Internships that matter: How to build the next generation of cyber defenders

Build cyber resilience with exclusive interviews and insights from the global Black Hat MEA community. 

This week we’re focused on…

The kind of cybersecurity learning that really helps students learn. 

Why?

Because we spoke to Black Hat MEA 2025 speaker Daniel Bowden (CISO at Marsh McLennan), and he said: 

“Students need hands-on experience with real threats and challenges – not just shadowing or menial tasks.”

We agree. 

As the cybersecurity talent gap continues to widen, the industry is waking up to the truth that bringing more people into cyber means very little if those people aren’t well-prepared. And to be prepared, you have to have faced real challenges and contributed to real work – and developed your technical skills and decision-making confidence as a result.

But no one can have that kind of experience before they’ve done the work. So to create a new generation of highly capable cybersecurity professionals, we have to rethink how we design internships and early career programs. 

What’s the problem with traditional internships?

For a long time, cybersecurity internships have looked more like observation decks than training grounds. Students are often assigned repetitive tasks, sidelined from real incidents, or shadowed by mentors without ever taking the lead. 

And the result is that they enter the workforce with theoretical knowledge; but very little practical ability to respond to evolving threats. 

That’s bad for them. But it’s also a risk to everyone – because organisations need agile, hands-on defenders from day one. 

What does a meaningful cyber internship look like? 

Bowden described what makes student learning impactful: exposure to real-world threats, collaboration across departments, and contributions that matter. That’s the model behind Marsh McLennan’s Tech Gig program – a global initiative that brings together 20–25 security professionals and 35+ participants from across business and technology units to solve real problems and build cross-functional understanding.

Very much removed from checkbox exercises, this kind of structure gives participants a seat at the table – so they have a real opportunity to think critically, ask questions, and build networks. 

Here’s what it looks like in practice: 

• Real threat modelling and analysis (not just reading old reports).
• Participation in incident simulations, tabletop exercises, or red/blue team drills.
• Cross-functional exposure to legal, compliance, and operations, helping interns understand how cybersecurity fits into business decision-making.
• Mentorship that empowers, where students contribute to real deliverables instead of simply observing.

A growing number of programs are getting it right

Beyond Marsh McLennan, several global initiatives are pioneering this approach:

• IBM’s Cybersecurity Leadership Program: A multi-week immersive internship where students work on live threat intelligence and SOC operations alongside experienced analysts.
• CISA’s Cybersecurity Internship Program (US): Interns are embedded within specific mission areas and exposed to policy, risk assessment, and operational work — not just administrative tasks.
• UK’s CyberFirst Program: Designed in partnership with industry and government, this initiative offers hands-on learning, live problem-solving, and pathways into full-time roles.

Each of these models shares a common thread: 

Trust. 

They trust interns to engage, think, and contribute. And they provide just enough scaffolding to help them succeed without shielding them from reality.

Solid cybersecurity training has never mattered more 

We know that cybersecurity is increasingly embedded in every part of a modern business. It’s no longer a siloed discipline; and this complexity demands defenders with the skills to communicate risk and collaborate across departments. They have to be able to make fast decisions with limited information, and understand the strategic context of their technical skills. 

Internships are where that mindset can develop. But only if we treat early talent as capable contributors instead of passive observers. 

As Bowden put it: “Empowering students with real work enhances their development – but it also strengthens our collective resilience.”

It’s time for more organisations to take that seriously.

Read the full interview: Don’t show up smart, show up curious

Want to hear more from Daniel Bowden and other security leaders? Get your pass for Black Hat MEA 2025 and learn from the people shaping the future of cybersecurity.