{"id":442,"date":"2025-12-05T18:09:50","date_gmt":"2025-12-05T18:09:50","guid":{"rendered":"https:\/\/sites.wp.odu.edu\/aberr019\/?page_id=442"},"modified":"2025-12-05T18:09:50","modified_gmt":"2025-12-05T18:09:50","slug":"final-paper","status":"publish","type":"page","link":"https:\/\/sites.wp.odu.edu\/aberr019\/final-paper\/","title":{"rendered":"Final Paper"},"content":{"rendered":"\n

Introduction<\/strong><\/p>\n\n\n\n

My internship at Valor Cybersecurity began from a mix of coincidence, determination, and necessity. Originally, I had a different internship arranged, but unexpectedly losing my job cost me that opportunity and forced me to scramble for an alternate one much later than I expected. I began searching for an opportunity to shadow a cybersecurity or computer science professional everywhere I could. I attended several job fairs, submitted applications online, reached out to school systems like Suffolk Public Schools and Norfolk Public Schools, city offices, local organizations, and any business that potentially had an IT department. Despite my effort, calls went unanswered, emails went unresponded to, and all communication was radio silent.<\/p>\n\n\n\n

Out of desperation, I reached out to the internship coordinator at Old Dominion University, and by chance, she reviewed my resume and recommended reaching out to Valor Cybersecurity\u2019s CEO, Greg Tomchick. I contacted him immediately, we scheduled an interview, and after one conversation, he offered me an internship position. What started off as a stressful and uncertain search quickly turned around to be the most meaningful professional experience I\u2019ve had. Even though I arrived at Valor unconventionally, everything aligned perfectly with my long-term goals.<\/p>\n\n\n\n

I began my internship with four primary learning objectives. The first was developing scalable and adaptive security solutions, specifically through cloud computing services such as Microsoft Azure. My second objective was to strengthen my understanding of threat analysis, compliance, and risk management. My third objective was to familiarize myself with the Cybersecurity Maturity Model Certification (CMMC) framework, which outlines cybersecurity requirements for organizations with government contracts. My fourth objective was to learn how cybersecurity architecture integrates with business operations to see how documentation, processes, client communication, and security strategies all align to support technical and organizational needs.<\/p>\n\n\n\n

Valor Cybersecurity is a small cybersecurity business that was founded in 2021 by CEO Greg Tomchick. A prior player for the St. Louis Cardinals, he moved on to build a career in the cybersecurity industry. Valor specializes in cybersecurity compliance, security architecture, CMMC readiness, vulnerability management, and cybersecurity advising for organizations navigating cyber regulation requirements. Valor primarily works with defense contractors and small businesses that must comply with the Department of Defense (DoD) cybersecurity standards. The work at Valor requires balancing technical cybersecurity controls with small businesses and their operations.<\/p>\n\n\n\n

Starting at Valor, I was introduced to the company\u2019s tools, workflow, and services. I was briefed on Valor\u2019s client portfolio, internal communication practices, documentation templates, and the overall outline of the organization. I spent my first days independently researching Microsoft Azure and reviewing CMMC requirements. Later, I was briefed on beginning a project plan for \u201cValorVictor\u201d, a secure, scalable software solution designed to streamline client documentation and other Valor services. Working on this introduced me to cybersecurity architecture fundamentals through familiarizing myself with Azure services and navigating elements of a secure portal, all while designing around CMMC compliance. I also began learning how Valor operates internally through Microsoft Teams, how we organize client materials and documentation, and how we structure projects to meet deadlines and compliance expectations.<\/p>\n\n\n\n

My strongest initial impression of Valor was how collaborative the work is and how it contrasts with the independence granted to the employees, especially for a small business. Despite the remote working environment, I felt included in the operations immediately. My early conversations with Mr. Tomchick and Jackson Walker, Valor\u2019s lead Cybersecurity Architect, made it clear that my internship was not going to be limited to shadowing colleagues through my computer or simply sitting in meetings to absorb information; instead, I\u2019d be entrusted to actively contribute to client documentation, collaborating on security architecture designs, and helping with internal projects.<\/p>\n\n\n\n

Jackson, who quickly became my primary mentor, shared his experience navigating the field, how he manages the workload of several clients, and his application of technical skills throughout his career. His guidance set the tone for the internship: independent, challenging, and rooted in creative problem-solving.<\/p>\n\n\n\n

My first few weeks helped me transition from theoretical planning and research to hands-on practice, introducing me to areas of cybersecurity I had little to no experience in. By my second 50 hours, my responsibilities expanded to updating client documentation from CMMC Revision 2 to Revision 3, analyzing security plans, and learning how small changes in frameworks can significantly impact client security operations and risk management strategies<\/p>\n\n\n\n

Overall, I am thrilled I was introduced to Valor Cybersecurity to complete my internship at.  The beginning showed me that I would not only gain exposure to technical skills but also learn how cybersecurity can operate as a business service.<\/p>\n\n\n\n

The management at Valor Cybersecurity is shaped by its identity as a small business operating in a highly technical field. Unlike larger organizations with strict chain of commands and departments, Valor\u2019s management is collaborative and adaptive. This environment allowed me to not only work closely with leadership, allowing for direct exposure to executive-level decision-making, but also to experience hands-on operational work independently in a remote work environment.<\/p>\n\n\n\n

Leadership Environment<\/strong><\/p>\n\n\n\n

Valor\u2019s leadership is shared between the CEO, Greg Tomchick, who oversees the company\u2019s direction, client relationships, and long-term growth, and Jackson Walker, a senior employee who has been taken under Mr. Tomchick\u2019s wing. As the founder and primary leader, Greg balances both business operations and cybersecurity strategy, shaping Valor\u2019s focus on ensuring client compliance. He leads Valor with Jackson Walker beside him after the departure of another team member early in my onboarding. Along with attending client briefs with Mr. Tomchick, Jackson became responsible for managing virtually all of Valor\u2019s clients, developing updated documentation, and standardizing fundamental internal processes. These roles helped give him a comprehensive understanding of the company\u2019s operations while simultaneously gaining leadership experience.<\/p>\n\n\n\n

Because Valor is a small business, there are no layers of middle management; management is flexible and relies heavily on communication, trust, and initiative. This created an environment where my contributions were directly impactful; each \u201cassignment\u201d directly contributed to client readiness and ongoing security work.<\/p>\n\n\n\n

Supervision was notably more mentor-driven than hierarchical. Greg and Jackson took a supportive and collaborative approach for guiding my work and consistently offered feedback. They periodically checked in on my progress and ensured I was set up for success with the resources needed to succeed without being overbearing. Jackson, in particular, was a consistent mentor from the beginning. Although he works remotely, he still carved out time for regular phone and Teams calls, screen-sharing sessions, walkthroughs of CMMC documentation, cloud architecture development, and internal processes. However, his guidance went beyond technical skills; he shared meaningful career advice, efficiency practice tips, and advice on how to manage within a small-business environment. He described organization, time management, and efficiency as some of the most difficult but essential skills for cybersecurity professionals, especially when balancing high workloads and various deadlines<\/p>\n\n\n\n

Supervision at Valor was also extremely flexible. Instead of micromanagement, I was trusted to conduct research, manage my workload, and pace myself independently. I was able to develop initiative, a deeper admiration of the work I was carrying out, and problem-solving skills, especially while working on unfamiliar tasks such as drafting documentation or analyzing CMMC Revision 3 changes. At the same time, leadership always remained accessible when I needed clarification or feedback, providing me an effective balance between independence and support.<\/p>\n\n\n\n

Internal communication at Valor is primarily through Microsoft Teams, Outlook, and client-specific document folders via SharePoint. Because much of the company\u2019s work is remote, communication and clarity is essential. Early on, I was encouraged to maintain detailed notes, maintain organization, and document all updates or questions. This helped reinforce professional communication habits and ensured I was in sync with the team.<\/p>\n\n\n\n

From my perspective, Valor\u2019s management environment is highly effective. The simple structure, mentored supervision, and collaborative work allowed me to experience a wide range of responsibilities that I wouldn\u2019t have been able to experience with a larger organization. I was able to be exposed to architecture, compliance, documentation, cloud technologies, and risk management simultaneously. Not only did this accelerate my learning but it also helped me understand how cybersecurity functions within a business and as a business model.<\/p>\n\n\n\n

Leadership\u2019s reliance on independent and initiative-driven employees also supported my learning objectives. To develop security solutions, understand compliance frameworks, and assist with carrying out business operations, I needed room to research and apply concepts independently. However, even with the independence I was granted, the accessible and supportive mentorship ensured I never felt lost or overwhelmed with my tasks.<\/p>\n\n\n\n

Overall, the leadership environment at Valor is an ideal foundation for professional growth, autonomy, and exposure to real-world cybersecurity responsibilities. It challenged me to think critically, manage my time effectively, and take ownership of my learning, all while being supported by a team of professionals who were genuinely invested in my success.<\/p>\n\n\n\n

Work Duties & Projects<\/strong><\/p>\n\n\n\n

My work at Valor Cybersecurity ended up being much more \u201chands-on\u201d than I anticipated. From the beginning, I wasn\u2019t treated like someone who was just there to sit and observe. I was completing tasks that directly contributed to client documentation, internal projects, and long-term planning.<\/p>\n\n\n\n

A significant portion of my internship involved helping update and maintain client documentation. This included System Security Plans (SSPs), Written Information Security Plans (WISPs), and Incident Response Plans (IRPs). Initially, the amount and length of paperwork were extremely overwhelming, but slowly working through each document taught me how they fit together to build an organization\u2019s overall security posture.<\/p>\n\n\n\n

Valor began transitioning clients from CMMC Revision 2 to Revision 3 during my second 50 hours, which pushed me to learn the updated requirements in detail. Updating existing materials meant reading line by line, identifying which controls changed, and figuring out how those changes affected a client\u2019s policies and operations. I was forced to slow down, maintain attention to detail, and understand how the documentation I was reviewing connected to real processes in a business.<\/p>\n\n\n\n

My first major task involved learning the fundamentals of Microsoft Azure and helping plan the structure of a secure client portal project dubbed ValorVictor. During my first few weeks, most of my time was spent independently researching cloud architecture, Azure services, and how businesses utilize cloud platforms to build scalable and secure solutions. The goal of the ValorVictor project was to design a centralized portal where clients could store, access, and update their compliance materials efficiently and securely. My role wasn\u2019t to build the application from scratch, but to map out what the environment needed to look like and align those requirements with CMMC security controls. Not only did this help me familiarize myself with the technical designs and tools needed to create and sustain a secure cyber-architecture, it helped me learn how to translate an organization\u2019s needs into technical decisions that still meet compliance standards. This task helped me connect my academic knowledge and freelance research with real security design strategy.<\/p>\n\n\n\n

Beyond documentation and cloud architecture planning, a lot of my tasks involved basic operational responsibilities: maintaining organized client folders, documenting changes, reviewing policies, checking revision dates, and cleaning up inconsistencies across files. These tasks taught me the importance of structure and organization for cybersecurity. A single misplaced document or outdated policy could potentially delay an organizations compliance, cause confusion during an audit, or harm Valor\u2019s brand as a service-providing organization.<\/p>\n\n\n\n

Upon reflection, my duties at Valor gave me a well-rounded experience that blended technical learning, compliance work, and hands-on support. Even though the work was time-consuming and at times challenging, it helped me grow into a professional who feels ready to take on more responsibility in the field.<\/p>\n\n\n\n

Cybersecurity Skills: Applied & Learned<\/strong><\/p>\n\n\n\n

Before beginning at Valor, most of my cybersecurity experience came from classroom instruction, military service, and self-study. I had a decent grasp of networking fundamentals and basic security concepts, and a minimal understanding of cloud computing; however, one of the biggest areas of knowledge I strengthened throughout the internship was my foundational understanding of networking and security. Whenever I worked on documentation, such as SSPs or IRPs, I relied heavily on that knowledge to make sense of the technical environments clients were working with. Concepts like access control, network segmentation, authentication, encryption, and logging helped me interpret what controls applied to each client and why certain policies were written certain ways. Even though these concepts weren\u2019t new to me, seeing them applied in real organizational environments helped solidify my understanding and emphasized their significance to various organizations. <\/p>\n\n\n\n

Regarding CMMC framework, I began from the bottom. I have heard of CMMC briefly through sites like LinkedIn, however, I didn\u2019t fully understand what it was or even how far administrative structures could be intertwined with cybersecurity compliance. Beginning from the ground, I built up to my current level of knowledge and CMMC competence by working with the framework each day, learning how to interpret controls, identify gaps, and translating technical requirements into plain language that businesses could understand. A large part of this growth was through my exposure during Valor\u2019s client transitions from CMMC Revision 2 to Revision 3. During this period, I developed a deep understanding of the differences between the revisions, but the reasoning behind the updates and how those changes affected everything from documentation to risk management approaches. Through this, I was forced to think like a cybersecurity compliance analyst, not just a student taking notes or completing an assignment.<\/p>\n\n\n\n

Cloud computing was yet another area where I gained knowledge. Early in the internship, I spent a lot of time learning Microsoft Azure fundamentals and understanding how cloud resources can support secure, scalable solutions for businesses. When I began helping with the ValorVictor planning phase, I had to combine what I learned about Azure with security controls from CMMC to design something that was both functional and compliant. Although my focus was realigned to dynamically support Valor operations and I was not able to get further than the planning phase,  this experience helped me see that designing cloud architecture extends well beyond technology and into making deliberate choices that aligns with their respective regulatory requirements, protects data, and supports their unique business needs. Lastly, I learned how cloud services like identity management, network controls, and storage configurations play into the bigger security picture.<\/p>\n\n\n\n

I also developed practical skills that don\u2019t always get emphasized in academia. Organization and documentation management skills turned out to be just as important as technical knowledge. Maintaining organization was critical to maintain efficiency while working on multiple clients, navigating dozens of folders, reviewing policies, managing revisions, navigating through various tabs, all with only 2 monitors. You must know where everything is, what version you\u2019re working on, and how each document affects the final product. Jackson discussed this aspect of work often during the internship and emphasized that organization is one of the most difficult skills to master in the cybersecurity field because you\u2019re constantly learning new information while managing timelines and expectations. His approach to note-taking, standardized folder structures, and using tools to stay efficient helped me build these skills in a way that supported my work at Valor.<\/p>\n\n\n\n

An unexpected area of growth came from learning how cybersecurity fits into a business context. Cybersecurity is usually presented as a technical field focused on defending systems and reducing vulnerabilities; however, at Valor, cybersecurity\u2019s administrative, strategic, and financial sides were emphasized in ways I was not exposed to during my undergraduate program.<\/p>\n\n\n\n

Businesses have budgets, time constraints, personnel limitations, and operational realities that affect cybersecurity postures. Working directly with compliance documentation, client specifications, and even during my work designing ValorVictor, taught me that cybersecurity professionals must balance ideal security practices with what\u2019s realistic for a business. This understanding shifted my entire perspective, making my work and decision-making feel more dynamic.<\/p>\n\n\n\n

Lastly, my perspective on threat analysis and risk management has shifted from a militarized and sometimes abstract approach to a concept that seems much more tangible to me. Spending hours reviewing documentation, identifying gaps, and revising policies allowed me to see how risk plays a role in each part of an organization\u2019s cybersecurity strategy. Understanding where each business is vulnerable and how those vulnerabilities interact with compliance requirements helped me connect dots in ways I didn\u2019t see prior. I\u2019ve become significantly more comfortable reading about threats, evaluating whether controls were adequate or needed, and understanding how certain weaknesses could impact the overall security posture of a company.<\/p>\n\n\n\n

Overall, the internship helped me grow in multiple directions at once. I strengthened my foundational knowledge, gained exposure to technical frameworks, adapted to CMMC regulations, and developed a better understanding of how cybersecurity functions inside various organizations. The mix of technical work, compliance analysis, and operational responsibilities gave me a much more realistic picture of what cybersecurity looks like outside of coursework and helped me gain confidence in my abilities and knowledge.<\/p>\n\n\n\n

ODU Curriculum Connections<\/strong><\/p>\n\n\n\n

A valuable part of this internship was discovering how much of the curriculum I learned at Old Dominion University connected to the real work happening at Valor Cybersecurity. Before the internship, I categorized my cybersecurity knowledge: security, networking, programming, Linux fundamentals, penetration testing, digital forensics, cyber law & policy, and so on. There were moments during my time as a Link 16 Network Designer or as a sailor that I could internally reference some of the things I was learning, but most of the time, it wasn\u2019t always clear how those subjects would come together in a job. My work at Valor was the first time I could actually witness how these pieces fit into a much larger picture.<\/p>\n\n\n\n

Courses in networking, cybersecurity fundamentals, and techniques helped the most during my reviews of client documentation and interpreting security controls. During this work, I had to understand the various technologies clients were using and how those systems interacted with one another. Foundational security concepts like access control, multi-factor authentication, least privilege, encryption, and network segmentation were some of the first ideas I was exposed to in class and through labs. Identifying real-life applications of these controls reinforced their importance and helped me understand how different their implementation can look in various environments, depending on the client\u2019s size, budget, and operational needs.<\/p>\n\n\n\n

Courses exploring cyber strategy, policy, and law, to my surprise, were much more relevant than I initially expected. My first introduction to NIST standards, risk assessments, and documentation requirements, I viewed them as paperwork that simply outlined and defined cybersecurity. I paralleled them to regulations or similar documentation I was exposed to in the military; these were regulations and references I could refer back to when needed, not something I\u2019d need to analyze intensely or read front-to-back.<\/p>\n\n\n\n

At Valor, compliance, regulation, and framework became the backbone of nearly everything I did. The transition from NIST SP 800-171 Rev. 2 to Rev. 3 required me to familiarize myself with all the documentation Valor was concerned with before supporting the transition effort; learn the resource names, understand what they\u2019re written for, understand their differences, and how they play upon one another. There was no way I\u2019d be able to support Valor\u2019s team of CMMC compliance subject matter experts without first fundamentally understanding their governing resources.<\/p>\n\n\n\n

Reading and interpreting old and new requirements, comparing them to existing documentation, and understanding how each change affected a client\u2019s security posture helped solidify my growth and proficiency concerning written regulations. My exposure to policies and security frameworks at ODU made that process more approachable, even though the scale and detail were much greater in a professional setting. The internship forced me to grow quickly in this area, and by the end, I felt much more comfortable navigating compliance frameworks and understanding how they dance around business operations.<\/p>\n\n\n\n

My digital forensics coursework didn\u2019t directly relate to the specific work I did at Valor, but some of the attention to detail requirements carried over. In digital forensics, you learn how to examine evidence without overlooking small details. I was able to practice this during guided labs that often required a keen sense of attention to detail. The same approach was applied to compliance documentation to ensure accuracy and professionalism. A misplaced sentence, an unneeded security recommendation, or an outdated control reference can spark confusion or misalignment in a client\u2019s paperwork. The discipline I applied in my forensics labs helped me slow down and treat documentation with the same precision.<\/p>\n\n\n\n

One of the biggest connections I noticed was between my networking courses and the work I did exploring cloud computing services and Microsoft Azure. At ODU, I learned about networking fundamentals through the lens of local hosts; wired and wireless connections, hardware, data centers, and so on. Unknowingly, my exposure to the concept of cloud computing was borderline. Once I learned that cloud computing was not rocket science, but simply a model of computing that provides on-demand resources, I realized I may not have been exposed to it explicitly at ODU, but I\u2019ve tiptoed near the concept unknowingly.<\/p>\n\n\n\n

The ValorVictor project required me to work through how Azure services would support authentication, storage, access control, and compliance requirements. This experience brought the networking fundamentals I learned in class into focus. First, I was focused on the concept of cloud computing and how it worked. Shortly after, my focus shifted to how I could design a secure, client-facing portal while aligning with CMMC controls. That connection to the foundational knowledge of networking that Jackson continuously emphasized helped me gradually build my familiarity with cloud computing and helped me understand it at a deeper level.<\/p>\n\n\n\n

Another gap I noticed during my internship concerned business integration. ODU\u2019s undergraduate program heavily focused on technical skills, respectively, but failed to explore much on how cybersecurity interacts with real organizational constraints. I was not exposed to balancing technical best practices with business budgets, personnel limitations, or operational workflows; however, working at Valor demonstrated that these restrictions and realities shape cybersecurity decisions just as much as technical knowledge does. Through Jackson, communication skills and the ability to explain technical concepts to non-technical clients were highlighted as being just as important as understanding the concepts themselves through several conversations we shared.  <\/p>\n\n\n\n

Overall, the internship allowed me to connect my education through ODU with real-world practice in a smooth and natural way. Some parts of my academic experience prepared me directly, while other areas required more training on the job, however the combination of both helped me grow as a confident cybersecurity professional. The internship filled gaps in my knowledge, reinforced and built upon the foundation I built at ODU, and helped me apply my academic knowledge in a practical work environment.<\/p>\n\n\n\n

Learning Objectives<\/strong><\/p>\n\n\n\n

At the start of my internship, I set four learning objectives that I anticipated growth with through my internship at Valor. These goals focused on developing technical depth, gaining compliance exposure, strengthening my understanding of risk, and learning how cybersecurity fits into business operations. Reflecting on my time with Valor Cybersecurity, it\u2019s clear to me how each objective was strengthened through my work and exposure. <\/a><\/p>\n\n\n\n

Objective 1: Developing Scalable Security Solutions<\/strong><\/p>\n\n\n\n

For this objective, I wanted the opportunity to work with modern cloud environments and understand how scalable security solutions are designed. During the early weeks of the internship, I spent a lot of time researching Azure services, cloud architecture models, and best practices for building secure, flexible systems. Despite not having enough time to carefully orchestrate and carry out the building process, I still consider this objective a success. It was also meaningful, as I wasn\u2019t working on this project in isolation. Jackson provided advice, guidance, and a point of contact to bounce ideas around with. Everything I researched had to tie back to Valor\u2019s business needs and compliance expectations, and with Jackson\u2019s support, this project became a fully immersive, team-building exercise that conditioned my cloud knowledge, planning skills, and introduction to Valor\u2019s operations.<\/p>\n\n\n\n

Planning the ValorVictor project encouraged me to think about scalability from both a technical and organizational perspective. It wasn\u2019t simply about \u201cusing Azure\u201d but about ensuring the platform design supported secure workflows, client accessibility, and long-term growth. Mapping out how authentication, storage, and access control would work in an Azure cloud environment helped me build a practical understanding of scalable solutions and shifted my perspective to consider things like data flow, various user roles, and audit requirements. This significantly strengthened my ability to think in terms of both technology and business needs.<\/p>\n\n\n\n

Objective 2: Threat Analysis, Compliance, & Risk Management<\/strong><\/p>\n\n\n\n

This objective was fulfilled through almost every task concerning documentation, gap assessments, and CMMC revisions. Instead of studying threats and controls in a classroom environment, I had to analyze client documentation, identify gaps, determine whether clients were meeting security requirements, and recommend resources and changes to their posture to ensure they remained secure and within compliance.<\/p>\n\n\n\n

The transition from Rev. 2 to Rev. 3 was a huge opportunity to build this skill. Revision 3 introduced new requirements and shifted how certain controls were interpreted, which led me to consider potential risks clients might face with outdated policies. Each outdated policy, missing control, or incomplete explanation in their paperwork represented a potential weak spot.<\/p>\n\n\n\n

Objective 3: CMMC Framework Familiarization<\/strong><\/p>\n\n\n\n

Objective 3 was fulfilled more than any other. Before the internship, my knowledge of CMMC was limited to a general awareness that it existed. I had never worked with the framework directly, but over the course of the internship, CMMC became the center of almost everything I did. I reviewed dozens of controls, updated documents to reflect Revision 3 updates, interpreted client cyber environments through the lens of CMMC\u2019s framework, and helped build materials that ensured compliance readiness.<\/p>\n\n\n\n

I also gained a deeper understanding of some challenges that small businesses face when attempting to comply with a mandated framework. Clients would often have limited staff, other priorities, and varying levels of technical competence. My experience at Valor taught me how to balance completeness with practicality.<\/p>\n\n\n\n

Upon reflection, I believe each objective I set at the beginning of the internship was fulfilled to some degree. I gained technical exposure, compliance expertise, risk awareness, and a strong understanding of how business and cybersecurity decisions affect one another.<\/p>\n\n\n\n

Aspects of Interning at Valor<\/strong><\/p>\n\n\n\n

Most Motivating<\/strong><\/p>\n\n\n\n

There were various moments at Valor where I could feel myself growing the most, where I could see the impact of my work, or where I realized that I was exactly where I wanted to be, with a team I wanted alongside myself. The immersive and collaborative responsibilities, along with the mentorship I received from Greg and Jackson, both played a role in shaping those moments.<\/p>\n\n\n\n

One of the most exciting aspects of the internship was seeing the work I did directly supported the team and our clients. Everything I worked on had an immediate purpose: updating a security plan, reorganizing documentation, or seeing newly updated documentation fill up a folder. Seeing my contributions and knowing that I\u2019m directly helping fulfill my team\u2019s list of to-do\u2019s while getting our clients one step closer to compliance gave the work purpose and made it feel meaningful. That sense of purpose motivated me every day and allowed me to deeply appreciate the type of work I was doing.<\/p>\n\n\n\n

Another motivating part of the internship was the collaboration and mentorship I experienced with Jackson and Greg. Being able to converse with individuals that I admire, with deep technical knowledge, boasting impressive resumes of experience, gave me motivating and valuable insights. Jackson\u2019s approach to time management and his work philosophies directly influenced how I approached my own work and how I view my career. Jackson was transparent about the challenges he experienced, and Greg was continuously transparent about what the job required and what he expected from me, helping me set realistic expectations and goals for myself. Conversations with them always left me feeling proud, energized, and inspired to continue improving.<\/p>\n\n\n\n

Most Discouraging<\/strong><\/p>\n\n\n\n

Despite my internship at Valor being incredibly valuable, there were a few moments that felt discouraging or difficult from my perspective. These moments did not take away from my experience but instead challenged me in ways I didn\u2019t anticipate and forced me to adapt and grow.<\/p>\n\n\n\n

To my surprise, the most discouraging aspects stemmed from the remote nature of the internship. My initial reaction after discovering my internship was remote was optimistic and excited. My prior position was mostly in-person, but I cherished the few moments we were afforded to work remotely. I quickly realized that the completely remote environment sometimes felt more isolating than a hybrid internship might have felt. It was impractical to work anywhere without multiple monitors, so I was left with no choice but to sit in my home office, working, studying, and watching the day pass by. Sometimes I reminisced about my old commute, watching the sky glow slowly as the sun rose or seeing the trees change along with the seasons.<\/p>\n\n\n\n

While modern software, such as Teams, along with Valor\u2019s culture, made it easy to stay connected virtually, there were moments I wished I could be in the same room as the team, ask questions face-to-face, or even observe conversations in person, especially at the beginning of the internship while I was freshly navigating everything. Eventually, after supplemental meetings and calls, I felt independent and knowledgeable enough to carry out my duties without feeling lost or confused; though, I still had my moments.<\/p>\n\n\n\n

These moments were by far the most discouraging; however, they demanded reflection and contributed to the lessons I carried away. The privilege of being able to work remotely and the opportunities that stemmed from it are far too great to ignore, and while there were moments during the internship that felt lonely and discouraging, it was an opportunity to adapt by sharpening my discipline and strengthening my independence. Growth rarely happens without difficulty, and I eventually grew to appreciate the remote nature of my work in ways I hadn\u2019t prior.<\/p>\n\n\n\n

Recommendations for Future Interns<\/strong><\/p>\n\n\n\n

Cybersecurity internships can vary widely depending on the organization, but for a small business like Valor, preparation and mindset could make all the difference between success and failure.<\/p>\n\n\n\n

The first recommendation echoes from Jackson\u2019s advice: build a strong foundation in the basics. No matter what area of cybersecurity you plan to go into, understanding core concepts like networking, authentication, access control, encryption, and operating systems is essential. These fundamentals come up every day in client documentation, policy reviews, and compliance work, so anything more technical than policy will more likely lean heavily on your understanding of those foundational concepts.  Understanding how systems communicate, how accounts are secured, and how data moves within an organization before starting the internship will help everything else make sense and fall into place.<\/p>\n\n\n\n

My second recommendation for interning at Valor is to have at the very least a dual monitor setup. Working with documentation, research notes, CMMC controls, emails, and reference materials all at once is extremely difficult on a single screen. A second monitor makes it easier to compare documents, view multiple tabs, follow along during meetings, and keep your workspace organized. The difference in productivity and comfort is huge for any intern working in cybersecurity or policy.<\/p>\n\n\n\n

Lastly, I\u2019d recommend developing a strong sense of independence. In a small business, there isn\u2019t always time for someone to walk and talk you through each detail. You will need to research things on your own, navigate problems, and make educated decisions. It\u2019s also important to be proactive about asking questions, but it\u2019s just as important to try to figure things out on your own. Many of the skills I learned came from taking the initiative: thoroughly reading documentation, reviewing CMMC materials, or researching Azure tools before asking for help. Having a good combination of independence and curiosity will make you a valuable team member.<\/p>\n\n\n\n

Conclusion<\/strong><\/p>\n\n\n\n

My internship at Valor Cybersecurity ended up being one of the most meaningful experiences of my undergraduate experience, especially considering how unexpectedly it came into my life. I\u2019ve learned how policy formation, cloud architecture, compliance requirements, and business operations all connect to form the foundation of an organization\u2019s security posture. All of the work I collaborated on and completed provided me with technical exposure that I would have never been able to earn through just coursework.<\/p>\n\n\n\n

My experience reshaped my perspective about my time at Old Dominion University. I see how the subjects I was introduced to connect to the responsibilities I was given during the internship. The mentorship I received throughout my time has helped me understand not only the technical side of the field but also the habits and mindset needed to be valuable and effective in cybersecurity. The internship strengthened my confidence and even helped clarify the areas of cybersecurity I want to continue learning in: cloud security, compliance, and architecture.<\/p>\n\n\n\n

Looking ahead, I have a clear vision of the type of roles I want to pursue and the skills I need to build to get there. Valor taught me how dynamic cybersecurity is and how important it is to remain adaptable, curious, and willing to keep learning. Even though the internship wasn\u2019t the one I originally planned for, it unexpectedly ended up preparing me for the next chapter of my career.<\/p>\n\n\n\n