Karim Chahal

Why did you choose to specialise in cybersecurity?

My uncle was a systems administrator for a bank and when I was small, he introduced me to the world of computers. I was instantly hooked and then I really discovered the world of cybersecurity when I was at university.

I used to surf the net a lot and that’s how I found out about viruses and cracking and started to take part in mini online challenges – it was then that I realised that I wanted to study IT so I applied for an IT degree with ISTIC.

During my studies, and especially during my IT degree, a friend in my year was really into IT security and I thought, why not do security too? So, in my fourth year, I specialised in Systems & Networks and then in my fifth year my specialised subject was Security and IT Systems – this is the same as the former Master’s which is now called the Master’s in Computer Science, Cybersecurity track.

The highly technical and challenging aspect of cybersecurity interested and fascinated me and that’s still the case today.

What were the highlights of your studies?

There were many key moments during my studies and one of them was the privacy course in the final year of my Master’s. The teacher was great and the case studies and practicals really helped me to understand the importance of privacy in our daily lives, and it’s still a hot topic today.

Another memorable moment was the hardware architecture course in my 3^rd year: it was fascinating and taught us about the incredible changes in computers and new technologies in general.

What were the advantages of your internship?

I did my Master’s 2 internship with TazTag, mobile security solution specialists, in Bruz, south Rennes. My internship was based on R&D and mainly focused on developing an Android terminal app (smartphones and tablets) to create one-time passwords (OTP).

The internship helped me to develop my knowledge of security and, more specifically, multi-factor authentication. I learned about developing apps for Android smartphones and JavaCard app development for smart cards. I also learned how to adapt to a project which was already underway.

What is your current job?

I now work as a Cybersecurity Engineer with Kereval, a software test engineering laboratory, in Thorigné-Fouillard, east Rennes.

I work on a range of areas, from automobile cybersecurity and embedded systems (software and hardware security audits), to air traffic control (I started in this department in Kereval) and more regular tasks such as intrusion audits, mostly web and information system oriented, for various customers.

I work closely with Kereval’s sales team – I write sales proposals and also take part in Kereval’s on-going strategy to improve security.

Was it easy to find employment?

The cybersecurity job market in Rennes is growing rapidly and there are many opportunities out there. I didn’t have any problems finding a job quickly. I decided to stay in Rennes, simply because I’m happy here and life is good in Rennes.

Why are you so enthusiastic about cybersecurity?

What I like about cybersecurity is that it’s very technical and all it takes is a deep interest in the subject. It’s a cross-functional field which can apply to a host of sectors and because the projects and subjects are so diverse, I learn something new every day.

Events such as security conferences (SSTIC) and cybersecurity Capture The Flag (CTF) challenges are a great way to enhance your knowledge in a fun way.

What are your career goals?

In the future, I’d like to take on a management position but still keep a link with the technical side of cybersecurity, for example, a job like Cybersecurity Hub Manager, or managing a small cybersecurity engineer team would suit me.

Do you have any advice for students?

Ask questions and be confident. Your first years in a working environment will be as educational as your years of study!

What is your studies background ?

After obtaining my Scientific A levels, I continued with a Computer Science degree at Université de Rennes 1, where I did a lot of math and programming. I continued with a first year of a master’s degree in System and Network Security, replaced today by the Computer Science, Cybersecurity track master’s degree of CyberSchool (Université de Rennes 1). I specialized in cybersecurity during my second year.

Why did you choose to specialise in cybersecurity ?

Initially, I was not particularly interested in systems and networks, but during my first year of master’s degree, I had several introductory courses in cybersecurity, which made me want to continue in this field.

What is your favorite aspect of your studies ?

I particularly appreciated the great diversity of topics covered in security, whether reverse, intrusion test, cryptography or mathematics. This allowed me to find my way towards missions/jobs that suited me.

Did you have extracurricular projects ?

As a student, I did a lot of “Root Me” and “Hack The Box”, online platforms that allow you to test your cybersecurity skills. These projects were not decisive for doing consulting, but are essential for doing intrusion tests.

Where did you complete your M2 internship ?

In March 2021, I completed my end-of-study internship at Naval Groupe on the Cherbourg site, as a cybersecurity Engineer. I was under the responsibility of the Chief Information Security Officer (CISO). Several missions were entrusted to me: risk analysis on a common information system for collaborative work, several projects monitoring as well as forensics.

Was it easy to find an internship ?

The internship was more complicated to find than the job, insofar as companies expect interns to have a first experience. This is why extracurricular projects can help a lot in the search for an internship.

What is your current job ?

During the summer of 2021, I applied to Amossys, where I was recruited as a junior Consultant. Among the missions entrusted to me, I notably carried out a risk analysis for a client, I wrote an ISS policy and I accompanied an approval file. I was also trained in physical security. What I particularly appreciated in the job of Consultant was the relationship with the client. Conversely, I liked the administrative part of the job less.

I decided to leave Amossys in January 2022 to join Advens, a cybersecurity company with more than 350 employees across France (Lille, Paris, Lyon, Bordeaux, Rennes and Nantes). On the day of the interview, I have two months of seniority as a junior Consultant. I participated in several missions: a risk analysis for an agricultural cooperative, business interviews and workshops with the client, the drafting of framing notes as well as the realization of a risk analysis for a large group. I particularly appreciate Advens because there is little turnover and a lot of experts, which is ideal for learning and training. In addition, we work with clients from a wide variety of business sectors, which is rewarding.

What are your career goals ?

In the next 5 years, I want to improve my skills in order to be independent with customers. Then, in 10 years, I would like to become CISO Assistant, then later become CISO for an end customer.

Do you have any advice for students ?

To be perseverant! There are many reports to submit and a large volume of work in the second year of Master’s degree, you have to hang on!

–

Interview conducted in 2021.