Written by Duarte Castelo Grande de Carvalho (dcgc)
Trainee: one that is being trained especially for a job. This is the definition according to Merriam-Webster dictionary. This is what we are told when we are learning, when we are starting our learning experience, our developing journeys. We feel excitement, exhilaration, enthusiasm, and ultimately, it is what we look forward to, when we reach this stage. With the proliferation of jobs in the IT sector, especially customer support, we see a lot of people joining the IT space with no background in tech (people coming from reconversion programs) and a lot of young people joining the masses just right out of college. Usually, the start of someone’s career in IT involves going through an internship, with the excuse that it will be a learning ground for the young individual, but ultimately, being done due to ulterior motives coming from the employer, who is providing the trial. Let’s have a look at some of there intership offers and why we have to do an internship when we start our path.
The purpose of being a trainee in a company is to be trained and taught a craft or a trade, for a pre-determined period of time. In IT, this usually means a programming language (to become a code monkey), helpdesk service (to become a machine) or an engineer handling a specific technology/system (to become a manual operations worker). The fact of life is that companies need IT infrastructure and people specialized in different areas, to develop/maintain/create it. This is both seen as a cost and investment, also depending on the business and industry the organization is in. It can be a cost due to the fact that we are in the 21st century and the world revolves on technology and telecommunications. So, organizations that are not inherently technological need to adapt to this. It can be an investment due to the fact that the service, product and the business of the organization as a whole, runs on technology or is technology. It is key for organizations to have qualified personnel and we need new people to be qualified and to be ready to work (out with the old, in with the new).
An internship (or traineeship) is often seen as a first step for a newcomer to start their journey in “CyberSecurity” and organizations make enticing propositions for fresh-green graduates (from university) to work on their projects. For graduates, internships are viewed as a necessary requirement in order to gain quality work experience. Many times, employers will hire graduates after they have completed their degree in Computer Science (or not (reconversion programs)). Students are desperate to get a job, which usually means that any company and any job position is their dream company and their dream job. Sometimes, the situation is so dire that graduates accept unpaid positions (are internships really that awful these days?). Despite this paradigm, we still look forward to start our new job.
Depending on expectations, depending on education background, depending on knowledge, depending on life, our opinion and feedback regarding our starting position will transcend our initial impression or will change drastically for the worst. A lot of what we were told in university by professors, who usually have no industry experience and not are up-to-date with it, is outright misleading. The truth of the matter is, in life you will experience many surprises (usually called “sunshine rays” or “buckets of cold water”, respectively) and the internship is one of them.
I start of by saying that being a trainee used to be a role entirely focused on providing graduates with an opportunity to learn some skills, and also to serve as a talent-feeder for companies. Instead, it has now become a way to source out mundane work for cheap (or for free), but most surprisingly, it has become a place to bootcamp (awfully) normal people, to churn out bad professionals (technically, at least) and to cut out normal paid jobs in favor of internships. This trend affects everyone. Companies need to get back to the true nature of the internship, because as of this moment, we have an abundance of people who will do a “sufficiently fine” job. Maybe that is fine to not disturb the normalcy (as most companies expect), but that is not fine for efficiency and innovation, which leads to better results and to improvement overall. To be honest, IT really ought to be considered the new “blue collar” job. Internships are the modern version of apprenticeships that “blue collar” unions have been doing for decades.
Then there are the lies:
You will get relevant training (you might get “training” or you might not get any training at all).
They might hire you after the internship (you might be proposed with a shallow opportunity financially or be respectfully declined).
You get to work with an awesome, young, diverse and dynamic team (you might face an immature team or work with a team that is jaded with what they do and want to leave).
It will look great on your resume (because people don’t know what is happening inside or it will look bad, depending on the review in Glassdoor regarding that company).
You will make great contacts (a few of them and you will also meet assholes).
The deal about internships is that they are one of the biggest bullshit je ne sais quois things going on, and most of the people involved with it in some form or capacity don’t want to admit it. It goes against their own interests. Schools and universities that include it in their programs won’t admit it, companies that use them won’t admit it, and the students who participate in it won’t call out on it because they need it… and so the cycle continues. Due to this, new joiners can end up being a waste of the organization’s time (many employers will tell you that you’re great one second, and then dismiss you the next), especially if no adequate resources are allocated: management and recruitment sees them as cheap labour and interns come with unrealistic expectations.
Despite all of this, however, I have to say that even if our experiences in internships were downright awful, they were not a failure and they were an important milestone. When we mature enough to realize that, we truly learn this lesson. There are valuable lessons to be taken away from them and it is a small sample of what you will encounter in the rest of your career:
From a technical standpoint, take note of the technological stack of the company, of the many tools used inside, and try by your own to learn everything (training and feedback on the Internet) and understand how it is applied and used (and how it is not) in the company you are interning for, especially if you are being given the same old boring shitty tasks on a daily basis; it may not look like it, but observing from the sidelines at what is implemented incorrectly, will be beneficial for you down the line (learn from others’ mistakes).
From a relational standpoint, active communication (asking questions when needed, not all the time), assertiveness (meaning being nice and polite to dickheads), and smiling (meaning showing the personality type the company wants) will help you going through the internship and will prove to make it less painful. This is the type of behavior you need to have when working in IT.
From a career standpoint, don’t expect everyone to be on the same level as you and don’t expect everyone to be invested the same way you are, meaning, expect to give a lot and to get little. The more you invest and the more you work, will be beneficial for you in the long-run, but when this work involves helping others, don’t expect a helping hand when it comes to asking for help (it is human nature, some people will even try to sway you from your path). Don’t get bitter when it occurs, the people who know the most, the people who are more proactive, and the people who work hard, are not necessarily the ones who are the most rewarded; welcome to life, shit happens.
From a survival standpoint, keep tabs on names, projects and companies where you did your internship, and keep contacts that matter: you don’t want to go back to the mud and where you were unhappy, and you DO want to go to where you think you will be happy and work with the people you had good experience with.
A bullshit job is a job which is pointless. A firm believer of the job enjoys and lives it day-by-day, a normal person pretends to enjoy the job and secretly hating it, knowing that it shouldn’t exist. Pretending is the bullshit element, you kind of have to pretend there’s a reason for the job to exist. But secretly, you think if this job didn’t exist, it would not make a difference at all, or that the corporate world would be less cluttered with bullshit. You need to undertake a bullshit internship in the beginning of your career, because:
Witnessing and dealing with people you wouldn’t believe that exist (really): human beings are awful, in general. Be prepared to deal with the fact that people have different personalities, goals, interests, upbringings and sense of humor (this last one especially). The rules of survival are simple: define your boundaries (self-respect), don’t be an asshole (don’t do to others what you wouldn’t like others do to you), work on yourself and help others if you want (don’t expect anything in return), and last but not least, karma is a bitch.
Triumphing over adversity (whatever it is, it helps you to become more tolerable to bullshit): we all go through hell at some point, some more than others, and this will force you to grow courage and strength and see several things more clearly (if you don’t, you are kind of screwed). Tragedy is the catalyst for growth.
Not giving a fuck about failing on something or not knowing something (it is what it is): the more “fucks” you give, the more worried and stressed you will be. If you don’t give a fuck (which is tremendously hard, no one denies it), you will be free from the shackles of life’s deceitfulness and the after-effects of “carousing”…
Being grateful of what you have (building character, or some shit like that): getting the short end of the stick will be accepted, meaning you will not always get what you want but you will get enough that you will be appreciative of it. Expectations are usually premediated resentments.
Training to become a jack-of-all-trades and to know how to “MacGyver It” (basically, how to become a good professional): if you have met, heard, seen or heard a Security Guru, then you have been conned. There are no experts: some professionals have specialties in some areas or are more apposite towards a specific area. Everyone has different levels of knowledge and experience, and improve depending on the role in a company, depending on what they actually do in that role, and on what their interests are. Knowing a bit of everything and being flexible, adapting to different situations, is looked upon as a valuable resource. Don’t become too attached to one specific thing and don’t “MacGruber” it.
Pressure of hierarchy, responsibilities and unfairness (no rewards, promotion, validation, but a lot of using your work at your expense): depending on company’s culture, depending on the history of the company (what “fossils” are laying around and what relations were previously established), you will face a lot of times what is known as unspoken traditions and unwritten rules; these delineate the unofficial roles and responsibilities of each individual on the organization and on the team you work in, and sometimes, these lead to unfairness. Only certain votes count, only speak when you agree with the manager, don’t be the last to leave the office, the company is undergoing a change (things are out of control), etc.; there are certain behaviors and sayings that will put in less pressure and avoid the unnecessary “spotlight”. This “training” will better prepare you for your career.
Let’s take a look at a job offer from a company I’m familiar with, and understand what they look for in a trainee/intern, so as to grasp what are the expectations we can assume from this opportunity.
Official description of the department inside the organization and IT infrastructure, not representative of their real functions.
Continuation of the official description of the department and detailing what types of roles it has.
Explanation on why IT exists in the company, not necessarily on what you will encounter.
Your job title.
Brief description on the envisioned purpose of the role in the department and the “sales pitch”.
Brief description on the envisioned daily collaboration and work dynamic of the role in the department.
Official description of the “project” your work will be under.
Official enumeration of some of the envisioned tasks the position entails.
Official positioning of the role and department inside the company; envisioning expectations for the role.
Illusion of friendliness by the company.
Enumeration of responsibilities commences…
Hint on what technology you will work with.
Who you will work with on a regular basis.
“On-the-job” learning (“unshit yourself”).
Every company uses “Fake Agile”, get used to it
What you need to “be” in terms of “hard-skills” and work-personality.
What is an UK-based qualification system doing on a job ad for a position to be taken in a country outside of UK, funny innit.
You can read and understand text, diagrams, code, etc.
You can speak and be understood in the language you communicate.
Ability to not give a fuck when you get shouted at and/or get an unreasonable and unfair task.
Know fake Agile and have heard about Waterfall from university (because they still teach that crap).
You need to understand the technology of the position you are applying for.
You need to understand the technology of the position…
You need to understand the technology of… yes.
Willingness to listen to others (senior teammates), even when they are wrong.
You follow orders and agree with what people say, unconditionally.
You know English from school and television.
What you need to “be” in terms of “soft-skills”, life-personality, what qualifications you have and repeated items.
You are not an asshole.
You can read and understand text, diagrams… yes.
Ability to not give a fuck when you get shouted… yes.
You can read and understand text… yes.
You follow orders and agree with what people say… yes.
You are not a street hood.
You need to have a degree from a university, because that will be the deciding factor for the company accepting you for an interview.
Do not expect this to be true and this paragraph is a legal requirement by the company so they can save themselves from legal complications regarding shenanigans.
“Simply put, there aren’t enough qualified cybersecurity professionals.”
We are constantly hearing this all the time, and interns are faced with this statement when undergoing the internship and when facing difficult situations, or when the time to contest arises. Interns are pressured and blackmailed into thinking that they have gotten a golden opportunity and that if they don’t follow whatever is necessary, they are dismissed. We don’t have a workforce shortage problem, we never really did. What we have is a wrong placement and allocation problem. It’s not about training people with Udemy online access and vendor in-person courses, it is about meaningfully onboarding, introducing and directing newcomers into understanding what their role is and what it contributes to. If companies were to hire enough people to eliminate every security issue in their estate, they’d need to at least onboard both qualified people and new people. We don’t see this regularly as we do not see a balanced hiring of both levels. Nevertheless, the answer is to have both trained personnel and technology that supports the security program into efficiently addressing most of the security issues and that prepares the organization to combat and respond against security incidents. Enterprises have treated information security as a manpower and triage problem when it necessarily isn’t. Find tools that help you get the most out of your available resources, don’t piggyback and weight all your information security problems on top of people. Employers will hire interns thinking that they will automatically solve their issues, expecting that they have a ridiculous skill-set that is impossible to learn without prior experience in the same field, and planning a lot of their security program work hours with uncontested devotion from part of the newcomers.
Then you have different types of internship that justify the lack of payment, minimal support and cut-throat environments:
School-credit internships, you do them as part of your university degree and it is needed to complete the course. The problem with these kinds of internships is that the original project statement, scope and goal of the internship is delineated, but often times it deviates from what was agreed, as well as the company using the intern to work on completely different things. The intern not knowing for sure how things operate, accepts this and goes along with it. There are also situations where the intern works after-hours (exploitation of the employer), be it on the project itself or on other unrelated tasks. From this, the intern is usually “held hostage” by the supervisor into doing what he wants, because if the intern does not cooperate, he/she will get a bad grade or feedback, and not pass and successfully get the school credit.
Government subsidized internships, are internships that companies take advantage of, using the help from the national government, having the institution contribute to a percentage of the payment of salary, as well as other incentives. Companies look after this type of internships to reduce their costs and their budget for internship. Governments look after the success of this kind of program in regards to the reduction of unemployment. Often these internships are connected with unemployment centers or with government institutions, and are dependent on feedback and have clauses associated with the contract. The common scenario we witness is the one of pampering newcomers and of forcing them into viewing the company with rose-tinted glasses, promising beginners that they will have a future in the corporation. It is not ill-intended for the most part, as hiring people want to capture the best talent (sometimes at whatever necessary cost) but it distorts the reality and it creates very high expecations for the intern.
Unpaid internships, also known as “We don’t want to pay you, but we will work with you, the same way as our current employees. Do not worry, we swear you will learn new things!”. Fortunately, it is not the norm in IT to see unpaid internships, but the gist of it is that the basis for the internship lies on the promise of development/start of the intern’s career. What in fact is doing overall is lowering the level of admission for newcomers (and the level of quality of workers), having them for free and, more often than not, exploiting them into creating sufficiently enough work.
In the context of an internship, usually there are several parties involved and responsible for different aspects:
Enabler: this is the party responsible for enabling the internship for the intern. It can either be the university and company agreeing on a school-credit internship or it can be the government body establishing a program with benefits for the company to initiate and develop an internship program. As explained before, both are usually enjoying a mutual benefit deal, that in no way benefits the intern (except in the job position opportunity).
Maker: this is the party responsible for creating the internship position. It is usually due to the company needing new interns to fill new positions, with the intent of having growing numbers and showing how the company “is growing”. The intern will be part of the organization as “one more” and will see that the position he/she is filling in, is nothing particularly interesting.
Practitioner: this is the party that will perform the tasks associated with the internship position. They are written on paper and set in stone officialy, making them exacerbated when you are faced with presenteeism (physically present at the workplace and not operating at a maximum capacity due to illness, injury, or another condition) and absenteeism (habitual non-presence of an employee at their job) from your colleagues and superiors.
Internship is not the place for starting your career, but the place to start learning about your career: don’t apply to an internship you don’t want to, the experience isn’t worth the mental anguish doing something you hate. Once you find out an internship you’re interested in, do research about it.
Outside of work, start networking with people that matter (you will notice; it can be in person or online): don’t get discouraged if most people you meet at work are useless and unworthy: most people are and a few aren’t. Practice is everything: the more you do it, the better you will get at it. Start off with people in the same boat as you and then work your way up with more senior people. Be prepared to ask good questions to those you network with. Do your homework in advance (investigate and mindmap; it is not stalking, despite what dumbwits will tell you).
Internships can be valuable if taken advantage of: you will learn the positives and the negatives and you will have a taste of what is to come.