The second 50 hours of my internship at Valor Cybersecurity have shown me the various levels at which cybersecurity connects to and affects real business operations. While my first few weeks were focused on learning the fundamentals of Microsoft Azure and CMMC compliance, my second 50 hours have shown me how these concepts are applied dynamically when working directly with clients and managing their security documentation. I have steadily transitioned from learning frameworks and theory to watching how they’re applied to support various organizations.

A major part of my work during my second 50 hours was updating existing client materials as Valor transitions from CMMC Revision 2 to Revision 3. This provided me the opportunity to deep dive into the security plans and documentation packages that Valor Cybersecurity puts together for our clients. Updating the client’s paperwork while identifying where their organization falls short on CMMC Revision 3 requirements prompted me to gain a deeper understanding of CMMC’s security groups and the systems our clients had in place. Attention to detail was paramount to understanding how these requirements changed and what updates needed to be made to ensure compliance; the smallest adjustments in a framework can impact how a company manages its operations, policies, and reporting.

The work is time consuming and a plethora of paperwork, however the deep exposure to documents like System Security Plans (SSP), Information Security Resource Plans (IRP), and Written Information Security Plans (WISP) has helped me gain familiarity with federally accepted cybersecurity paperwork I haven’t yet been exposed to, while also showing me how they all uniquely work together to protect each company’s infrastructure. I’ve learned to appreciate the emphasis and importance of maintaining structure, organization, and accountability for effective cybersecurity postures vice the usual technical defenses.

I have also begun working on my 90-Day Growth Plan with Valor. This plan, along with talking closely to my colleagues and supervisors, has given me a great opportunity to reflect on where I’m headed in my cybersecurity career. It’s helped me clearly define what I want to specialize in and identify the certifications and skills I need in order to get there. My short-term focus remains on earning my Security+ certification, but I’m also using this time to think long-term about where I want to transition and develop my technical skills, whether that’s in cloud security operations, compliance, or security architecture.

These past 50 hours have highlighted how the people and processes in cybersecurity are just as important as the technology. I continue to learn and experience how documentation, compliance, and communication all play roles in keeping information secure in a dynamic environment. My exposure to the administrative aspects of cybersecurity at Valor continues to build upon the knowledge I’ve gained during my academic career and gives me confidence that my foundation will lead me to a meaningful and impactful career in cybersecurity.