Hand-delivering doughnuts helps Lily becomes Lowell's first T Level Cyber Security placement student!

Lily says her sugary sweetener went a long way to persuading the Lowell Group to take her on as their first-ever T Level student.

And, since then, she has definitely provided the Leeds-based debt recovery company with plenty of food for thought in terms of recruiting future placement students, having encrypted her way into the team’s hearts due to her outstanding approach to the placement.

The T Level educational model has seen Lily apply the knowledge she has acquired in York College’s classrooms into a real-life setting, where she has been able to carry out important tailgating exercises and a vast array of tasks aimed at protecting the company’s IT systems.  

As she builds towards completing 315 placement hours, Lily’s experiences have confirmed to her that she wants to pursue a career in the cyber security industry – a profession that she feels can provide her with a well-paid and secure job that, with its daily threat of a malicious attack, will never become monotonous. 

Rather than being dissuaded by the industry’s male-dominated reputation, she is also now encouraged that such inclusivity issues are being addressed and could even work in her favour when she seeks an apprenticeship at the end of her T Level studies.

To mark National T Levels Week’s theme of the day – Student Voices – we sat down with Lily to learn more about her T Level journey so far and also spoke to the Lowell Group’s Head of Infrastructure Security Darren Ayre, whose comments on Lily's placement are some of the most complimentary we’ve ever heard about any of our students…

When you were thinking about your post-16 options, what appealed to you about doing a T Level?

It was mainly because you get to do a placement, which is a great opportunity. I think, when it comes to me applying for a job, being able to put a placement on my CV could place me a little bit above other people. When it comes to going into the real world, you can say you’ve worked like this before and know what you’re doing.

Also, the Sixth Form that I could have stayed at did not have cyber security as a course to progress onto and I liked the idea of doing my T Level exams in the first year, too. It means I’m not as stressed this year as people who are doing their A Levels. 

What drew you to the Digital Security & Support course in particular?

With technology advancing and advancing, it would be silly of me not to learn more about it, especially with all the attacks that are going on at the moment. People are going to need people like me.

It can, hopefully, provide me with a well-paid and secure job, because technology can take lots of jobs, as we are seeing at the moment. It will probably take over cyber security one day, but not yet and, hopefully, not in my lifetime.

Had you always been interested in cybersecurity and tech?

Not at all, really. I didn’t take computer science when I was at high school and, to be honest, I thought it was really difficult but, obviously, with cyber security, it’s not as much about coding. It’s more about the risks businesses face and how to protect against that.

I do find that really interesting, especially because, with a career in cyber security, there are so many different places that you can go. I have been in so many different departments during my placement and that’s great, because I never get bored.

I don’t want to get into a life where I’m doing the same thing every day and, with a job in this field, today could be fine, but tomorrow there could be an attack and you have to be alert to what is happening. In a morning, I want to be thinking, “I’ve got work today – I wonder what is going to happen.”

The industry is traditionally perceived as one that’s male-dominated – did that lead to a bit of hesitation on your part before deciding to go down this route?

It definitely did, but I’m glad I’ve got into it, because I’m not too bad at just speaking to anyone. I think that’s benefited me, because there are a lot of stereotypes that people who go into cyber security are quiet, into their computers and don’t look at the world around them, but you should see my class.

It’s the complete opposite, which I was quite surprised by. After the first day, I was telling my mum that I needed to drop out, because there were no other girls in the class, but then I found one girl and that was OK for me, and I have seen the class this year and there’s quite a few girls so that’s making me feel better.

Obviously, I can use the lack of representation to my advantage as well because companies like to increase their diversity percentage. 

What encouragement have you been given both at College and on placement that your gender does not need to be a barrier to progress in the industry? 

My placement has given me such good feedback. It’s been one of the best experiences I could have ever asked for.

Everyone has been so welcoming and, if I have ever had a challenge, everyone is so open to helping me, which has been amazing because I really haven’t had to go through anything on my own. I think I’ll find that when I go to work as well, because people in the profession are friendly. You can go on LinkedIn and everyone is willing to help you. 

Are there other women at your placement provider who have served as role models?

Yes, I have teamed up with a few. There’s a girl called Dua, who is a little bit older than me, but she’s absolutely lovely and has been one of my buddies, which has been great.

What are the key skills you have learned during your time in College?

A lot of problem solving is definitely the main thing, as well as learning to think on your feet quite fast and being able to retain all the knowledge you know, while adapting to certain situations to give the people what they need in the circumstances. 

We are given a lot of scenarios about businesses and what’s happened to them and we have to be able to provide them with things that they need and to make sure that their business is not going to be affected again. You have to know what you’re talking about. 

What modules have you enjoyed the most?

I enjoy looking at the risks to businesses a lot. I find that really interesting and have been able to see it in practice with Lowell.

In Lowell, they accept some risks that they have and I didn’t realise businesses do that. I thought they just protected against all of them, but they look at severity and how much things would affect the company if it did happen and base decisions on that.

I also like the phishing simulations we have done, which is to make everyone aware of what a phishing email is, because the social aspect of a company is its biggest weakness. You have to make sure that everyone who has clicked on a phishing email won’t do that again.

And what about the quality of cybersecurity equipment you get to work with at College?

We do virtual labs, which are great. We are able to experiment freely and I do think that our teachers give us quite a bit of freedom to have a look at what we want to do.

We’re doing Cisco modules at the moment and, once we complete that, we are issued with a badge and can put that on our CV, which again makes it so much better for us when it comes to applying for a job. A lot of people in the class are looking to go straight into a job or an apprenticeship at the end of the course and some people have already been offered one or the other from their placement provider.

How did your placement with the Lowell Group come about – was it something you pursued or did College recommend you to them or them to you?

I went on a bit of a scavenger hunt and took Krispy Kreme doughnuts into a number of different companies near my home. I gave one doughnut to the person at the front desks and then another to the person who would be reading my letter.

Nobody else got back to me but, then, I saw the email from Lowell and was super happy. I think I basically - and literally - sweet-talked them into giving me a placement because they’d never had a T Level student before and I’m very grateful that they liked the doughnuts! Everyone is expecting them now when I leave as a parting gift.

What kind of tasks and projects have you been given during the placement?

I’ve been doing a lot of work and I think, during my placement, the best thing has been being moved around teams, so I’ve really been able to experiment. When I started my placement, I told Darren that I didn’t know what area I wanted to go into yet and he said that was fine and that he would put me in different teams to see what my personal preference was and, again, that will benefit me so much in the long run when I’m looking for a job.

I’ve done firewall management and I was able to apply what I’d learned during my first year at College at Lowell, which really helped my understanding of it.

We have made a phishing training module that has been sent to everyone in the business and I’ve also been looking at risks and how people mitigate them. I’ve been looking at the ISO 27001 (International Stadards Organisation) to make a centralised document, too. That’s all about the information security standard so everybody is aware of their legal responsibilities. 

We then did the ICO (Information Commissioner’s Office), which is where you need to report things for a data breach, because making sure the business follows all those regulations is a very big thing. With Lowell being a debt-recovery company, if they sent a letter out to somebody who doesn’t live at a certain address anymore, for example, that can be a breach.

We were also looking at a cyber defenders’ concept, which plans to get somebody from each department of the company to be the person that people go to with any issues, so they might be resolved then rather than going straight to the IT team and that can increase everybody’s awareness.

I’ve also written a tailgating article, based on a penetration test that I did at Lowell. That was absolutely amazing.

It was a physical one, so I was tailgating people in the building and seeing what floors I could get onto and managed to get onto quite a few. There were two other people I was working with and we managed to get into the Server Room, which was absolutely crazy. 

They have a scanning door lock system, which is normally very good, but there was a three-minute period when all the locks went green because they were going through an update, so we used that to our advantage and got in. That has been acted upon now that the report has been sent out. 

I’ve been looking at recertifications to make sure everybody who has access to things needs that access and don’t have access that they don’t need to have. It also means that people who have left the company can’t access our systems and conduct a malicious attack. 

I’ve been looking at vulnerability management and ticketing systems, which focuses more on the technical side of things or can be something simple like approving access to a certain website for an employee or them getting a new keyboard.

I’ve been looking at change management as well and how everything has to go through the CAB (Change Advisory Board) to make sure any changes that are being implemented benefit the business and are achievable within the budget.

How have you found working in such a professional environment for the first time?

It’s been great. I’d like to think I have conducted myself very well and I feel like everyone has really adopted me.

Has the placement helped cement in your own mind that you would like a career in cyber security?

Yes, although Lowell have set my expectations so high in terms of what it’s like to work in the industry.

What are you hoping your next steps might be at the end of the course?

I think an apprenticeship is the route I want to go down. I don’t really want to go to uni, because feel I learn better physically by being shown what to do.

I’ve spoken to a few employers and they’ve told me that they like the degree because it shows dedication, but a few other people have said they prefer the experience because you then know what you’re doing more, so I think having those few years of experience will be of greater benefit to me. I think the danger of just learning in classrooms without applying that knowledge in a workplace is that you might forget it all and that’s why I prefer the T Level and apprenticeship models of learning.

Any particular area of cyber security that you’d like to get into?

There’s a penetration tester at Lowell called Luke and he has helped me look into that hacking side of things, because I am looking at the penetration testing route a bit. There are a lot of restrictions that come with it, but it’s very interesting to see how far you can get into a business without them knowing for their benefit. I think it would keep me on my toes a lot.

We also put the following questions to Darren Ayre, the Lowell Group’s Head of Infrastructure Security: 

What initially made the company consider taking a T Level student on placement?

What made this placement truly stand out was the way Lily first approached us. With confidence and professionalism well beyond her years, she took the initiative to visit our site in person and hand-deliver a letter to reception, addressed to HR. 

In that letter, she clearly and thoughtfully articulated who she was, why she was reaching out, and why she was seeking a placement specifically with Lowell. It was immediately evident that Lily had taken the time to research our business. 

Her understanding of our mission, helping people regain their financial health, was not only accurate but deeply aligned with her own values and aspirations. That level of preparation and personal investment spoke volumes about her character and her commitment to making a meaningful contribution.

As this was your first experience with a T Level placement, what were your initial expectations or concerns?

Following our initial conversations with Lily, we were eager to open a dialogue with the college to better understand the structure of the work placement and explore how we could support both the curriculum and Lily’s development within our business. The engagement with staff at York College was nothing short of excellent, professional, informative, and genuinely constructive.

It quickly became clear that the course curriculum was closely aligned with how we deliver cyber security at Lowell. This alignment allowed us to confidently shape a placement experience that not only met the academic requirements but also provided Lily with meaningful, real-world exposure to the field. The collaboration between our teams and the college was a true partnership, built on shared goals and a commitment to nurturing emerging talent.

Did you go through an interview process and, if so, what made Lily the standout candidate?

After Lily submitted her letter to HR, we invited her to visit us onsite to explore her aspirations further. During her visit, she met with the Head of IT Infrastructure and a senior manager from the Talent Development team. 

The conversation quickly became a meaningful exchange, diving deep into the course Lily is currently studying and the work placement she’s pursuing. When asked why she chose cyber security as her focus, Lily spoke with clarity and conviction. 

Her responses were thoughtful, well-informed and rooted in a genuine passion for the field. She shared her hopes for the placement and her vision for a future career in cyber security with a maturity and insight that was truly impressive.

As we walked through the office, it became clear that Lily had done her homework. She spoke confidently about the types of data our business handles and the critical importance of protecting that data. 

Her understanding of the principles of Confidentiality, Integrity and Availability (CIA) was not only accurate but contextualised to our organisation - a rare and valuable skill in someone at this stage of their journey. Lily’s confidence, professionalism and depth of awareness across cyber security disciplines made a lasting impression. 

Her ability to engage meaningfully, ask insightful questions, and articulate complex concepts with ease made her stand out as an exceptional candidate for the placement. She didn’t just show potential - she showed readiness.

What kind of tasks, projects and duties has Lily been carrying out during the placement?

When designing Lily’s work placement, we were guided not only by her impressive knowledge and enthusiasm but also by a desire to give her a truly well-rounded experience. Looking closely at her curriculum, we knew it was important that her time with us went beyond the technical aspects of cyber security. 

We wanted her to gain meaningful exposure to the governance and risk dimensions that are just as critical to the field. With that in mind, we carefully structured her placement to span both second and first line functions. 

Lily spent time with our Cyber Risk and Governance team and the Information Risk team, before transitioning into the operational heart of our IT Infrastructure Security teams. This balance allowed her to see the full spectrum of cyber security in action - from strategic oversight to hands-on defence.

Throughout her placement, Lily has immersed herself in a wide range of activities. She has played a key role in risk and governance assessments, gathering evidence to ensure our IT operations aligned with governance frameworks and that our security risks remained within acceptable thresholds. 

She has participated in both physical and technical penetration testing, producing detailed reports with clear findings and actionable remediation plans - reports that were shared with our Cyber Security Senior Leadership and the Executive team. Lily also made valuable contributions to our ISO27001 certification efforts and helped update the security section of our ICO accountability self-assessment. 

This required her to collaborate with multiple stakeholders, and she did so with professionalism and confidence. Her time with the Information Risk team was equally impactful, where she explored how privacy incidents are managed and assessed, asking thoughtful and insightful questions throughout.

On the operational side, Lily has gained hands-on experience across a wide array of technical disciplines - from Change & Problem Management and Vulnerability Assessment to Firewall Management, Privileged Access Reviews, Third Party Vendor oversight, and Security Testing in the Software Development Lifecycle. She even contributed to our Security Training and Awareness initiatives.

Lily’s placement hasn’t just been a learning opportunity - it has showcased her capability, curiosity, and commitment. She hasn’t just observed; she has contributed meaningfully, asked the right questions, and left a lasting impression on every team she has worked with.

What’s impressed you about the way Lily has performed in the workplace?

Lily has consistently demonstrated an exceptional ability to quickly grasp the context and objectives of any task she’s given. What sets her apart is not just her technical understanding, but her awareness of the broader impact her work can have - a quality that’s rare and deeply valued.

From the outset, Lily has shown remarkable independence and courage. Her natural curiosity and eagerness to learn shine through in everything she does, and she approaches each challenge with meticulous attention to detail. 

Her “can-do” attitude is infectious, and her cheerful, positive demeanour makes her a joy to work with. She’s not afraid to ask questions when clarity is needed and she engages confidently with colleagues at all levels of the organisation. 

Whether she’s working alongside senior leaders or collaborating with peers, Lily brings a sense of professionalism and openness that fosters trust and respect. The quality of Lily’s work speaks volumes. 

Every piece of output she delivers is thoughtful, thorough and of a consistently high standard. She’s not just fulfilling expectations - she’s exceeding them.

What skills or qualities has she brought to your team?

Lily has demonstrated an open mind when undertaking new and complex work and has shown an abundance of appetite for all aspects of security work.

How has she adapted to working in a professional environment?

Lily has transitioned into the professional working environment with remarkable ease and maturity. From the beginning, she has shown a genuine interest in understanding not just what we do, but why we do it - asking thoughtful, constructive questions that reflect her desire to connect theory with real-world practice.

What’s been especially impressive is her ability to challenge her own assumptions. In moments where her academic knowledge differed from the operational realities of the business, Lily didn’t hesitate to explore those differences with curiosity and openness. Her willingness to learn, reflect and adapt speaks volumes about her character and her potential as a future leader in the field.

How has having a T Level student impacted your team or department?

Lily’s placement has been a rewarding experience not just for her, but for everyone she’s worked with. The teams she collaborated with - and the wider company leadership – have genuinely enjoyed the opportunity to support her growth and help shape her future in cyber security. 

Her presence has brought fresh energy, curiosity and a sense of purpose that has resonated across the business. At Lowell, we deeply value the importance of fostering talent in a positive and constructive environment. 

For our security community, and the broader organisation, it’s not just about developing skills; it’s about investing in the future of the industry. Lily’s journey is a testament to what can be achieved when potential is met with opportunity, guidance and encouragement.

What do you see as the benefits of the T Level education model of classroom tuition blended with 315 hours on placement?

The T Level model offers a powerful blend of classroom learning and 315 hours of industry placement, giving students both theoretical knowledge and practical experience. This approach enhances employability by developing real-world skills, builds confidence through exposure to professional environments, and strengthens links between education and industry. 

It also helps address skills shortages, supports social mobility and provides employers with early access to emerging talent, making it a valuable pathway for students and businesses alike.

Is there anything you’d say York College do well as a joint T Level education provider from your company’s view?

We’re incredibly grateful to the college placement team for their open, proactive and collaborative approach throughout this journey. Their willingness to engage with us on the finer details of the placement, and their flexibility in adapting to our business needs, has been instrumental in making this experience a success.

We’d also like to extend a heartfelt thank you to Lily for her own adaptability and commitment, particularly in attending onsite to fulfil the practical elements of the placement. Her enthusiasm and professionalism have made a lasting impression, and we’ve truly valued the opportunity to support her development.

Has your experience with Lily led you to consider taking on further T Level students from York College in the future?

Yes.

Would that be in cybersecurity or would you consider other subjects, too? 

Certainly, in cyber security.  

What advice would you give to other employers who may be unsure about hosting a T Level placement?

If you're hesitant about hosting a T Level placement, remember that it's a powerful way to make a real difference in a young person's life while enriching your own organisation. These students bring fresh energy, curiosity and a genuine eagerness to learn. 

You don’t need to reinvent your business - just offer guidance, meaningful tasks and a welcoming environment. With support from local colleges and a flexible approach, even small contributions can have a lasting impact. 

It’s more than a placement - it’s a chance to inspire, nurture future talent, and be part of something bigger.

Do you see T Level placements as an opportunity for students to showcase their future employment potential to you, too?

Absolutely - T Level placements are a brilliant opportunity for students to showcase their potential and for employers to spot emerging talent early. These placements allow you to see how a student applies their learning in a real-world setting, how they communicate, solve problems and adapt to your workplace culture. 

It’s a chance to assess not just technical skills, but attitude, curiosity, and growth mindset - all key indicators of future employability. Many employers find that students who thrive during placements often become strong candidates for future roles.

To learn more about the T Level Digital Security & Support course, please click here

For more information on all our T Level and Vocational courses at York College & University Centre, visit here

Want to discuss any of our degree, higher-level, vocational, T Level and A Level courses or apprenticeships with our expert team of tutors and check out our state-of-the-art facilities? Then, please come along to our next Open Event. Details on dates can be found here