10 July 2019

One week in at IRM: Matt and Karl's Story

At IRM we are incredibly proud of our graduate training scheme. We take the best and brightest young talent and turn them into fully qualified penetration testers. Within three months, our graduates will have gone through their CTM, making them into billable consultants who are able to start working and serving our clients. With a bespoke career path, we aim to take these graduates to a CTL level within two years.

This year we are taking on more graduates than ever before. In May, we took on two, and in September we will take a further four, which may increase to six.

Our Recruitment Manager, Ross Brereton, decided to take a more in-depth look at this year’s intake and find out what they get up to in their first year at IRM. Ross will be interviewing the graduates after their first week, first six months and at the end of their first year at IRM.

We introduce you to our first two graduates of 2019, Matthew Robbins and Karl Rygol.

Matt:                                                                                       Karl:







Matthew joined us on the graduate program, from Northrop Grumman. He worked at Northrop as a software developer but he always wanted to become a penetration tester. He graduated from the University of Gloucestershire in 2018 with a degree in Forensic Computing.

Karl graduated from the University of Surrey in 2018. Since then, he has been working as a data centre operator. He has been trying to break into penetration testing for some time and he was introduced to me by Jay Seward, who is one of last year’s IRM graduates.

Tell me about your background and what made you want to get into cyber?

Matt: I started off between 6 and 8 years old, my dad has an old Commodore 64 and later an Amiga. I used to play loads of games and read all of the gaming magazines. In the magazines they used to give you free code so you could build your own game. To do this you had to set the tape to record and then start typing the code in, if you made a mistake you had to rewind the tape! I was 8 when my dad brought home the Amiga. It baffled him and he could not be bothered to figure out the GUI so I did. I read through all the booklets and managed to get it going, and I got a few robot games working to boot. This really started me on my path.

Karl: I have always had an interest in computers and I have always been fascinated by the vulnerabilities that can be exploited in systems. I love to break things so getting to do this for a living is just the best.

How have you found your first week at IRM?

Matt: It’s not been as daunting as I thought. I came from Northrop and it’s a very different environment. At IRM you can just walk past anybody in the office say good morning and have a chat. It’s a far more relaxed environment which has really helped me feel at ease. All the penetration testers are really approachable and are happy to help and answer any questions that I have.

Karl: Everybody has been really friendly, and it has been easy to make friends. The facilities that we have are amazing. It’s really incredible how the environment can be so relaxed yet so professional at the same time.

What have you learnt so far?

Matt: I shadowed some of the guys on Friday and they were using a Raspberry Pi (installed on a customer site) to tunnel through and execute commands. It’s so cool, I’ve never seen anything like it. I have been also helping to test some web-apps, using Burp to test for cookie security.

Karl: I have learnt the generic principles for tackling a problem. I have learnt more about the tools of my trade and getting my setup just the way that I like it.

What challenges have you had to face?

Matt: Getting my laptop built correctly! It’s been fun figuring that one out.

Karl: The learning curve has been steep and the amount of tools that I have at my disposal is incredible but a little daunting.

What do you expect from the coming weeks and months?

Matt: To learn as most as I can about red teaming and penetration testing. To have as much knowledge blasted towards me as possible. I really want to get my hands on advanced social engineering techniques, a large percentage of infoSec issues are human-orientated and this is a really interesting side of the job.

Karl: Hopefully I will pass my CTM and I can start to see problems and face them on my own without needing to rely on my team or the internet. I really want to be using more tools and getting to grips with what is out on the market. I really can’t wait to get out and start working on some jobs.

The next instalment from Karl and Matt will be at their six month milestone. To learn more about the IRM Pen Tester Graduate Scheme, visit our careers page here.