Introduction
When I reflect upon my cybersecurity undergraduate experience, I realize I picked up much more than technical skills. The courses I took touched upon various areas such as computer science, networking, information systems, political science, business fundamentals, and legal and policy topics. The longer I was in the program, the more some of these courses that loosely related to cybersecurity made sense. Cybersecurity isn’t simply typing into a terminal, tracing network packets, or coding from scratch; it extends into law, risk, compliance, psychology, communication, business priorities, and even international security.
Throughout the program, I’ve developed three skills that highlight my experience: threat intelligence and penetration testing, compliance and risk management, and secure cloud architecture design. Each of these skills trace back to various artifacts I created or worked on. These helped me learn how to think and operate like a real cybersecurity professional, ready to enter and deal with real problems, policies, and organizations.
Threat Intelligence & Penetration Testing
My first skill stemmed from hands on testing, labs, and threat research. My penetration testing labs were some of the most engaging and immersive tasks I completed within the program thanks to Virtual Machines (VMs). Getting hands on experience with Kali and Ubuntu and utilizing tools like Nmap and Metasploit made carrying out password attacks, troubleshooting when issues arose, and carrying them out successfully feel like a breakthrough in my abilities.
These labs taught me how to slow down, think critically, and document everything. Ethical hacking revolves around planning, documenting methodologies, and ensuring you truly understand why something worked or didn’t. As I explore LinkedIn and dive into job postings, many security role responsibilities emphasize communication skills because being able to explain your findings in a way that a business owner or non-technical person can understand is just as important as carrying out the technical work itself. This is another skill that the labs encouraged me to develop indirectly.
The threat intelligence aspect of this skill stems from the MOVEit supply chain attack research I conducted. I dedicated my time to exploring and analyzing one of the most prolific cybersecurity incidents, examining how attackers exploited a zero-day vulnerability, the methods they used to spread to hundreds of victims, and how data exfiltration turned into extortion. Digging into the attack helped me identify specific behaviors to larger attack patterns. This highlighted to me how threat intelligence was involved in much more than simply reading alerts. It involves constant learning about how adversaries think, how they chain techniques together in ways to bypass security controls, and familiarizing yourself with newly identified threats and penetration techniques.
Lastly, in my cyberviolence white paper, I expanded upon the idea of what a “cyber threat” looks like. My research for this white paper shifted my vision towards the digital harm that doesn’t involve a virus or phishing attempt. Cyber-crimes can be psychological, political, or social, which makes sense in retrospect; however, it was fascinating researching and observing how wide the spectrum of cyber-crime was. Modern security issues are not always about servers; sometimes they’re about how technology affects people and communities in unhealthy or dangerous ways.
These artifacts showed me that threat work is both practical and analytical. I enjoy the hands-on, technical aspect, but I also deeply enjoy the intelligence aspect of interpreting patterns and connecting them to strategy, similar to my role overseas while I was on active duty.
Cybersecurity Compliance & Risk Management
The second skill in compliance and risk management is much more “hidden” but just as important. My exposure to CMMC framework documentation during my internship with Valor Cybersecurity allowed me to witness how small businesses with federal contracts manage cybersecurity. Prior to my time at Valor, I had little knowledge of the CMMC framework or how detailed the controls were written. CMMC compliance forces an organization to consider an umbrella of cybersecurity requirements such as access control, auditing, logging, encryption, incident response, and training. It was incredibly overwhelming at first, but once I became familiar with the structure, it became a roadmap.
Working with this framework taught me how to read regulatory language and translate it into normal operations. I had to understand what the control meant, how a company should implement it, and how that control mapped to confidentiality, integrity, or availability. This is where business writing and communication skills became paramount; you cannot achieve compliance for multiple clients with your team without clear documentation and communication.
My NATO cyber policy analysis allowed me to view cybersecurity from yet another angle. Instead of focusing on local organizations and compliance, I examined how a multi-national organization coordinated cyber defense, legal obligations, and shared intelligence. Learning about strategic defense partnerships exposed me to the geopolitical nature of learning how to navigate the cyber domain. Luckily, my previous exposure to political science helped me connect national security strategy with cyber threats, leading me to comprehend how international law and treaties played into cyber defense.
The System Security Plan (SSP) gap analysis, another confidential artifact, helped deepen this skill. A gap assessment involves comparing old documentation (in this case, an SSP written from the NIST Rev. 2 framework), identifying where the organization isn’t meeting the updated standards from Revision 3, and then recommending fixes. It was a mix of detective work and consulting. This task showed me how cybersecurity is connected to an organization’s budgets, staffing, and priorities.
Altogether, these experiences helped me understand that compliance doesn’t just involve paperwork. It helps protect data, holds organizations accountable, and forces security to be intentional rather than reactive.
Security Architecture & Cloud Solutions Design
My final skill stemmed from security architecture and cloud planning. Working on the ValorVictor system outline encouraged me to familiarize myself with Azure cloud functions and to think about design before implementation. Planning a client-facing portal required me to map user roles, decide how data would travel, consider cloud resources, and ensure access control and logging made sense from the beginning. Cloud architecture design required me to build upon and expand my technical knowledge and the ability to understand my organization’s needs.
I also helped deploy infrastructure assessments for client’s Information Security Resource plans. This task highlighted the security architecture’s cost of implementation, a business’s capability, staff skill, compliance timeline, and operational maturity. I had to consider what a company could realistically manage to implement, not just what would be ideal from a technical point of view.
My Linux permissions lab might seem simple in comparison, but it reinforced basic principles that architecture depend on: least privilege, identity separation, and secure user management. Large systems are simply scaled versions utilizing these foundational principles. Without access control established, no architecture could truly hold up. After working on these projects and assignments, architecture feels like the direction I want to continue exploring professionally.
Conclusion
Throughout my degree program, I learned about how networks behave, how cybercriminals think, the way compliance is enforced through frameworks and policy, how organizations plan security, and how systems are designed from the beginning steps of programming to established tools.
Although I didn’t anticipate the amount of writing involved in the cybersecurity undergraduate program, I’m grateful that the program wasn’t just technical labs. The combination of writing, analysis, testing, legal concepts, and my exposure to cloud architecture and compliance through my internship allowed me to feel adequately prepared for entering the cybersecurity sector. I step away from ODU, not feeling like I memorized tools and flashcards, but instead feeling as if I learned how to systematically think through security problems from various angles, which is something I’ll utilize each day as a cybersecurity professional.