In this mentorship story of 2025, Sumandeep Kaur shares her experience as a Web Developer and Cybersecurity Intern under the guidance of her CyAN mentor, Shantanu Bhattacharya. Empowering Early-Career Web Developer & Cybersecurity Professionals: My Journey with the CyAN Mentorship Program By Sumandeep Kaur Acknowledging …
In this first mentorship story of 2025, Kuljit Kaur (Australia) shares her experience under the guidance of her CyAN mentor, Shakil Khan (UAE). My Mentoring Experience with CyAN Mentorship Program and Mr. Shakil Khan By Kuljit Kaur Starting a career journey in cybersecurity can be …
What an incredible evening at the CyAN APAC event: Mentorship and Allies – Building a Support Network for Women in Cyber!
Last night was a celebration of mentorship, allyship, and the power of community in shaping the future of cybersecurity and trust & safety.
We were honoured to have Natasha Basukoski, Manager of the National Cyber Security Practice at MinterEllison Consulting, deliver an inspiring keynote speech that reminded us all how vital it is to lift one another up and connect with community. Her words, “Having a really strong network around you of not just people you work with, but other mentors in the space I think is really important. And that’s why I love event like events like this. I didn’t have this when I started… and I wish I did!” resonated with everyone in the room.
Our panel discussion, expertly moderated by Kate Carruthers, brought together a phenomenal group of women:
Tulin Sevgin – Director, MinterEllison Consulting
Dr. Saba Bagheri – Senior Consultant – Cybersecurity, Australian Government
Farhana Dawood – GRC Consultant, Orro Group
Together, they shared their journeys, the challenges they’ve overcome, and the transformative role mentorship has played in their careers. From personal anecdotes to actionable advice, the conversation was deeply inspiring and thought-provoking.
A heartfelt thank you to Peoplebank (and especially Matt Partington) for hosting us and supporting this important event – their generosity and commitment to fostering cybersecurity talent in the APAC region are truly appreciated.
Last night underscored what CyAN is all about:
To those who couldn’t join us, we missed you! But don’t worry—this is just the beginning. Keep an eye out for upcoming CyAN events in 2025. Whether you’re a student, early-career professional, or industry veteran, we’d love for you to be part of our journey to create a safer, more inclusive digital world.
And if you’re curious about CyAN or our mentorship opportunities, feel free to connect or visit our website. Let’s keep the momentum going!
Nils Eiling is a recent master’s graduate in computer science of FAU Erlangen-Nürnberg (Germany), where he is currently engaged as a research assistant contributing to a project on securing Trusted Execution Environments in RISC-V processors. Nils also is a member of the recently completed CyAN mentorship programme pilot. We welcome him to the CyAN community as a full member.
All participants were asked to contribute content to CyAN as part of the programme wrapup, whether a blog post, a podcast, or similar. Below is his summary of Nils’ experiences in the CyAN mentorship process.
At the beginning of the mentoring, I shared with Boris my goals and expectations for the mentoring program. As a suggestion for possible discussion topics, Boris recommended the book “Security Engineering” by Ross Anderson, which is considered one of the iconic works in the field of cyber security.
My expectations were related to two areas: First, I wanted to gain insight into the cyber security industry in order to weigh a potential career path for myself. Therefore, my first questions in our meeting were directed at Boris’ own career path: “What did your path look like? Did you follow a specific plan?”
Boris traced his professional career for me and named important stations, punctuated with some anecdotes. In doing so, he also emphasized crucial experiences and insights he had gained in the course of his career. Later, Boris gave me an insight into his everyday professional life as a security architect, which mainly consists of “asking the right questions”. When I inquired what exactly he meant by this, he explained to me an approach that first aims to identify the actual problem, verify whether the proposed solutions address this problem, and what alternative approaches might exist. In this context, he advised me to look into TRIZ (Theory of Inventive Problem Solving), a method developed by Genrich Altshuller. The idea is to arrive at a more general problem by abstracting a special problem for which, in the best case, a general solution already exists that can be transferred to a special solution.
Through my studies and research, I have gained a deep technical understanding in some areas of cybersecurity. Nevertheless, it was important for me to look at cyber security from a meta-perspective. I was concerned with questions like, “How do I define security requirements for a system?”, “What does ‘security’ actually mean in this context?”, and “How can I anticipate potential risks and attackers in advance?”
It turned out that Boris was exactly the right person to address these issues. In 2020, he and Ganna Pogrebna published “12 Fundamental Cyber Security Problems,” which fall into four categories: System, Defense, Technology, and Behavior.
In our subsequent conversations, confirmed by Boris’ research, we were able to identify the three most important questions:
Particularly, the first question was the most exciting and fundamental for me during the mentorship program, as I was concurrently writing my master’s thesis. This thesis addresses Trusted Execution Environments (TEE), which provide a secure or trustworthy runtime environment for applications, typically ensured by hardware features such as the ARM TrustZone. The ARM TrustZone introduces the concept of the ‘normal’ and ‘secure’ world. Within the ‘normal’ world lies a conventional operating system like Android or iOS. In the ‘secure’ world, there runs a specialized operating system primarily focused on security and responsible for operating the so-called Trusted Applications (TA). Since the existing operating systems for the ARM TrustZone are often affected by the same security vulnerabilities, such as buffer overflows, the idea was to start from scratch and develop a kernel specifically for the ARM TrustZone, whose architecture and implementation are consistently focused on security. The requirements for this were extracted from an analysis of existing solutions.
The result was a statically partitioned microkernel with a Run-To-Completion semantics. Additionally, I verified all the C code of the kernel for memory safety using the C Bounded Model Checker (CBMC). Despite these extensive measures to engineer a kernel with maximal security, discussions with my mentor, Boris, led to a profound realization: the absolute security of a system is a conceptual ideal rather than a definitive state. It became clear that my efforts, although significant, could only assert the absence of known insecurities, such as memory corruptions, and this assurance was limited to a fraction of the system under specific conditions. This insight has been pivotal in my understanding of cybersecurity over the past weeks, underscoring the continuous and dynamic nature of striving for system security.
I am grateful to Boris for sharing his knowledge and experience with me. He has encouraged me to see my professional future in the field of cyber security.
