Cybersecurity Risk Assessment Internship – City of Suffolk / COVA CCI Cybersecurity Clinic

This page primarily describes the work I completed as apart of the Fall 2025, COVA CCI Cybersecurity clinic. As apart of the internship, I worked with the City of Suffolk intending to perform a risk assessment of one of their SQL servers using Tenable and other tools, to accomplish this I worked with two other great individuals in performing this risk assessment to ensure that Suffolk understood the impact of potential vulnerabilities. Due to the complex nature of the task, although we were provided initial team dynamics, we mostly all performed different tasks to ensure that we gained an adequate understanding of exactly what Suffolk wanted us to accomplish. I primarily supported cybersecurity risk assessments by conducting vulnerability scanning, and created dashboards to ensure the risks established by those scans were accurately displayed in a precise manner. This experience strengthened my practical understanding of real-world cybersecurity governance and technical risk management.

Organizational Context

  • Municipal government environment
  • Focus on public-sector cybersecurity risk and compliance
  • Emphasis on CIS compliance, and best practices for local government

My role

  • Conducting vulnerability scans using Tenable
  • Designed default dashboards in Tenable
  • Reviewed SQL server for compliance risks
  • Analysed scan results, separated by CVSS severity
  • Mapped overall cybersecurity readiness to Valor Top 10 checklist
  • Assisted in drafting risk assessment documentation

Tools & Technologies Used

Tools and technologies used:

  • Tenable
  • Windows Server
  • NIST CSF
  • CISA CPG
  • Valor-Cybersecurity Best Practices

Skills Developed

Technical

  • Vulnerability Analysis
  • Risk prioritization
  • Framework Mapping

Professional Skills

  • Technical Writing
  • Stakeholder and executive communication
  • Team collaboration
  • Working in compliance-driven environments

Reflection & Takeaways

Below are my reflections & key takeaways:

annotated-Reflection20Paper2028229Download


annotated-Reflection20Paper2022028129

annotated-Reflection20Paper2032028229

Individual-Reflection-5

https://drive.google.com/file/d/1LtTag-ISkr-Tuv9otUI2MwK7TJAiVKf9/view?usp=drivesdk


Overall, this internship was an excellent experience and refined the importance of governance and risk based decision making in cybersecurity, especially in resource-limited or public sector environments. It showcased how frameworks like CIS and the NIST CSF translate from theory to practical application and steered my interest to security assessment and policy focused security engineering.