Between December 2023 and September 2024, I worked as a junior developer at EYECOM ALGERIE. The work was not a lab exercise. It was backend development in a professional setting, with existing code, changing requirements, and users who needed the system to keep working.
Most of my work was around Java/Spring APIs, modernization of internal tools, deployment automation, and hardening. The security lesson was simple: the clean diagram is never the whole system. Real applications have old endpoints, unclear ownership, operational shortcuts, and small configuration decisions that become risk.
That experience is useful for cybersecurity because it gave me the developer’s view of security. I understand why teams bypass controls when those controls are painful. I also understand why a fix that cannot be deployed reliably is only half a fix.
For internship roles in DevSecOps, GRC, audit, or industrial cybersecurity, this is the professional base I rely on: read the existing system, make a change that fits it, document the decision, and leave the service easier to operate.