Griffin Davies, a cybersecurity major at St. Cloud State University, is living out his fantasy as he plays a cat-and-mouse game as an ethical hacker.
For the past two summers while interning at Wipfli, an international consulting company, Griffin has taken part in unique, hands-on experiences in the world of cybersecurity.
“Some jobs within cybersecurity are not always working with ones and zeros or configuring changes within a network to make it more secure,” Davies said. “Some jobs, if you’re lucky, can have you pretending to be the bad guy or “threat actor” to test a client’s security, and this can be both physical and technical security.”
While running attack simulations on banks — one of the services that Wipfli’s cybersecurity division offers — he used penetration testing and social engineering. He even got to be part of a physical social engineering team that tested the security at three different banks.
Griffin posed as a fire equipment inspector at one bank and gained access through an unlocked door to vulnerable equipment. At another bank, he posed as a customer looking for a loan to distract the bank staff, while his manager snuck into an unsecured office and tried to hook up a malicious device to a computer. They were caught “red handed” in this attempt and had to come clean that they were hired security testers after the police were called.
Consulting is nothing like he expected, and he’s found applying his skills outside the classroom looks very different.
“Early on, it felt completely foreign,” Davies said. “In school, you learn about theory and best practices, but consulting is about applying that knowledge while working directly with clients. Every day is different, and that keeps it exciting.”
Unlike his previous internship on a smaller internal IT team, Wipfli threw him into the deep end. He engaged with a new client each day and tackled fresh challenges in unfamiliar environments. Griffin said he’s gained a broader perspective not only on cybersecurity services, but also on what consultants do.
“You never know what kind of issue you’ll be up against until you’re in it,” he said. “One day might be physical security testing, and the next could be a technical deep dive. It’s definitely more adventurous than I imagined.”
It’s this blend of technical work and human connection that’s reshaped his entire outlook on a cybersecurity career.
