Skill 1: Cybersecurity Compliance Metrics & Policy


Artifact 1: Aligning Company Policies with NY 500 DFS Cybersecurity Regulations
In my internship, I contributed to aligning our company’s cybersecurity policies with the NY 500 DFS cybersecurity regulations after the acquisition of a new company. This artifact demonstrates my ability to work within compliance frameworks and apply regulatory standards to real-world situations. It also highlights my knowledge in ensuring that company policies reflect industry standards for cybersecurity, which is crucial for maintaining a secure and compliant environment. One of my classes at Old Dominion, Cybersecurity 425W Cyber Strategy and Policy coursework prepared me for my experience in policy creation.

Artifact 2: Phishing Incident Reports
As part of my role, I compiled weekly phishing incident reports that helped our management team identify and address phishing threats. This artifact demonstrates my ability to monitor, report, and respond to security incidents, showing my understanding of compliance and risk management. These reports also emphasize the importance of proactive risk management in the cybersecurity space.

Artifact 3: Security Awareness Training Webinar
I played a role in developing a security awareness training webinar, introducing our employees to the company’s new email encryption policy. This artifact showcases my ability to create and deliver cybersecurity training, an essential skill for promoting a culture of security within an organization. It highlights my capacity to educate others on security best practices and align them with company policies to reduce risks.

Skill 2: Incident Response & Threat Analysis
Artifact 4: Phishing Analysis (Email Categorization)
I was responsible for analyzing and categorizing phishing emails as threats, spam, or reconnaissance. This artifact demonstrates my proficiency in threat analysis, as I had to quickly identify suspicious activity, assess potential risks, and categorize them for further action. It highlights my ability to respond to and mitigate security threats, which is a crucial aspect of incident response.

Artifact 5: Investigating Microsoft Defender Alerts
In my internship, I supported incident mitigation by investigating alerts generated by Microsoft Defender. This included triaging security events and responding to incidents, which deepened my experience in analyzing security threats. This artifact demonstrates my ability to use security tools like Microsoft Defender to identify, investigate, and mitigate security incidents, an essential skill for any cybersecurity role.

Artifact 6: Cofense Phishing Reporting Button
I contributed to the implementation of the Cofense phishing reporting button, which allowed employees to report suspicious emails directly. This artifact shows my proactive approach to incident response by helping empower employees to participate in security efforts. It illustrates my ability to set up and manage security tools that facilitate early threat detection and response across the organization.

Skill 3: Technical Deployment & Troubleshooting
Artifact 7: Laptop Imaging & Deployment
One of my key responsibilities was imaging, deploying, and configuring laptops for both remote and in-office employees. This artifact demonstrates my technical skills in setting up secure and functional workstations, ensuring that all devices met the organization’s security requirements. It highlights my experience with technical deployment and how I ensured secure configurations during the setup process.

Artifact 8: Active Directory Account Creation
I regularly created Active Directory accounts and set up Microsoft Office for new employees. This artifact shows my understanding of user access management, including the security of user credentials and permissions. Properly managing access control is vital for cybersecurity, and this task demonstrates my ability to securely handle user accounts and manage their access to systems and data.

Artifact 9: E-Waste Inventory System
I developed an inventory system for e-waste to improve the tracking and secure disposal of obsolete hardware. This artifact demonstrates my understanding of the importance of secure hardware disposal as part of an organization’s overall security practices. It showcases my ability to develop solutions that mitigate risks associated with the handling of outdated devices and support sustainable cybersecurity practices.

Reflective Essay

Introduction  

The purpose of this reflection essay is to examine my growth and development throughout my academic journey in cybersecurity, as well as to reflect on how my coursework and internship experience both have prepared me to enter the cybersecurity workforce. The skills I have developed throughout my time at Old Dominion University and during my internship have allowed me to bridge the gap between theory and practice. This essay will highlight key experiences, including my work on cybersecurity policies, phishing analysis, and security awareness training, as well as how my coursework has prepared me for cybersecurity field. In particular, I will also show how my academic foundation in courses such as Cyber Strategy and Policy (CYSE 425W) and Cybersecurity and Social Science (CYSE 201S) has been applied directly to real-world tasks, shaping my technical and professional skills. Additionally, I will discuss the importance of cybersecurity in an increasingly digital world and how my internship has provided me with hands-on knowledge, preparing me for the diverse and complex challenges cybersecurity professionals face today.  

Aligning Company Policies with NY 500 DFS Cybersecurity Regulations 

During my Information Security internship, I was tasked with helping to align the company’s cybersecurity and Information Technology policies with the New York 500 Department of Financial Services cybersecurity regulations. That was a challenging yet highly valuable experience. This task was directly influenced by the knowledge I gained in Cybersecurity 425W: Cyber Strategy and Policy at Old Dominion University. In that course, we studied the connection of policy and cybersecurity and explored the various regulatory frameworks that govern cybersecurity practices, including HIPAA and the GDRP. This coursework gave me the foundational understanding of policy creation, regulatory compliance, and the approach needed to ensure an organization’s cybersecurity measures meet legal and best practice standards.  

Phishing Incident Reports 

One of my major duties in my current role as an information security intern is to analyze phishing emails, categorizing them as threats, spam, or reconnaissance, and compile these findings into weekly report for management. This task enhanced my understanding of threat analysis, incident response, and learn to see trends in who is being targeted. In Fall 2024, I took CYSE 201S: Cybersecurity and Social Science, which helped me recognize the human element in phishing attacks. The course explored how emotional manipulation and social engineering tactics influence user susceptibility to phishing. This insight allowed me to not only detect technical threats but also understand the psychological tactics used in phishing attempts. I applied this knowledge when analyzing emails, finding patterns in users and departments that are targeted and what made them more convincing to employees. Phishing is a example of how interdisciplinary studies are connected; it is not just a cybersecurity issue but one tied to psychology, human behavior, and communication (Gonzalez, Robin, and Michael E. Locasto. “An interdisciplinary study of phishing and spear-phishing attacks.”). Understanding this connection has made me a better analyst and improved my ability to anticipate, understand and defend against future threats. 

Security Awareness Training Webinar 

Throughout the last four years of my academic journey, one phrase I heard often is that a company’s security is as strong as its weakest link, and that weak link is human error.  The team I was a part of contributed to the creation of a security awareness training course aimed at introducing our employees to better cybersecurity practices. This artifact shows my ability to develop and deliver cybersecurity training, an important skill in fostering a security focused culture within an organization. Through this experience, I learned how to communicate complex cybersecurity concepts to a non-technical audience, making sure the message was clear and engaging. One of the first classes I took at ODU CYSE 300 introduction to cybersecurity was an example of how much technical understanding employees need without overwhelming them.  

Phishing Analysis   

I am currently responsible for analyzing and categorizing phishing emails as threats, spam, or reconnaissance. This artifact proves my ability in threat analysis, as I quickly identified suspicious activity, assessed potential risks, and categorized them for further action. It highlights my ability to respond to and mitigate security threats, a critical aspect of incident response. This experience helped me develop skills in identifying threats and working with a team to implement a proactive measure to safeguard the organization’s cybersecurity, for example blocking certain email addresses that are malicious.  

 Investigating Microsoft Defender Alerts 

As a security team, we have weekly incident mitigation meetings where we investigate alerts generated by our endpoint detection and response software. This involved triaging security events and responding to incidents, which deepened my experience in analysis. This skill proves my ability to use security tools to identify, investigate, and mitigate security incidents, essential skills for any cybersecurity role. My class, CYSE 301: Cyber Techniques and Operations, reinforced the technical foundation for using security tools to manage and respond to threats effectively. At a Microsoft Defender webinar I recently attended, the presenter answered a question someone had on whether or not that we were learning would be transferable to a different application like CrowdStrike or SentinelOne. The presenter responded that the logic behind analyzing an attack path, how it happened, why it happened will still be applicable regardless of the solution you are using. This reinforced my confidence in the relevance and transferability of the skills I am developing. Investigating cybersecurity alerts can also be an interdisciplinary task that combines technical ability with investigative thinking and behavioral analysis (Singh, T. (2025). Psychology and Its Impact on Cybersecurity). Understanding an attack path not only requires knowledge of security tools but also insight into attacker motivations and strategies, blending cybersecurity, psychology, and criminology.  

Phishing Reporting Button 

I have worked in customer service before my internship; I have learned that it is best to keep the customer experience as easy and smooth as possible. With the security team I contributed to the implementation of the phishing reporting button, which allowed employees to report suspicious emails directly. This artifact shows my proactive approach to incident response by helping empower employees to take part in the companies’ security efforts. It illustrates my ability to set up and manage security tools that help early threat detection and response across the organization. I also believe that having users directly involved in security helps them keep in mind the constant threats (Still, Jeremiah D. “Cybersecurity needs you!.).  

Laptop Imaging & Deployment 

One of my key responsibilities during my Information Technology internship was imaging, deploying, and configuring laptops for both remote and in-office employees. This artifact shows my technical skills in setting up secure and functional workstations, ensuring that all devices met the organization’s security requirements and had the users desired applications. It highlights my experience with technical deployment and how I ensured secure configurations during the setup process.  

Active Directory Account Creation 

I regularly created Active Directory accounts and set up Microsoft Office for new employees and deactivated accounts for terminated users. This artifact shows my understanding of access management, including the security of user credentials and permissions. Properly managing access control is vital for cybersecurity (Borky, J. M., Bradley, T. H., Borky, J. M., & Bradley, T. H. (2019). Protecting information with cybersecurity). This task shows my ability to securely handle user accounts and manage their access to systems and data.v 

 E-Waste Inventory System 

I developed an inventory system for e-waste to improve the tracking and secure disposal of obsolete hardware. This artifact shows my understanding of the importance of secure hardware disposal as part of an organization’s overall security practices. It displays my ability to develop solutions that mitigate risks associated with the handling of outdated devices and support sustainable cybersecurity practices. Managing e-waste securely is an interdisciplinary issue, blending cybersecurity and environmental science. Not only is it important to protect sensitive data stored on old devices, but it is also crucial to ensure environmentally responsible disposal practices (U.S. Environmental Protection Agency. “Basic Information About Electronics Stewardship.).  

Conclusion  

Throughout my journey in creating this e-portfolio I have looked back at my internship experience, my coursework at Old Dominion University, has equipped me with the skill set for a career in cybersecurity. From policy creation and incident response to technical deployment and management, I have developed an understanding of the various parts of cybersecurity. The coursework I completed provided the foundational knowledge I needed, while my hands-on internship experiences allowed me to apply that knowledge in real-world scenarios. Moving forward, I feel confident in my ability to contribute to the cybersecurity field, having gained valuable insights into both the technical and strategic elements of cybersecurity practices. This reflection has reinforced the importance of continuous learning and adapting to new threats, ensuring that I am prepared to meet the challenges of the cybersecurity industry in the future. I plan on continuing to learn as a  information security analyst and to use my e-portfolio as a way to demonstrate my skills and experience.  

Reference 

Still, J. D. (2016). Cybersecurity needs you! Interactions, 23(3), 54–58. 

Gonzalez, R., & Locasto, M. E. (2015). An interdisciplinary study of phishing and spear-phishing attacks. Retrieved from http://cups.cs.cmu.edu/soups/2015/papers/eduGonzales.pdf 

U.S. Environmental Protection Agency. (2025, April 28). Basic information about electronics stewardship. https://www.epa.gov/smm-electronics/basic-information-about-electronics-stewardship 

Singh, T. (2025). Psychology and Its Impact on Cybersecurity. In Cybersecurity, Psychology and People Hacking (pp. 29-41). Cham: Springer Nature Switzerland.  

Borky, J. M., Bradley, T. H., Borky, J. M., & Bradley, T. H. (2019). Protecting information with cybersecurity. Effective model-based systems engineering, 345-404.