

This internship has shown me that cyber security is more than protecting systems. It is about safeguarding people, organisations, and even national infrastructure from threats that evolve daily. For students and early-career professionals, it is proof that there is a place in cyber for a wide range of backgrounds and skills.

My journey into cyber security is only beginning, but already I can see how curiosity, persistence, and continuous learning shape this career. If you are a student wondering where your path might lead, do not overlook cyber security. You might find, as I did, that it is both an unexpected fit and a meaningful one.

What we read this week

  • ESET Discovers First AI-Powered Ransomware Variant PromptLock - Cybersecurity researchers at ESET have uncovered PromptLock, the first known AI-powered ransomware written in Golang, which utilises the gpt-oss:20b model from OpenAI via the Ollama API to generate malicious Lua scripts in real-time. Discovered in August 2025, this variant leverages prompt injection attacks on large language models to enumerate filesystems, inspect targets, exfiltrate data, and encrypt systems across Windows, Linux, and macOS platforms. The ransomware also crafts custom ransom notes based on affected files and machine types, marking a significant evolution in malware sophistication. Organisations are advised to implement robust AI governance, monitor for anomalous script generation, and deploy endpoint detection tools to counter such innovative threats.

  • Arch Linux Project Hit by DDoS Attack Disrupting Services - The Arch Linux Project suffered a distributed denial-of-service (DDoS) attack on August 25, 2025, which disrupted its website, package repositories, and forums, preventing users from downloading updates and accessing community resources. The attack, attributed to unknown actors, overwhelmed servers with traffic, highlighting vulnerabilities in open-source infrastructure. While no data breach was reported, the incident underscores the risks to essential developer tools. Project maintainers recommend enhanced DDoS mitigation services, traffic filtering, and community vigilance to prevent future outages in similar ecosystems.

  • Salesforce Instances Targeted in Opportunistic Data Export Campaign - Threat actors, tracked as UNC6395 by Google Threat Intelligence and Mandiant, have been exploiting compromised OAuth tokens from the Salesloft Drift third-party application to export large volumes of data from corporate Salesforce instances since August 8, 2025. This opportunistic campaign, active through at least August 18, 2025, aims to harvest credentials like AWS access keys and passwords for further compromises. No ransomware deployment has been observed, but the breaches pose risks of credential stuffing attacks. Administrators should review OAuth integrations, revoke suspicious tokens, and enforce multi-factor authentication to secure CRM environments.

  • Chinese APT Groups Face International Advisory from Cyber Coalition - An international cyber coalition has released an advisory on August 28, 2025, highlighting threats from Chinese advanced persistent threat (APT) groups, with Salt Typhoon topping the list for targeting telecommunications and critical infrastructure. The advisory details tactics like zero-day exploits and supply chain compromises, urging enhanced monitoring and information sharing. This follows heightened geopolitical tensions, and organisations are encouraged to prioritise patch management, network segmentation, and threat intelligence collaboration to defend against state-sponsored espionage.

  • ShadowCaptcha Campaign Exploits Compromised WordPress Sites for Malware Delivery - A large-scale cybercrime operation codenamed ShadowCaptcha, detected in August 2025 by the Israel National Digital Agency, is exploiting over 100 compromised WordPress sites to redirect visitors to fake CAPTCHA pages using the ClickFix social engineering tactic. This leads to the deployment of information stealers, ransomware, and cryptocurrency miners, affecting users globally. The campaign demonstrates the persistence of web-based threats, and website owners should scan for vulnerabilities, implement web application firewalls, and educate users on avoiding suspicious prompts to mitigate infection risks.

References
Shane Bell
Next

#NSBCS.088 - Your Backups Are Under Attack Why Traditional Backup Isn't Enough Anymore