Eva Deng

Information Security Analyst

Current Company: Contra Costa Health

Interview: 10/01/2021

What skills or information did you pick up in the program that has proven useful in your work?

I am grateful for all the professors at Merritt College who helped my study along the way. The cybersecurity field is a fast changing field. The skill/information you learn today might be very different a year from now. My takeaway is to keep involved in the community like Merritt College cybersecurity program and networking with others, get up-to-date relevant information through study and through field professionals.

Are there any resources you would recommend to students that supplement the program well (e.g. udemy)?

I would recommend trying TryHackMe, udemy for cybersecurity skills. You can do it at your own pace and keep advance on the path you chosen along the way. Udemy has free course sometimes, so keep an eye out for those announcements (LinkedIn is a great place to find those deals!). I also highly recommend SAN Institute. They have Cybersecurity program at 100% scholarship. I am in the Diversity Workforce Academy – California program at SANS right now and I learn a lot from this program.

Are there any other organizations or groups that you are involved in that you felt was helpful/supportive?

Day of Shecurity, WiCyS, Cyversity, OWASP, SANS, RSA, BSides, ISLF

Noah Newdorf

Security Engineer, Application Security Engineer, Penetration Tester

Current Company: Allstate Insurance

Interview: 12/27/2022

What skills or information did you pick up in the program that has proven useful in your work?

In my day-to-day work I regularly use the skills I gained from the Application Security track along with Code Path, as well as becoming comfortable using the command line which I learned slowly from many of the courses at Merritt. I learned so much from every class, but learning the foundations of different security domains helped me both understand what I was interested in, as well as giving me a well-rounded education.

Are there any resources you would recommend to students that supplement the program well?

It’s great we have so many resources to learn from and platforms to practice on. In my experience, it can be easy enough to wrap my mind around concepts on paper, but I will only really gain it as a skill when I’ve struggled and then digested a topic through hands-on exercises and challenges. There are some resources I’d recommend which are just text or movies, but that should only be your first stop.

• TryHackMe: Full of hands-on exercises for different security topics, TryHackMe prepares environments for you with detailed instructions to follow. This is great for the beginning steps of learning a new skill as it allows you to put your hands on the keyboard, but within a narrow lane where you won’t get lost.
• The Web Application Hacker’s Handbook 2: Written by the author of the famous tool Burp Suite, this is a book detailing countless numbers of web attacks. Recommended for anyone interested in application security or penetration testing.
• OverTheWire – Bandit: The Bandit wargame from OverTheWire is a set of progressively more tricky privilege escalation challenges. This taught me a lot about linux command line usage as well as linux privilege escalation.
• CodePath: CodePath followed the OWASP Top 10 and gave me great early experience crafting web exploits which I use every day doing application pentests. It was very challenging at the time, but very fun to work through with my classmates.
• HackTheBox & VulnHub: These platforms both provide you with vulnerable machines you can learn hacking on. Without using walkthroughs these can be quite difficult challenges, but have been somewhere I can really test myself and see what tools and techniques I can use from my arsenal.

What did you like about the NCL and what skills did you learn from competing?

Participating in the NCL is something I think really propelled me into the Cyber Security program. With all of the different categories of challenges they have for you to complete, this was my first time being exposed to a bunch of security concepts. Every round they always were throwing in situations where you were forced to quickly learn the basics of some new technology. It taught me to “just go for it” when it came to quickly picking up new tools and re enforced the skill of teaching yourself new things. Not only was it really fun working with classmates and representing Merritt by placing well during the team games, being able to place way better than I really expected during individual games gave me confidence I was learning all the right stuff to compete at a larger level against people going to more prestigious schools.

Wendy Segura

Security Engineer

Current Company: Sage

Interview: 03/07/2025

Wendy Segura is a Security Engineer at Sage who specializes in building secure, scalable technology solutions. With over a decade of experience in cybersecurity, process optimization, and security client advisor she focuses on developing robust security frameworks, conducting comprehensive risk assessments, and implementing compliance strategies for global organizations.

Currently serving as an OWASP Bay Area Chapter Lead, Wendy actively builds community and facilitates knowledge sharing in application security. She is pursuing her Master’s in Cybersecurity from Georgia Institute of Technology and holds certifications in Cloud DevOps, Security, and Leadership.

What skills or information did you pick up in the program that has proven useful in your work?

I completed the Application Security track, and I can confidently say that the hands-on labs at Merritt thoroughly prepare you for real-world challenges. When I first started the program, I was just beginning my internship as a Security Analyst. Every class I took reinforced the new tasks I encountered daily at work, helping me apply my learning immediately.

In cybersecurity, you will never know everything—technology and threats evolve constantly. Staying up to date is crucial, whether by attending conferences, networking with professionals, or continuing education through classes and certifications. Lifelong learning is key to success in this field.

Are there any resources you would recommend to students that supplement the program well (e.g. udemy)?

Online Platforms:

• HackTheBox – Hands-on practice for penetration testing and cybersecurity skills.
• Pluralsight – A variety of courses on cybersecurity, cloud security, and more.
• AWS & Microsoft Azure Certifications – Valuable for understanding cloud security concepts and industry best practices.

Some Book Recommendations:

• The Web Application Hacker’s Handbook – Dafydd Stuttard & Marcus Pinto
  A must-read for learning web application security, vulnerabilities, and penetration testing techniques.
• Metasploit: The Penetration Tester’s Guide – David Kennedy, Jim O’Gorman, Devon Kearns & Mati Aharoni
  A hands-on introduction to penetration testing using Metasploit.
• Cybersecurity Essentials – Charles J. Brooks
  Provides a strong overview of cybersecurity concepts, risk management, and network security.
• Network Security Essentials – William Stallings
  Covers cryptography fundamentals, network security protocols, and defense mechanisms.

Are there any other organizations or groups that you are involved in that you felt was helpful/supportive?

Yes! I highly recommend getting involved with the following organizations:

• Day of Shecurity
• OWASP Bay Area – Monthly meetups posted on https://www.meetup.com/bay-area-owasp/
• WiCyS (Women in Cybersecurity)
• Bay Area Pacific Hackers – Meetups posted on https://www.meetup.com/pacifichackers/
• SANS
• BSidesS.F. (Great for volunteering and networking)

These groups offer great networking opportunities, training, and resources to help you stay engaged and up to date in the cybersecurity field.