From Learner to Leader - Tabassum Raya's Story
Raya is a recent Bachelor of Networking (Cybersecurity) graduate from Melbourne Institute of Technology who has transformed curiosity into career momentum. As she embarks on her first cyber security internship through AWSN's Summer of Cyber Program working as a Security Consultant for small to medium-sized businesses, Tabassum brings a unique perspective shaped by hands-on learning, community engagement, and an unwavering commitment to understanding the human side of security.
From Fancy Words to Real-World Breaches
Raya's path to cyber security started when initially enrolled in a Bachelor of Information Technology, but something didn't feel right. "I wanted to switch to something familiar," she recalls. "At that moment of my career with next to no knowledge in Cybersecurity, the word seemed fancy and I fell for it."
As real-world incidents like the Optus and Medibank data breaches dominated headlines, Raya found herself captivated, things "started tickling my brain thinking what was actually happening behind the screens," she explains. Diving deep into these incidents, she discovered that choosing cyber security was "an unusual but a right decision."
One professor, in particular, proved transformative to her journey. "The way he taught and made complex concepts engaging and exciting truly motivated me to pursue the field more deeply," Raya reflects. This mentorship exemplifies how the right guidance can ignite lasting passion in students navigating complex technical fields.
Like many entering cyber security, Tabassum was initially drawn to red teaming. It "was very cool, which I still think the same about," she says. However, her curious mind led her toward a more strategic approach. She realised she would love to start with blue teaming, focusing on Security Analyst roles to build stronger knowledge of systems and defense mechanisms "so that one day I can break through them easily being a pentester," she explains, demonstrating the foresight that will serve her well throughout her career.
Beyond the classroom, Raya actively engages with the cyber security community through Capture the Flag (CTF) challenges, industry events, and volunteering with AWSN and Hck4G. These experiences have given her exposure to cyber security professionals and helped her understand real-world industry practices. "Although it has only been 4 months, being involved has allowed me to learn from industry professionals, build meaningful connections, and gain valuable insights".
The hands-on projects throughout her studies excited Raya most as "they allowed me to explore topics deeply without limits and truly satisfy my curiosity through practical learning". This preference for experiential learning shapes her advice to others and her vision for how cyber security should be taught.
Building Foundations as an International Student
As the first woman to graduate in cyber security in her family, Raya has received tremendous pride and encouragement from her loved ones. Yet being an international student has presented distinct challenges and getting into the field would be so hard as... an international student" she shares candidly. "This is something I am still struggling with, but hope to overcome it soon."
Her experience at Melbourne Institute of Technology presented additional obstacles. As the primary campus was based in Sydney, Melbourne students sometimes faced delays or limitations in accessing academic and technical resources. Limited vendor partnerships meant Tabassum often had to independently seek out tools and learning materials. While challenging, this necessity fostered self-reliance and proactive learning skills that now define her approach to cyber security.
The security clearance requirements for many cyber security roles add another layer of complexity for international students. "Most of the organizations deal with sensitive data and need the candidate to be having state security clearance... I wish I had done deeper research early on, as it would have helped me better understand the market and plan my career path more strategically."
Despite these hurdles, Raya remains focused on building her foundation and contributing to the community that has supported her growth.
Understanding the People Behind the Systems
What sets Raya apart is her recognition that cyber security extends far beyond technical prowess. She identifies a resource often overlooked by students and career changers: people and communication skills. "Many assume these skills come naturally or are not essential, but cybersecurity heavily relies on human behaviour, such as awareness and training, where a single phishing incident can lead to significant organisational losses".
This understanding challenges common misconceptions she encounters. "A common misconception is that cybersecurity is only about hacking or highly technical skills, when in reality it also relies heavily on understanding systems, processes, risk, and people," Raya explains. She emphasises that many underestimate the importance of fundamentals and communication in effective security practices.
Her perspective on the field's evolution reflects this holistic view. Raya believes automation, along with strong foundational understanding of AI and machine learning, will become increasingly prominent over the next five years and significantly influence how cyber security operations are conducted.
From Blue Team to the Bigger Picture
Reflecting on her journey, Raya offers wisdom shaped by experience and hindsight. She would have built home labs or gained hands-on experience immediately after learning each topic, recognising that visual and practical simulation greatly deepens understanding. She would also place stronger focus on IT fundamentals early on, as a solid foundation is essential for understanding cyber security. Most importantly, she would develop people and communication skills from the start, acknowledging that "cybersecurity ultimately starts and ends with people."
Her advice to those beginning to explore the field is rooted in thorough preparation: research different areas of cyber security, speak with professionals from various sectors to understand their day-to-day roles, and read foundational resources to identify a clear and informed learning path.
For universities, Raya envisions a pedagogical shift. "I would place greater emphasis on current real-world incidents and teach by mapping them to existing security frameworks, so learning is based on understanding and context rather than memorisation". This approach would bridge the gap between theoretical knowledge and practical application that she navigated throughout her studies.
The advice she would give her younger self is simple yet profound: "Start attending industry events early, as they reveal how supportive the cybersecurity community is, how the market works, and what resources can make the learning journey smoother and more focused."
As Raya embarks on her Security Consultant role and works toward certifications like BTL1/SAL1, CompTIA Security+, and CySA+, she carries forward the understanding that technical excellence must be paired with strong fundamentals, clear communication, and genuine connection to the cyber security community. Her journey demonstrates that success in cyber security requires not just mastering systems and code, but understanding the people who use them and the real-world contexts in which security challenges emerge.
Connect With Tabassum Raya
You can connect with Raya on LinkedIn!