April 23, 2025

Arica Willis

Ratisha Smith

Quad22 Technologies

CYSE 368-Internship

Spring 2025 

ODU Honor Pledge
“I  pledge to support the Honor System of Old Dominion University. I will refrain from any form of academic dishonesty or deception, such as cheating or plagiarism. I am aware that as a member of the academic community it is my responsibility to turn in all suspected violations of the Honor Code. I will report to a hearing if summoned.” 

Signature: Arica Willis

Table of Content

Introduction……………….. 3

Beginning of Internship……………….. 4

Management Environment……………….. 5

Major Work Duties and Assignments……………….. 5

Use of Cybersecurity Skills and Knowledge……………….. 6

ODU Curriculum Connections……………….. 7

Evaluation of Learning Objectives……………….. 8

Motivating and Exciting Aspects……………….. 9

Discouraging Aspects……………….. 10

Challenging Aspects……………….. 11

Recommendations for Future Interns……………….. 11

Conclusion……………….. 12

Introduction

Choosing an internship is one of the most pivotal decisions for any college student preparing to enter a competitive workforce. As a Cyber Operations major at Old Dominion University, I knew I wanted an experience that would blend both technical and practical knowledge in cybersecurity, while also allowing me to explore adjacent fields such as software development. That’s what led me to pursue an internship at Quad22, a dynamic tech company where they made a team to help develop a game recommendation app. The opportunity to work in an environment that merged cybersecurity with software engineering in a real-world application aligned perfectly with both my academic background and career ambitions.

There are three learning objectives I hoped to achieve through my internship at Quad22. First, I aimed to develop hands-on cybersecurity skills in a professional setting. While my coursework at Old Dominion University introduced me to foundational concepts like network defense, system hardening, and vulnerability assessment, I wanted to experience how these theories translated into real-world business practices. My goal was to work directly with practical tools and security workflows, such as implementing secure authentication systems, configuring access control policies, protecting user data, and conducting vulnerability scans on active systems. Gaining this kind of practical, real-time experience was critical for understanding both the scope and complexity of cybersecurity in a modern tech environment.

Second, I sought to gain exposure to the software development lifecycle (SDLC) and secure coding practices. Although cybersecurity was my primary focus, I recognized the value of understanding how software is developed, tested, and deployed, especially in a collaborative team setting. I was particularly interested in how security principles are embedded into the development process, such as writing secure code, designing APIs with built-in protections, conducting peer code reviews, and using version control systems like Git. I hoped this exposure would not only improve my technical fluency as a cybersecurity professional but also enhance my ability to work effectively with developers on shared security goals.

Lastly, I wanted to gain a deeper understanding of how cybersecurity functions in real world organizational environments. Beyond tools and techniques, I was curious about the day-to-day decision making, policies, collaboration, and communication that drive a company’s approach to cybersecurity. I hoped to know how security priorities are set, how teams handle incidents or emerging threats, and how cybersecurity aligns with broader business objectives. This objective was about developing a more strategic mindset about understanding not just the how of cybersecurity, but also the why behind real world practices, trade offs, and policies.

This paper will walk through my experience at Quad22, from my initial orientation to the final week, highlighting the work I performed, the skills I acquired, and the ways in which this internship shaped my understanding of both cybersecurity and software development. I will also evaluate how the ODU curriculum prepared me for this experience and reflect on how the internship has influenced my academic and professional goals.

Beginning of Internship

My internship was at Quad22, a Women-Owned Small Business (WOSB) headquartered in Fredericksburg, Virginia. Quad22 specializes in government contracting and IT education, with a mission centered on delivering innovative technology solutions and comprehensive training to meet the needs of both clients and the broader community. Although based in Virginia, the company serves clients across the United States. What sets Quad22 apart is its dedicated team of professionals who focus on improving, supporting, and managing IT systems while actively participating in verifiable training programs to remain current with industry trends. This emphasis on continuous learning and professional development strongly resonated with my own goals for the internship.

When I joined the team, I was placed on a project focused on a game recommendation app, a product developed to personalize the way users discover video games across different platforms. The app blends elements of data analytics, user profiling, and backend infrastructure, making it an ideal setting to explore both cybersecurity and software development concepts in action.

During my orientation, I was introduced to the company’s mission, client base, and technical ecosystem. I received onboarding materials, access to internal systems, and walkthroughs of Quad22’s project workflow. The main tools and technologies I used throughout the internship included Git for version control, Visual Studio Code as my primary IDE, PostgreSQL for database management, and Java for backend development tasks. On the cybersecurity side, my primary responsibility early on was developing a comprehensive security plan for the game recommendation app. This involved identifying potential threats, outlining mitigation strategies, and aligning the document with best practices in areas such as data privacy, user authentication, and secure communication protocols. Rather than working directly with tools like vulnerability scanners or packet analyzers, my focus was on creating the foundational security documentation that could give future development decisions and inform secure coding standards. The development environment encouraged a strong emphasis on proactive security thinking, which was reflected in how seriously the team approached planning and documentation from the beginning.

My initial impressions of Quad22 were overwhelmingly positive. Despite being a relatively small company, the organizational structure was clearly defined and supportive. I was welcomed as an active contributor, not just an intern observing from the sidelines. The team was highly collaborative, and I was encouraged to ask questions and take initiative on both technical and research related tasks. The early days of my internship made it clear that I was in an environment where my contributions could have a real impact while still offering the space and mentorship to grow.

Overall, the beginning of my internship laid a solid foundation for the weeks to follow. It gave me insight into how a real IT business operates and offered a welcoming space to begin applying what I had learned in my classes to real world challenges.

Management Environment

The management environment at Quad22 was one of the most defining aspects of my internship experience. Because of Quad22 being a smaller company they were still agile and the management structure was relatively flat, which allowed for open communication and collaboration across teams. Instead of going through multiple layers of approval, I worked closely with professionals across both cybersecurity and software development teams. This setup created an open environment where you can collaborate and create a strong learning culture where interns were encouraged to speak up, ask questions, and contribute ideas.

I reported directly to the team supervisor who oversaw the entire game recommendation project, which included both the development and cybersecurity components. Their role was central to the coordination of all tasks, ensuring alignment between security standards, software functionality, and overall project goals. Reporting to someone with a comprehensive view of the project gave me valuable insight into how different areas of technology come together to build a product. The supervisor was highly supportive, providing clear expectations for deliverables while also encouraging independent thinking. Daily check-ins allowed us to discuss progress, address questions, and refine strategies for my work on the security plan and development tasks.

One of the strengths of Quad22’s management approach was its emphasis on mentorship and continuous feedback. I wasn’t just given tasks and left on my own, I received thoughtful feedback on my work, especially the security documentation, with explanations of what could be improved and why. This made it easier to learn from my mistakes and continuously improve. Even during meetings with the larger team, I felt like my input was welcomed and taken seriously, which gave me a sense of ownership over my contributions

Overall, the management environment at Quad22 was structured but flexible, professional but approachable. It struck a balance between providing guidance and allowing autonomy, which made it an ideal setting to grow not only as an intern, but as a future professional in the field of cybersecurity and software development.

Major Work Duties and Assignments

Throughout my internship at Quad22, I had the opportunity to work on several assignments that were both challenging and rewarding. My two primary roles were as a Cybersecurity Engineer and a Junior Software Engineer, and the bulk of my responsibilities centered around supporting the game recommendation app under development. Each task I was given had a direct impact on the security, functionality, or structure of the application, which made the work feel meaningful and connected to the company’s broader goals.

My first major assignment was developing a comprehensive security plan for the application. This document outlined anticipated threats, security requirements, and the best practices across several areas, including data handling, access control, authentication, and encryption. The plan also included recommendations for integrating secure coding practices throughout the development lifecycle. I researched compliance standards and used frameworks such as NIST to guide the document structure. This security plan would later serve as a foundational reference for developers as the application moved into production stages, making it a critical resource for ensuring the app was built with security in mind from the ground up.

In addition to security documentation, I supported backend development tasks, particularly those related to database management and system logic. Using Java, I worked on small features and contributed to backend code that helped process user preferences and game data. I also interacted with a PostgreSQL database, writing queries and testing how data was stored, retrieved, and modified within the app’s infrastructure. Using Git for version control and Visual Studio Code as my main development environment, I became familiar with collaborative development practices like committing changes, managing branches, and participating in code reviews.

Each of my responsibilities played a necessary role in the project’s success. The security documentation laid the groundwork for safe development practices, while my contributions to backend features supported the core functionality of the recommendation engine. By the end of my internship, I had gained hands-on experience not just in completing isolated tasks, but in contributing to a larger, integrated system that bridged both cybersecurity and software engineering.

Use of Cybersecurity Skills and Knowledge

My internship at Quad22 provided a meaningful opportunity to apply my cybersecurity education to a real world environment. Entering the role, I already had classroom experience in areas such as system security, encryption, access control, and network defense. However, working on a live project introduced me to the complexities and practical considerations that arise when cybersecurity is implemented within an actual development lifecycle.

My primary cybersecurity responsibility was to develop a comprehensive security plan for the company’s game recommendation app. This required me to assess potential risks, define appropriate security controls, and align the entire document with the NIST Cybersecurity Framework. Using NIST allowed me to structure the plan based on established standards in risk management, which made it more thorough and relevant for a government focused tech company like Quad22. The plan covered areas such as user authentication mechanisms, data integrity, access control policies, and system monitoring, each tied to one or more of the core NIST functions: Identify, Protect, Detect, Respond, and Recover.

While I wasn’t using penetration testing tools or monitoring live networks, I had to think like a security architect, anticipating threats, mapping out risk vectors, and planning mitigation strategies. The process required me to move from theoretical understanding to applied knowledge. For example, I outlined encryption requirements for sensitive user data and included guidance on account management procedures, ensuring they implied with MIST recommendations.

Prior to this internship, I had learned about NIST and general cybersecurity frameworks in my coursework, but this was my first time applying them in a real setting. That experience showed me how abstract concepts like risk management or data protection become concrete decisions during development, such as defining role based access controls or creating policies for secure database access.

Overall, the internship gave me a much deeper appreciation of how cybersecurity planning and documentation are essential components of the software development process. It also helped me understand how government and private sector standards influence the implementation of secure systems. By working within a NIST aligned framework, I was able to gain practical insight into how cybersecurity professionals operate in industries where compliance and structure are critical.

ODU Curriculum Connections

My coursework at Old Dominion University, especially as a Cyber Operations major, gave me a solid foundation to succeed in my internship at Quad22. Several classes directly contributed to my ability to complete assignments, communicate effectively, and think critically in both the cybersecurity and software development aspect of the role. However, the experience also revealed some areas where on the job learning went beyond the classroom, highlighting both strengths and gaps in the curriculum.

One of the most directly relevant courses was CYSE 301: Cybersecurity Techniques and Operations. This class introduced me to practical tools for network analysis, packet inspection, and forensic investigation. Although my internship didn’t involve active penetration testing or direct firewall configuration, the mindset and structured approach to securing systems that I learned in CYSE 301 helped me greatly when developing the application’s security plan. Concepts like network mapping, detection rule writing, and thinking like a threat actor translated well to anticipating vulnerabilities in the game recommendation app. 

ECE 416: Cyber Defense Fundamentals was another course that tied closely into my internship experience. This class provided a strong theoretical base in topics like security models, cryptographic algorithms, and Internet protocols. During the internship, I relied on this knowledge while outline recommendations for data protection, secure authentication mechanisms, and safe API interactions. Understanding how encryption works and why certain protocols are more secure than others helped me write a stronger and more technically grounded security plan aligned with the NIST framework.

Another course that came in handy was CS 150 and CS 250 Problem Solving and Programming I & II, which was taught using C++ helped me transition into a junior software engineering role. Even though the application I supported at Quad22 was developed in Java, my prior experience in C++ gave me a strong foundation in core programming concepts such as variables, control structures, object oriented programming, and debugging. Because Java and C++ share many syntactic similarities and structural patterns, I was able to adapt quickly and contribute to small parts of the Java codebase without feeling completely lost. The problem solving techniques I practiced in that course also helped me debug, read, and contribute more effectively with the software engineering team.

While my internship also pushed me beyond what I learned in the classroom such as developing professional documentation, navigating an agile workflow, and understanding the dynamics of cross functional collaboration, it was clear that my ODU education gave me the foundation I needed to grow into the role and take on real responsibility in a fast paced environment.

Evaluation of Learning Objectives

The three primary learning objectives I set for myself before starting the internship at Quad22 were to (a) develop hands on cybersecurity skills in a professional setting, (b) gain exposure to the software development lifecycle (SDLC) and secure coding practices, and (c) understand how cybersecurity applies in real world business practices. Reflecting on my experience, I found that each objective was fulfilled in meaningful ways, often beyond what I initially anticipated.

The first objective, develop hands-on cybersecurity skills, was achieved primarily through my work on a comprehensive security plan for a web based game recommendation application. While I did not conduct active penetration testing or live system monitoring, I was responsible for assessing risks, applying NIST-aligned controls, and ensuring compliance considerations were factored into the application’s development. This process allowed me to apply theoretical knowledge in a practical context, offering insight into how businesses strategically plan for secure system design and data protection

My second goal, gaining exposure to the SDLC and secure coding practices, was not only fulfilled but became a larger part of my role than I originally expected. Over time, I transitioned from a cybersecurity only focus to assisting as a junior software engineer. I became familiar with Git for version control, worked in Visual Studio Code, and contributed to backend Java code. These tasks gave me hands-on experience in an agile development environment, where I observed how features are scoped, developed, and tested before release. While my main contributions to security were high-level, I observed and learned how secure coding principles were integrated into real development workflows.

Lastly, my third objective, understanding how cybersecurity applies in real world business practices, became one of the most rewarding parts of the internship. Working at a woman-owned small business that handles government contracts exposed me to the intersection of business priorities, regulatory compliance, and cybersecurity policy. Writing the security plan required me to think critically about how to balance functionality, user experience, and technical constraints, while also aligning with legal and ethical standards. I saw how cybersecurity is deeply woven into the business strategy and learned how professionals must communicate technical risks to both developers and stakeholders.

In summary, all three learning objectives were met in impactful ways. Some outcomes were different from what I imagined at the start of the internship, but each provided valuable, real world experience. The opportunity to bridge both cybersecurity and software engineering gave me a clearer picture of my future career path and reinforced the importance of being adaptable and multidisciplinary in the tech industry.

Motivating and Exciting Aspects

One of the most motivating aspects of my internship at Quad22 was the opportunity to evolve beyond the original scope of my role. Although I began as a cybersecurity intern, I gradually took on responsibilities as a junior software engineer. This shift was not only unexpected but also incredibly energizing, as it allowed me to apply my existing knowledge while learning new skills on the fly. Contributing directly to the development of a game recommendation app made me feel like a valuable member of the team, and seeing my input reflected in the actual codebase and documentation gave me a deep sense of accomplishment.

I also found it exciting to work in an environment that prioritized both innovation and security. The team at Quad22 maintained a forward thinking mindset, and I was encouraged to contribute ideas even as an intern. Being able to collaborate in team meetings, offer security focused input, and take ownership of meaningful work helped me grow in confidence and professionalism. The team was small but dynamic, and that atmosphere allowed for a lot of hands-on learning and cross functional exposure that I likely wouldn’t have experienced in a larger organization. 

Another highlight was working with tools and technologies that are commonly used in industry, such as Git, PostgreSQL, and Java. This technical immersion gave me a clearer understanding of what’s expected in real world jobs and helped bridge the gap between academic theory and professional practice. The experience also motivated me to dig deeper into areas like secure development, API design, and compliance frameworks.

Perhaps the most exciting part overall was the realization that I enjoyed the intersection between cybersecurity and software development. This revelation opened up new possibilities for career paths that I hadn’t seriously considered before the internship. Discovering this overlap between two disciplines I enjoy made the experience both motivation and inspiring for my future.

Discouraging Aspects

Although my internship at Quad22 was a positive and enriching experience overall, there were a few discouraging aspects that presented challenges along the way. One of the most noticeable difficulties was the initial lack of technical direction. As a new intern, I came in eager to contribute but found that the early stages of onboarding lacked the kind of structured mentorship or detailed task breakdown that I expected. While I was ultimately able to find my footing, the early ambiguity left me feeling uncertain about how best to contribute or whether I was meeting expectations. 

Another discouraging element was the limitation in direct cybersecurity involvement. While I anticipated more hands-on experience with live systems, penetration testing, or working with real time security monitoring tools, much of my cybersecurity work revolved around planning and documentation, specifically the creation of a security plan based on NIST guidelines. Although this task was valuable in its own right, it didn’t fully align with the hands-on technical engagement I had envisioned when entering the internship. There were moments when I felt somewhat removed from the fast-paced, tool intensive side of cybersecurity I had studied and hoped to experience firsthand.

In addition, as someone who was eager to grow quickly in both cybersecurity and software development, I occasionally felt overwhelmed by the steep learning curve, especially when transitioning into the software engineer portion of the internship. The pace of learning Java and adjusting to the existing codebase was challenging, and while I eventually gained confidence, it was initially intimidating to contribute in a space where other team members were already fluent in the tools and frameworks.

Lastly, the remote nature of the work occasionally made communication more difficult. Delays in feedback or clarification sometimes slowed progress, and I found that building rapport with team members took more time than it might have in a fully in-person environment.

Despite these discouraging moments, they ultimately served as valuable learning opportunities. They pushed me to become more resourceful, ask better questions, and build confidence in uncertain situations, skills that I know will benefit me in future roles.

Challenging Aspects

The most challenging aspect of my internship was balancing the dual responsibilities of cybersecurity and software development, particularly once I transitioned into the junior software engineer role. Managing tasks across both disciplines required me to quickly shift mindsets, from assessing security risks and aligning with NIST standards, to writing and reviewing Java code for backend functionality. Each area demanded a different skill set and way of thinking, and switching between them was mentally taxing at times, especially as I was still gaining confidence in both fields. 

One of the biggest technical challenges I faced was learning to work with Java in a professional development environment. Although I had prior experience with C++ from my coursework, adapting to Java’s syntax, structure, and integration with frameworks like PostgreSQL presented a learning curve. Understanding the existing codebase, navigating repositories, and ensuring that my contributions didn’t break functionality required a high level of attention to detail. It took time to develop the fluency needed to troubleshoot effectively and to contribute code that was nor only functional but also clean and secure.

Writing the security plan itself also proved more complex than I initially expected. While I was familiar with NIST standards and general cybersecurity principles, applying them to a real application required a deeper understanding of how security policies translate into system architecture and user interactions. I had to consider regulatory compliance, user privacy, data storage, and secure authentication in ways that were practical for the app’s development timeline. The challenge wasn’t just knowing what controls to recommend, it was understanding how to tailor them to a real product with business and usability goals.

Time management was another challenge, especially with tasks coming from both the cybersecurity and software sides of the project. Prioritizing assignments, meeting expectations, and adapting to shifting project goals taught me a lot about professional discipline and personal accountability. It was an ongoing process of learning to communicate clearly, ask for help when needed, and remain flexible when project timelines or objectives changed.

Overall, while these challenges were difficult, they also represented the most growth. They pushed me outside of my comfort zone and helped me develop a more comprehensive understanding of what it takes to work in a multidisciplinary tech role.

Recommendations for Future Interns

For future interns stepping into a role at Quad22, preparation and adaptability will be key to making the most of the experience. One of the most important recommendations I would give is to arrive with a solid understanding of both cybersecurity principles and general programming skills. While your official role may lean toward cybersecurity, the team environment at Quad22 encourages cross-functional work, and being able to contribute to both security and development tasks will make you more valuable and more engaged throughout the internship.

I would also recommend familiarizing yourself in advance with the NIST cybersecurity framework, as it serves as the foundation for many of the planning and documentation tasks. Having a working knowledge of control families, security policies, and how to assess risk at a high level will make it easier to contribute meaningfully early on. Similarly, brushing up on version control using Git, as well as basic SQL and Java concepts, will help you quickly adapt to the tools and workflows used by the team. Even if your experience is in C++, the similarities between it and Java will give you a strong starting point, just be prepared to learn some of the language-specific nuances on the job.

Another piece of advice is to take initiative. Quad22 is a relatively small and collaborative organization, which means there is room for interns to take ownership of tasks and ask to be involved in different areas. Don’t be afraid to volunteer for work that’s outside of your comfort zone or to ask for clarification when things are unclear. Your supervisors are supportive and want you to succeed, but they also value self-motivation and the ability to problem-solve independently.

Finally, be patient with yourself. There may be periods where the direction feels uncertain or the tasks are more administrative than technical. Use those moments to ask questions, observe how professionals operate, and think critically about how cybersecurity is applied in a real business setting. The internship is not just about checking boxes, it’s about building experience, confidence, and professional insight that will help shape your career.

Conclusion

Reflecting on my internship at Quad22, the experience has had a significant impact on both my academic and professional development. What began as an opportunity to gain cybersecurity experience quickly evolved into a dual-role position that challenged me in ways I hadn’t expected. I not only strengthened my understanding of cybersecurity concepts, but also gained first hand exposure to the software development lifecycle, secure coding practices, and the complexity of applying theoretical frameworks like NIST to real-world systems. These experiences have deepened my technical skills and made me more confident in my ability to contribute to multidisciplinary teams.

One of the biggest takeaways from this internship is that learning does not stop at the classroom door. While my coursework at Old Dominion University provided a strong foundation, this internship showed me how to apply that knowledge in dynamic and evolving environments. The overlap between cybersecurity and software engineering helped me realize that career paths are not always linear, and that being open to new roles and experiences can lead to unexpected and rewarding growth. I’ve also developed a clearer understanding of how policy, development, and security intersect in the creation of user-facing tech products.

This internship has already begun to influence how I approach the remainder of my college journey. It’s motivated me to seek out more hands-on learning experiences, focus on building a strong portfolio, and take courses that further develop both my programming and cybersecurity skills. 

Looking ahead, my experience at Quad22 has solidified my interest in pursuing a career that blends cybersecurity with software development. Whether I work in application security, DevSecOps, or technical consulting, I now have a clearer sense of what kind of professional I want to become. The lessons I’ve learned from this internship about adaptability, communication, and the real-world application of cyber operations, will stay with me as I continue to grow in this field.