Overall good experience. - Anonymous employee Kansas State University Employee Review

Very Flexible around class schedule.

Lack of training but overall a great experience.

* Excellent opportunity to develop technical cybersecurity skills and gain hands-on experience with enterprise environments. * Flexible scheduling early in employment. * Good experience for students wanting exposure to vulnerability research and security analysis. * I learned a great deal independently, and the experience helped prepare me for my cybersecurity career.

I accepted this role because I genuinely wanted to improve Kansas State University’s cybersecurity posture. I was excited to contribute, identify vulnerabilities, and help protect university systems. I took pride in my work and spent countless hours researching vulnerabilities, validating findings, and writing detailed technical reports. Unfortunately, I left the position disappointed both professionally and ethically. The most significant issue was how cybersecurity findings were handled. I identified numerous vulnerabilities and security concerns that I believed warranted serious attention. On multiple occasions, I felt pressure to revise the wording of reports in ways that, in my professional judgment, minimized the severity of those findings. This conflicted with my ethical and moral judgment because I believe security reports should accurately communicate technical risk, not simply present a more favorable picture. One of the most discouraging aspects of the job was feeling completely ignored despite the amount of technical work I produced. I spent significant time researching vulnerabilities, validating findings, and documenting legitimate security concerns, yet I rarely received meaningful feedback or discussion from the salaried leadership responsible for reviewing them. From my perspective, my reports often appeared to go unread or were not taken seriously. It was frustrating to invest so much effort into improving the university’s security only to see little or no visible action taken. I also found it frustrating that vulnerabilities I had already identified were later rediscovered through external security audits that likely cost the university thousands of dollars. From my perspective, opportunities existed to address some of those issues earlier using work that had already been completed internally. One incident that stood out occurred when I accidentally initiated a scan that noticeably affected the responsiveness of library systems while using an inexpensive laptop from around 2015. From my perspective, this raised concerns about the resilience of parts of the environment, yet I did not feel the broader technical implications received the attention they deserved. Compensation did not reflect the technical skills expected. Student cybersecurity analysts were expected to perform vulnerability research, analyze enterprise systems, identify real security weaknesses, and think like security professionals, yet the compensation felt comparable to many entry-level service positions. Employees were also told to expect annual raises, but I never received one. Another major disappointment was the abrupt change from a fully remote position to mandatory in-office work. I accepted the role because it was advertised as remote and made significant personal and financial decisions based on that understanding. I spent thousands of dollars building a dedicated home office and intentionally moved farther away from campus into a quiet neighborhood to maximize my productivity while performing focused cybersecurity research. When the university later required employees to return to the office, those investments were effectively disregarded. My productivity declined significantly after returning because the office environment was not conducive to focused technical work. The office itself was one of the poorest working environments I have experienced. Approximately eight employees shared an underground workspace roughly the size of a one-bedroom apartment with exposed utility pipes overhead. It felt cramped, poorly ventilated, and unsuitable for work requiring long periods of concentration. Office hygiene was another recurring issue. In my experience, coworkers sometimes came to work while visibly ill, and I did not observe expectations encouraging employees to stay home when sick. Persistent body odor and strong-smelling food frequently made the office uncomfortable. I became sick multiple times while working there and personally believed the office environment contributed to that. From a productivity standpoint, there were extended periods where I felt projects made very little meaningful progress. Meetings often revisited the same issues repeatedly without clear resolution, which was discouraging for someone motivated to solve problems and improve security. Overall, I gained valuable technical experience, but I left believing that the organization would benefit from greater respect for technical expertise, more transparent security reporting, better engagement with security findings, improved working conditions, competitive compensation for specialized technical work, and leadership that actively listens to the people tasked with identifying and communicating cybersecurity risk.