Meet the Duke Cyber alums: Sarah Alrefai, GRC specialist for NEOM Saudi Arabia, shares her experience

Sarah Alrefai, a Spring 2023 graduate, is a Cyber GRC specialist for NEOM Saudi Arabia, a global business hub. Read an interview about her Duke journey and the impact of the Master in Cyber program on her career.

“That’s why I chose to apply for a Master of Engineering in Cybersecurity at Duke University, where I hoped to merge my engineering background with cutting-edge knowledge in cybersecurity to make meaningful contributions to the field.”

Why did you apply for the ME in Cybersecurity at Duke? What career goals did you come to Duke with?

My journey into cybersecurity has been somewhat unconventional. For five years during my bachelor’s degree, I found my passion in studying electrical circuits, calculating currents and voltages, and dealing with dead batteries. The concept of cybersecurity was utterly unfamiliar to me during those years. It wasn’t until I entered my first job after graduation that I began to understand the importance of cybersecurity, finding myself interested in its challenges and complexities. This interest encouraged me to pursue higher education in cybersecurity. My primary goal was to find a program that would allow me to leverage my engineering skills while gaining a comprehensive understanding of various areas of cybersecurity. That’s why I chose to apply for a Master of Engineering in Cybersecurity at Duke University, where I hoped to merge my engineering background with cutting-edge knowledge in cybersecurity to make meaningful contributions to the field.

What was your area of interest in the Duke ME in Cyber Program?

I was particularly focused on finding a program that offered robust internship opportunities in cybersecurity, and the Duke Cybersecurity program immediately caught my attention. The prospect of gaining hands-on experience through internships was crucial to me, as I believe it was essential to understand cybersecurity’s complexities beyond theoretical knowledge.

How did you find your current job? What is your primary role in the company?

I found my current role through LinkedIn. I focused my job research on one specific criterion: finding a position in an organization directly serving Saudi Vision 2023. NEOM is an excellent example. As a cybersecurity Governance, Risk, and Compliance specialist, I have explored and worked in risk management, focusing heavily on third-party risk management. Additionally, my current interest is in vulnerability management and pentation testing, and I recently started discovering opportunities in this field.   

How has your degree helped you prepare for the role?

As someone with an engineering background, my Duke ME program has equipped me with a solid set of skills in both technical knowledge and practical experience, which provided me with a smooth transition into the field. The various coursework covered in this program significantly contributed to my job preparedness.

Additionally, the seminar sessions we had in the first year provided an invaluable overview of the various roles within the cybersecurity market. The speakers in those sessions taught me how to apply the theoretical knowledge gained in classrooms in practical situations, effectively preparing me for real-world scenarios.

Name 2-3 of the most important skills you gained during the ME program.

Gaining an analytical mindset and the ability to interact with different audiences from different backgrounds were invaluable assets.

In our small classroom, as the first path of Duke Cybersecurity ME, we came from different parts of the world, different educational backgrounds, and different stages in life in general. I was not aware of the effect of this exposure until post-graduation, as I am dealing with various people in my current role. Sometimes, cybersecurity sounds illogical for some people from non-technical backgrounds, and here are the skills I have built during my interactions with my classmates, workgroups, and professors.

Where did you do your internship? In what way did the internship experience prepare you to be where you are now? 

Before my internship, I was able to secure a part-time job as an intern at the Security Operations Center of the Duke Office of Information Technology, where I was able to build and strengthen my technical skills. I chose to extend this opportunity to be an intern in the summer. I explored advanced cybersecurity tools and technologies during my internship and enhanced my research and analysis skills. Also, the primary focus of my internship was incident response, where I gained practical experience in handling and mitigating security incidents. This experience not only deepened my understanding of cybersecurity operations but also prepared me for future roles in the field.

What advice do you have for other cyber students on having a good internship and job experience?

Internship/job research is stressful most of the time. I suggest you start your research as soon as possible, ask for help, and set clear career goals and objectives. It is normal to get overwhelmed throughout this process, but having the motivation will ease your journey. Additionally, contact Duke Career Services and utilize this opportunity to get help.