Reflection #1

Lately, I’ve had the opportunity to spend a few hours throughout the week with an incredible team, part of the CyberClinic 2025, here at Old Dominion University; everyone is always extremely professional and ready to help you at any given moment. Despite having completed only part of this internship so far, I’ve had the possibility to learn many new skills. We started the semester with introductions. Knowing who you’ll be working with throughout the program is, in my opinion, the key to building an enjoyable environment within the classroom.

Moreover, Lee (our TA) as well as our professor, Ms. Duvall, explained what to expect from the program and what its development will be like. By doing so, I was able to understand what is needed to have a successful journey and make the most of this experience.

Additionally, we were also shown several PowerPoint presentations with some of the most fundamental aspects to take into consideration regarding cybersecurity, such as frameworks, for example, making sure we have a clear view of the situation, and advice on how to interact with small businesses. One of the most important things is not to worry the “client” but be as empathetic as possible, since our job is to advise and assure them that by adopting determined security measures, they will be safe. 

Furthermore, we have had three lectures with Dr. Baaki, a guest instructor, with whom we worked with on getting out of our comfort zone, respecting everyone’s ideas, and understanding how to design the perfect solution for organizations that have different security needs. With Dr. Baaki, we mainly worked in groups, given an organization’s problem, and tried to come up with an efficient solution. On the third and final day with Dr. Baaki, each group, that was given a different type of  business and different cybersecurity issues, presented their ideas to the rest of the teams, and we all had the chance to intervene in the presentations, making the presentations more engaging.

Furthermore, I believe that Dr. Baaki’s classes have been pivotal in learning how to design a framework and working on aspects such as empathizing, defining, ideating, prototyping, and testing, because it personally taught me how important all these aspects are, and I now have a clearer idea of how to interact with companies and come up with different scenarios/approaches to help small businesses with their cybersecurity issues.

Lastly, I want to reiterate the fact that I’m beyond grateful to be part of the CyberClinic; it has taught me a lot so far, it has helped me understand how to really get out of my comfort zone and think outside the box (more than I used to), and, by sharing ideas with both professors and classmates, I was able to broaden my knowledge of cybersecurity. I’m really looking forward to continuing to work with the CyberClinic, learning as many things as I can, and gaining experience.

Reflection #2

As I continue my journey with the cyber clinic, I realize how, each time, I learn something new. After our design thinking sessions with Dr. Baaki, we had Greg Tomchick come to class and discuss his experience in the cybersecurity field. His journey to arrive at where he is currently is fascinating. Knowing that he gave up on his baseball career as a professional player to dive into the world of cybersecurity is admirable.

I believe that his story gives a lot of hope to many students who want to start a career in cybersecurity from zero. As well as talking about his personal experience, Greg also talked to us about his company, ‘Valor Cybersecurity’, which provides cybersecurity services to businesses and focuses on implementing, assessing and maintaining security measures to protect businesses’ systems from cyber threats.

Additionally, Greg also gave us advice on how to perform risk assessments and gave us a 10-point checklist of all the main steps a business should follow. I think his advice was really helpful because his checklist helped me, and my team provided aimed questions for the following activity. In fact, after our lecture with Greg Tomchick, we split into teams and went around Norfolk and whereabouts, and provided small businesses with quick, effective, and free cybersecurity risk assessments.

This experience has been extremely helpful because it taught me how to interact with individuals and be empathetic, as well as gain a deeper understanding of the importance of implementing cybersecurity measures, and how, unfortunately, some businesses lack the material and knowledge to implement cybersecurity.

Consequently, we had David Price talk to us for a CISA session, which was interesting. He introduced himself and talked about his work experience as well as his role within CISA. Following that, we started working on our posters for our current companies and did some background research before the big first meeting.

Finally, after all the hours spent on studying and preparing to talk to our companies, on the 27th of February, each group met with their corresponding company and began introductions. Before the big meeting, however, my team and I also decided to come up with a questionnaire for our company so that we knew what to ask and be ready, but also get additional information from our company and give them an idea of what we will work on.

After the meeting, which went extremely well, we came up with a communication plan, and we are currently in contact with the company. We plan on meeting soon, going over the questionnaire, and getting as much information as possible from our company (CM Technology Inc). I’m excited to continue working with CM Technology Inc. I hope that my team and I leave a good impression of ourselves and our work, and I look forward to helping such company improve their security measures. 

Reflection #3

Before starting to work on our big project (final report and presentation for our company), we focused on assembling all the information about the two small businesses to whom, with the help of Valor’s Top 10 Checklist, we’ve provided free cybersecurity risk assessments around Norfolk. To finalize the assessments, we used assessment reports provided by Valor Cybersecurity that allowed us to conduct a thorough examination and evaluate the organization’s current cybersecurity posture and identify the vulnerabilities. In doing so, we were able to create an executive summary, which will be given to the small businesses and provide the top 5 recommendations to reinforce the businesses.

Currently, my team and I are working on our final reports for the company. We are always in contact with them, and on both ends, everyone is extremely available if anyone has any concerns. The last time we communicated, which wasn’t too long ago, I emailed Frank and John, who are, respectively, the General Manager and the Chief Financial Officer (CFO) of CM Technology Inc., to invite them to the final presentation of their company.

For our final report, we are gathering all the information we have found so far about our business from the several encounters we’ve had with them, the information provided by them, the questions they’ve answered, and from our own personal research regarding CM Technology Inc. Additionally, to write out a final report and make it as informative and helpful as possible for our company, we are doing our best to provide them with information that is easy to comprehend, even for anyone who doesn’t have the expertise to know the more technical aspects of cybersecurity.

Our main goal is to write a very professional report that includes things such as the name of our team, the members, our roles, an overview of the industry, the threats associated with the business sector, background research such as the company name and history, different types of risk assessments tailored to the specific needs of our client like the NIST framework, the Valor Top 10 Digital Security Checklist, and also address specific questions our clients had. Moreover, we are going to discuss the strengths CM Technology Inc. has, their weaknesses, and what they can do in the future to improve their cybersecurity.

After completing the final report, my team and I are going to work on the presentation. Our primary objective for the presentation is to closely align with our report. In fact, the presentation will serve as a visual medium for sharing information with our company, ensuring it is visually appealing and easily comprehensible, thus enhancing our message.

We’ll continue working on the final report and presentation. We are excited about the entire process. We look forward to meeting with Frank and John again and sharing with them what we’ve worked on during these couple of months.