Gabrielle Viala
Master’s in Computer Science, Cybersecurity track, graduated in 2013
What is your studies background?
After my baccalaureate, I did a DUT in computer science at IUT of Lannion, which allowed me to continue with a Computer degree in Software Engineering at the Université de Rennes 1. I finished my studies in 2013 with the Information Systems Security (ISS) master’s degree replaced today by the Computer Science master’s degree, cybersecurity track of CyberSchool.
Why did you choose this master?
I followed the advice of my older brother who was, at the time, interested in the field. I really liked IT but I was not very attracted to development. When choosing my course choice for the second year of master’s degree, my brother suggested computer security. So I tested Pierre-Alain Fouque’s SSI master’s degree and I really liked it!
What is your favorite aspect of your studies?
In retrospect, all subjects were interesting. I think I could have capitalized more on the courses I was given during my training, such as cryptography; it’s a subject that can be scary, I went backwards in college and now I regret a lot. I am also thinking of courses like operating system or EVL ; I work today with notions that I could have deepened much more at the University if I had taken these subjects seriously.
We must not forget that at the Université de Rennes 1, we are fortunate to have Teachers-Researchers who are internationally recognized in the field of security, we must make the most of it.
Where did you complete your internship?
I did my internship in technical audit at Orange Cyberdefense, in Rennes. I found my internship quickly and without hassle, which allowed me to put my first foot in offensive safety, exactly what I wanted to work on later.
What did you do when you graduated?
I was hired after my internship at Orange Cyberdefense. I worked there for 3 years as a Pentester. Then I chose to branch off into reverse engineering to do lower-level research. I joined Quarkslab and have been there for 6 years now. I do audit missions and I manage, in partnership with a colleague, a team of 8 people specialized in reverse and vulnerability research on OS such as Windows.
Was it easy yo find employment?
In security, it is very easy to find work, but in my field, it is more difficult without having a first experience. The first step is the most difficult. You have to manage to stand out from all the students leaving school at the same time and prove that you are good.
Why did you settle in Paris?
At the time, it was much easier to find work in Paris. 6 years ago, Quarkslab did not have offices in Rennes, whereas this is the case today.
A large security center is developing in Brittany, so it’s much easier to find work there now. That said, Paris continues to offer many opportunities.
What are the hard skills for pratice in the cyber sector?
Skills are varied and greatly depend on the position held. You need a fairly high general knowledge of computers in all cases. In my job, the key areas are, for example, understanding the internal workings of a computer, operating systems, programming languages, or even simply algorithms and cryptography.
What are the soft skills for practice in the cyber sector?
Be curious, autonomous and all-rounder. Don’t be afraid to test. To progress, you have to know how to work on your own by reading articles, testing your skills with challenges, participating in conferences and having personal projects, especially when you are a beginner.
English is important too. You have to have a good understanding of English otherwise you cut yourself off from most of what is done in the field.
There are few women in cybersecurity. What can we do to attract more women?
We are not many indeed, 10% in general. The lack of safe women is in fact only a reflection of a more fundamental problem. Young girls must be made aware from middle school/high school to encourage them to study computer science or even engineering science in a more general way. There are more and more very interesting initiatives to achieve this. For example, I am part of the Blackhoodie group aimed at attracting women in reverse engineering. But the problem will remain as long as we still have certain stereotypes that are firmly rooted in our society, unfortunately.
You work as a Teacher at Université de Rennes 1 and in particular at CyberSchool, what is your motivation?
The company I work for, Quarsklab, appreciates contributing to education and encourages its employees to do so. I myself take a lot of pleasure in teaching in my former faculty in Rennes, even if it means going back and forth between Paris and Rennes.
Do you have any advice for students?
During interviews, compagnies are very sensitive to the personal projects of the candidates. The list is not exhaustive but it is always a good point for example to contribute to open source projects, design tools, scripts, write write-ups, etc. Even if it is only a question of participating in a larger project with a few bugfixes, you must have done something else outside the school framework to show your interest and motivation. In addition, it is a good way to illustrate one’s skills and investment in specific themes.
What is your studies background ?
After obtaining my Scientific A levels, I continued with a Computer Science degree at Université de Rennes 1, where I did a lot of math and programming. I continued with a first year of a master’s degree in System and Network Security, replaced today by the Computer Science, Cybersecurity track master’s degree of CyberSchool (Université de Rennes 1). I specialized in cybersecurity during my second year.
Why did you choose to specialise in cybersecurity ?
Initially, I was not particularly interested in systems and networks, but during my first year of master’s degree, I had several introductory courses in cybersecurity, which made me want to continue in this field.
What is your favorite aspect of your studies ?
I particularly appreciated the great diversity of topics covered in security, whether reverse, intrusion test, cryptography or mathematics. This allowed me to find my way towards missions/jobs that suited me.
Did you have extracurricular projects ?
As a student, I did a lot of “Root Me” and “Hack The Box”, online platforms that allow you to test your cybersecurity skills. These projects were not decisive for doing consulting, but are essential for doing intrusion tests.
Where did you complete your M2 internship ?
In March 2021, I completed my end-of-study internship at Naval Groupe on the Cherbourg site, as a cybersecurity Engineer. I was under the responsibility of the Chief Information Security Officer (CISO). Several missions were entrusted to me: risk analysis on a common information system for collaborative work, several projects monitoring as well as forensics.
Was it easy to find an internship ?
The internship was more complicated to find than the job, insofar as companies expect interns to have a first experience. This is why extracurricular projects can help a lot in the search for an internship.
What is your current job ?
During the summer of 2021, I applied to Amossys, where I was recruited as a junior Consultant. Among the missions entrusted to me, I notably carried out a risk analysis for a client, I wrote an ISS policy and I accompanied an approval file. I was also trained in physical security. What I particularly appreciated in the job of Consultant was the relationship with the client. Conversely, I liked the administrative part of the job less.
I decided to leave Amossys in January 2022 to join Advens, a cybersecurity company with more than 350 employees across France (Lille, Paris, Lyon, Bordeaux, Rennes and Nantes). On the day of the interview, I have two months of seniority as a junior Consultant. I participated in several missions: a risk analysis for an agricultural cooperative, business interviews and workshops with the client, the drafting of framing notes as well as the realization of a risk analysis for a large group. I particularly appreciate Advens because there is little turnover and a lot of experts, which is ideal for learning and training. In addition, we work with clients from a wide variety of business sectors, which is rewarding.
What are your career goals ?
In the next 5 years, I want to improve my skills in order to be independent with customers. Then, in 10 years, I would like to become CISO Assistant, then later become CISO for an end customer.
Do you have any advice for students ?
To be perseverant! There are many reports to submit and a large volume of work in the second year of Master’s degree, you have to hang on!
–
Interview conducted in 2022.