Final Internship Reflection

November 24, 2024

CYSE 368

Final Individual Reflection

  • In your reflection, what went right? What went wrong? What are your personal lessons learned?  If you could do the project over, what would you do differently?

As for the internship itself, I couldn’t have asked for a better experience than what was advertised. It succeeded and exceeded its objectives and also my expectations. Through previous coursework, NIST and CISA had been mentioned, but not fully elaborated, explained, and presented as they did in this Cyber Clinic. NIST and CISA have so much importance and reliance on organizations—from small businesses to enterprises and government entities. Valor Cybersecurity was a big help in breaking down and translating the NIST RMF. The Risk Top 10 Checklist aided me in understanding in “layman’s” terms the more intricate concepts of the NIST RMF. Dr. Baaki, with his lectures on design thinking, not only helped me as a Team Leader for our project in creatively assembling our group (BCM Security) Report and overall project execution, but I also gained valuable lessons on a philosophical note in teamwork. Acknowledgment and contribution of ideas through the statement “Yes, and […]” are vital to design and structure for project planning and management.

If I could do the project over, I would have gone the extra step to meet the business or greet the company before the formal business-client introduction. This would have allotted me and my team extra time to provide a more thorough report. I would have, if time allowed, inquired through ODU’s School of Cybersecurity access to their Cyber Range so that I could have an arsenal of tools to dive deeper into the investigation into my client’s cybersecurity posture. This would have better validated and reinforced the third-party risk assessment We Insure Things provided to me and my team.

  • For each outcome or objective, you explained your Memorandum of Agreement, describe how the internship fulfilled or didn’t fulfill the goal. 
    • Identify and assess assigned business LAN/WAN general exterior security structure through network mapping tools such as NMAP.
      • This PLO in my MOA was partially met. Partially due to the fact that I only was able to run a port scan with Nmap on the client’s public-facing webserver/site. With the time allotted and deliverables demanded, I could not fulfill the entirety of this PLO. Given the approval, consent, and time, I could have met this PLO by running an Nmap scan on the client’s Google Workspace, to further gain insight into 99% of the business’ LAN/WAN. I say 99%, due to the fact the work structure of the business, and its employees, operate remotely.
    • Identify, assess, and report the assigned business, Common Vulnerability Exposures (CVE’s) using Tenable Nessus an open-source network vulnerability scanning tool.
      • I was not able to fulfill this PLO. This would have been a great achievement. If I was able to get the software working correctly promptly, which I tried on my VM in both Kali and Ubuntu, it would have been possible to at least generate a CVE list on the client’s public-facing website/server. This was an over-achiever PLO I had set.
    • Generate, summarize, and present reports of discoveries outlined in learning objectives ((1,) (2.)) to assigned business executives and/or relevant parties at a level of mutual understanding.
      • This PLO was partially met and its explanation can be interpreted and summarized through both PLOs (1.,2.) in combination with my team’s collaborative successful completion of the report, PowerPoint presentation, and report presentation to the client and audience.
    • Identify, assess, and educate the small business on Data Loss Prevention (DLP) systems to prevent accidental and intentional exfiltration, exposure, and leakage of confidential, private, Personally, Identifiable Information (PII), etc., information.
      • This PLO was successfully fulfilled. This particular PLO aligned with one of the client’s direct concerns. Through research, my team and I were able to offer the client their current posture to this threat and provided recommendations of possible risk mitigation solutions they could consider. This also was a key variable in Identify, Protect, and Prevent in the NIST RMF 2.0 publication I heavily relied on.
    • Educate and communicate with assigned business executives and/or relevant parties, possible recommendations to strengthen Information Systems (IS) to include but not limited to Information Technology (IT) hardware and software, physical, operational, and managerial cyber security.
      • This PLO was successfully fulfilled. This PLO was part of the project and a main deliverable for the Cyber Clinic. The combination of research and Nmap aided to completing this PLO.
  • Describe the most motivating or exciting aspects of the internship.  Describe the most challenging aspects of the internship.

The most exciting aspect of this internship was being involved with a local business and helping that business address its cybersecurity concerns. Through personal growth, I have come to fathom teaching and helping people in need. After assessing We Insure Things, it was evident that the owner, Logan Wease, sought participation in the clinic, hoping to acquire more knowledge and indirectly asking for help in cybersecurity.

  • List your recommendations for future interns in this internship. What preparations do interns need before starting the internship?
    • Teamwork skills
    • Communication Skills
    • Risk Management Framework
    • Pre-requisite Course CYSE 301

Conclusion:

  • Summarize your main ‘takeaway’ thoughts from your internship experience.
    Describe how your internship experience will influence the remainder of your college time at ODU.

My internship experience has really impacted the remainder of my college time at ODU in the way that I plan to register for classes that cater to my interests, rather than being broad and vague. What I mean is that I have been taking classes that practically mold me into a “handyman” in cybersecurity. However, I have come to realize that after perusing job ads through multiple social media and job recruiting agencies, specific job titles in cybersecurity narrowly focus on particular knowledge, experience, and certifications. It is not impossible to be a full-scope cybersecurity expert in the many “pieces of the pie” in cybersecurity, but such a notion is highly illogical. It is analogous to having an aspiration to be a medical doctor in every medical profession; an all-in-one M.D.

  • Describe how your internship experience will influence your future professional path or planning.

This internship experience has further supported my pursuit of Risk Management Frameworks and the vulnerability scanning sector of cybersecurity. The NIST RMF 2.0 was the publication that steered this project. It also has led to my conclusion that after preliminary job applications, organizations seek candidates with decent knowledge of the NIST RMF. On my own accord, port scanning with Nmap, due to my interest and curiosity, helped me to understand how cyber criminals perform “non-intrusive” port scans of public-facing networks. This really was the first instance, out of academia, that I performed a port scan to help me understand the public-facing network of a business. Performing Open-Source Intelligence OSINT gathering, again, supported my curiosity and interests that will help me shape my career aspirations in the diverse realm of cybersecurity.

  • What are your recommended changes to the course (add, change, keep the same!) 

Overall, the timeline and schedule were adequate for myself, and my team to meet the expected deadlines for all the assignments. If I were to recommend a change, it would be working with Virginia Cyber Range to allow access to their VMware which is equipped with a plethora of software and tools that allow for further in-depth vulnerability scanning and non-intrusive and intrusive penetration testing. Team Suffolk, through their business’ licensed software was able to get a good hands-on experience with the vulnerability scanning tool Teneable.io, which allowed them to experience job-sector exposure and knowledge for employment after graduation.