Annie Nie loves a competition. From video games to Capture the Flag challenges at university, to mixing it with the best cyber researchers in the world. Not bad for someone who deemed herself “absolutely clueless” as she embarked on her career as a pentester and now cyber security researcher with BAE Systems Digital Intelligence.
She was also recently selected as a finalist in the ‘Best Female Technical Specialist Under 35’ and ‘Best Cyber Technical or Specialist Under 35’ categories for the Defence Connect Defence & National Security Workforce Awards 2025.
I didn’t even know cyber security was a field before going to uni!
I knew I wanted to do something tech related. I’d grown up around video games and playing with computers, and always had this curiosity around how things work. I became the person in my family who always fixed technical problems, helped by opportunities I had at school where I discovered programming and areas like that. But, really, I had no idea what cyber security was as I started university life.
Everyone I knew in school that was into tech was planning to go into software development or engineering. I quite liked not having an idea though – it allowed me to explore different areas while at university, and by doing that I accidentally discovered that cyber security was indeed a field.
It was the competitions that captured my interest. Societies there were promoting Capture the Flag (CTF) competitions which I got involved with, and they singlehandedly convinced me that this was a field I wanted to get into. What I loved was the idea of really getting into the nitty gritty technical aspects of things, and striving to really understand how they worked.
Coming out of uni I started out as a pentester which exposed me to how different clients focused on, and managed, cyber security. And then the opportunity with BAE Systems Digital Intelligence arose.
Bits and bytes make more sense than words in a sentence
There were a couple of things that really drew me towards Digital Intelligence. It started with some of the people in the company who I met and spoke with, and I found they were extremely supportive. I can now confirm having worked with them, that they really are amazing to work alongside – just so helpful and a lot of fun. And then there was the work itself. I realised quickly quite how many different capabilities were suited to the work, and how many streams of that work there were.
At the moment I’m mostly working with the threat intelligence team, delivering reports on different malware that’s out there in the real world, and seeing how the landscape changes from month to month… or really, day-to-day to be honest. The global impacts of these shifts have been eye opening – the extent and frequency of activity is incredible.
As a cyber security researcher more generally, I still just love getting into the nitty gritty technical aspects of it all. Being allowed and encouraged to not only do that, but to then extract information that’s useful and actionable for customers suits me perfectly. The bits, the bytes, the zeros and ones, all make more sense to me than words in a sentence at this point. And being surrounded by people who have the same enthusiasm and who all feel the same way despite coming from so many different backgrounds, is just a lot of fun.
Clued up through competition
There’s still the competitive element too…
From CTFs at university, I now compete in global cyber competitions regularly. I recently participated in the Cyber Security Challenge in Santiago, Chile where teams of people under 26 or 27 years old come together for a test of their technical cyber skills. The competition was split into regions and being from Australia I was one of 17 people to represent Oceania. The style was still CTF, and it took place over two days and two different formats. Skills such as reverse engineering, web application security, hardware security and cryptography were tested on day one. And then the second day was what we call ‘attack and defence’ where you’re given vulnerabilities to both defend but also exploit in the other teams.
Our team came third, which for a global event was awesome!
These competitions are fun of course, but what attracts me to them is that combination of learning new skills while also testing and revising skills you’ve already developed. Because, honestly, to begin with I couldn’t do anything. I was absolutely clueless. But the more exposure you get, the more you read, the more you’re tested, the more you learn new variations of existing patters and new approaches to them, the journey continues on.
From competition to community
One thing that surprised me about these competitions is quite how much they really do apply to my day-to-day work in threat intelligence. The challenges you encounter very much feel like a competition in a lot of cases.
I guess that would be my advice for others considering entering the cyber security sector. If you’re looking to continuously learn new things, you’re constantly curious, and like to solve challenges, then it’s such a fun and varied field. I realise it can be tough to initially get into cyber and to find someone who’s willing to take a chance on you and help you grow. But once you’re in the community, there’s so much great support in it – so many potential mentors and people to even just bounce ideas off.
And I’m obviously a big advocate for competitions too! There is a visibility aspect to them – exposure for you to the sector, and exposure for those already in the sector to see what you can do. They certainly can open doors for recommendations or even hiring opportunities.
The overlap between these competitions and the work I do in Digital Intelligence is significant. The conversations you have, the challenges you face. I think it’s proof that your childhood curiosity, a love of video games, your passion for learning… these are the things that make you suitable for a career in cyber security. You don’t have to be a technical genius before you even get to university.