CYSE 368 Final Paper

Final Paper

Collins C. Onyeador

Old Dominion University

CYSE 368

Fall 2023

AMA Consulting LLC.

Maria Asuelimen

Introduction

When I was searching for internships to apply to my parents had mentioned how one of their good friends had a company that worked in the federal sector and did some work as well regarding cybersecurity. As soon as I heard this I snapped at the opportunity. I chose to work at AMA not only because my parents were very good friends with my boss Maria, but because it was a great environment. Once I started working there everyone was very welcoming and made me feel as if I had been a part of the team. When I started there were four learning objectives that I overall wanted to achieve and to fully understand. These included understanding the inner workings of securing company systems, getting acquainted with the policies and regulations tied to cybersecurity in the federal sector, gaining insights into a business’s operations, and getting a taste of business development and marketing. Through my internship, these were the main things that I wanted to learn and be able to grasp greater knowledge about. Through working with AMA, I feel that not only did they help me learn them, but I got to have many experiences with each.

All in all, his paper will discuss my experience as a whole having been working in a company as great as AMA, a standout company in every sense in my personal opinion. I’ll be explaining my experience, from the great comradery that caught my attention to the great advice and insights that helped my understanding of cybersecurity in the federal sector.

Beginning of the Internship

For the last half of this year, specifically since the end of May 2023, I have been interning and working at AMA Consulting. AMA Consulting is an amazing company founded by CEO Maria Asuelimen. It’s a company founded on great principles. The motto of the company is “We Do Great Things”. This motto is wholly true because, in the time that I have spent working there, there has been constant growth of the company and overall great things happening. In a good way, there was never a dull day because there were constantly things developing. AMA provides several services in the federal sector. To be specific AMA helps federal programs, divisions, and offices develop their people, optimize processes, and achieve mission success. The potential projects include strategy development, leadership training, workforce training, workforce planning and support, executive coaching, and business transformation/change management projects.

AMA’s primary customers are government agencies such as the FDA, USDA, DoD, HHS, NHS, Department of Education, GSA, NASA, USAID, Department of Commerce, and CFPB. They bid on contracts against other small businesses or large businesses working in this space and aim to fulfill these contracts to completion.

Just being in this competitive environment means AMA has to constantly prove with each contract they’re the best fit for the job. It’s like a constant contest with other businesses of any size where they submit proposals, showing they have what it takes to meet the high standards these government agencies demand. This is an everyday fight. I can recall the numerous times that Maria, my boss has talked about how important it is for us to make it known that we are out there and can-do great work. I feel that this information helps to highlight AMA’s dedication to working harder than the competition and their ability to deliver valuable services that align with the strict requirements of the government.

Now discussing the beginning of my internship, it wasn’t too hard of a transition. When I first started, I had no clue what kind of work I would be taking on. I had no experience with any of the systems we used and did not know what exactly I would be getting into. What I can say with certainty is that the team I was working with, from the start, made me feel like I was a part of the team. Even with Maria, my boss, having been a good family friend, I didn’t feel like she was giving me special treatment as a favor to anyone. This goes for my other coworkers.

When I started, the first and main task that I was given was to help with getting the company CMMC compliant so my training at first mainly revolved around that. This is essentially a certification for government agencies to see that you abide by the NIST 800-171 codes and regulations concerning safeguarding sensitive data, which is very important for knowing that a company is capable of handling and protecting government information. It was just the perfect timing for me having started there when I did. It was just recently announced or made known that the DoD and potentially other government agencies would be requiring businesses that are trying to take on federal contracts to have that CMMC certification. So, upon starting, my training consisted of me first learning and getting access to all of our systems that store any sensitive data. This was systems such as Sharesync, Asana, GoDaddy, and other social media websites. I began working with a team that specialized in helping companies get CMMC certified and I went from there.

Managerial Leadership

From the moment I began working at AMA. I didn’t feel like an unwanted intern or the type of intern who just gets all the unwanted work. From my main boss Maria, to my other two direct coworkers Oscar and Nicole, they were very inviting, and they helped guide me along the way. With the way things worked, I was directly working in the corporate section of AMA. This meant that I was working directly under Maria and her team from the start. This also meant that I was involved in most meetings that took place whether it was a corporate staff meeting or it was meetings with other companies and government agencies.

As for how the structure worked, Maria was at the top, as she is the CEO. We all report to her and give out updates weekly in our weekly corporate meetings. When I first began, my main interactions and communications were with another lady in corporate named Nicole. She handled the HR department so at the beginning I was reporting to her. As time continued, it began to become me directly reporting to the team as a whole. Then it evolved, more recently, to me working closer with and under another coworker in corporate named Oscar.

This shift in reporting structures not only expanded my responsibilities but also provided me with a well-rounded perspective of the company’s operations. Oscar’s mentorship has been invaluable, offering me insights into the intricacies of our projects and allowing me to contribute more meaningfully to the team’s objectives. Without help from him, a lot of what I didn’t know would have been unresolved.

Work Duties

From when I started, my main task was regarding the CMMC certifying process. That was what I was originally tasked with. I started by doing somewhat extensive research about what it was, how we had to attain it, and the steps taken to confirm certification. To assist me, Maria solicited some outside help from a company that works specifically with businesses that are looking to attain the cert. For the next 3-4 months, that was my main and only task. I would work on locating and identifying any types of vulnerabilities in the systems that AMA used and I would take note of them in a spreadsheet that would take note of the percentage that AMA was compliant with the expected rules and regulations. I would also like to note, that after the auditing process, it was found that AMA was essentially around 70% compliant based on the listed requirements without any changes made. This is what had originally consumed my time and were the duties that I fulfilled at work. I’d have weekly and bi-weekly meetings to update progress on the process.

After this process was completed, I was given more tasks and duties. AMA as a company isn’t solely cybersecurity-focused. Some of their main services include, as I named above, helping federal programs, divisions, and offices develop their people, optimize processes, and achieve mission success. The potential projects include strategy development, leadership training, workforce training, workforce planning and support, executive coaching, and business transformation/change management projects.

With this in mind, my work duties transitioned from solely focusing on CMMC as the process was coming to a close, but also working with what was called BD Capturing and Outreach. I began to learn about the processes of getting details about the contracts they would fulfill. I learned about all the steps that it takes to win a contract with the Federal Government. Learning about all this was very extensive. I got hands-on experience using some of the Federal agency databases such as SAM.gov, ezgovopps.gov, and EBUY.gov. This then evolved into me doing outreach to some of these agencies’ contracting officers and small business specialists. This whole process helped me understand the rules and regulations behind each step of seeking out a contract, getting information about the contract, and then actually bidding for that contract. With this process, I was seen doing more on the business side of things and seeing more about how the business operated. This is when I began to work closer with my coworker mentioned before, Oscar.

He helped me get an understanding of the type of work that I would have to do and helped guide me in the right direction throughout. Currently, my newest duty is handling and presenting Subcontracting opportunities for AMA. If AMA isn’t able to fully take on a contract alone or ‘prime’ it, as it is a small business, then it is possible to partner with other companies and contract out sections of the work to other partners. This now sees me take on a bigger role. My work now feels like it affects the business even more directly. I’m now in a place where I am doing outreach myself, and scheduling capabilities briefings for the company with other contracting officers and small business specialists.

As a reference, I have included a screenshot of the Asana board that I created to keep track of these companies and to keep track of the opportunities that come along. See Figure 1.

Figure 1

Subcontracting Opportunities Asana Board

Note. The Asana board here was created not only to identify prime partners but to also keep track of contracting opportunities.

Knowledge and Skills

This Internship didn’t require a decent amount of cybersecurity knowledge that I hadn’t been expecting or had. Just knowing the basics regarding safe security techniques was very much enough. What I can say though is that the internship changed how I viewed the level of seriousness cybersecurity is taken. It became especially clear to me that the federal sector takes cybersecurity very, very seriously. Knowing who has what, where they got it, who has access to what, and things of this nature are essentially paramount to how business is conducted. This internship vastly expanded my knowledge just by being somewhat in the federal space and understanding how they do and take care of business.

When connecting my work during the internship to the ODU curriculum, I think that the ODU curriculum for cybersecurity did help prepare me for it. Through all the classes I took, the basics regarding cyber hygiene and security techniques were a constant. As I had mentioned before, these basics were a big part of the knowledge that helped me going into the internship.

Learning Objectives

From the beginning of the internship, I had 4 specific learning objectives to fulfill. The objectives were:

1. Learn the process of making the company systems secure

2. Learn federal policies and regulations federal contractors need to adhere to for cybersecurity

3. Learn business operations

4. Learn business development and marketing

I can say with certainty that I do feel I was able to fulfill each of these learning objectives. Starting with the first one, “Learning The process of making the company systems secure”, I feel that this one was fulfilled very early on due to the main tasks that I was assigned when I began working there. I began working in the systems AMA used daily early on and got a good understanding of them very quickly. The second objective, “Learning federal policies and regulations federal contractors need to adhere to for cybersecurity”, was fulfilled similarly. I saw first-hand how documents are shared and transferred as well as understood how important it is to know who you are talking to and where they are from. The process of doing CMMC also added to this as I could directly apply the NIST 800-171 codes to daily actions.

The third objective of learning business operations was able to be fulfilled due to my transitioned role of working on the BD Capturing and Outreach (Business Development). I learned more about business operations by getting hands-on in this area. Making the outreaches, capturing certain opportunities, and attending the capabilities briefings helped me in this area. Finally, the last learning objective, “Learning business development and marketing”, was also something that was similarly fulfilled as I began working on the BD Capturing and Outreach. I learned about how AMA markets their abilities and how they incur new customers.

Motivations and Experiences

If there was anything about the internship that was the most motivating, it would have to be how positive everyone in corporate is. Everyone is very understanding and we all treat each other as family. Additionally, the things that were the most exciting were the meetings that we held in person. Since we were a remote company, we had two events where everyone apart of corporate and the entire team got together for team building exercises and a leadership conference. The first event was called “AMA All Hands”. This was essentially an all-day meeting at the main office where we got to meet each other face-to-face and we spent the day doing various team-building exercises to better understand each other and strengthen team relationships.

The other event we had was a leadership conference that was called “The Magnificent Leadership Conference”. This was something that our CEO, Maria, had been planning for months and it was a very informative seminar that helped teach good leadership techniques and allowed for some great networking opportunities. All in all, the two events were things to look forward to. They were genuinely enjoyable and helped to foster the great work atmosphere that we had.

If I was to touch on what was most discouraging it would be the feeling of being isolated. Since I was solely working on CMMC at the beginning and the internship was completely remote, my main interactions were our weekly corporate meetings. I was pretty much operating on my own with some guidance and some instructions. Nevertheless, that feeling was there. At some point it’s like you’re the only person working, that’s how it would seem. As I grew into more roles though, the interactions increased and the AMA All Hands meeting also helped to help me get acclimated as well.

Now if I were to touch on something the most challenging, it’s the constant movement and the large pool of information you have to take in. Both when I began the CMMC process to now where I’m working with the subcontracting plans, I’m constantly learning everything that I need to apply. Having to learn how to navigate each of the government databases, having to learn how to email government contractors, and the many other things that come with it is what made it challenging. If it wasn’t for how open, welcoming, and patient everyone is, it would be very difficult to get along with the job.

Recommendations

If there is anything I’d say as a recommendation for this job, it’d be: don’t be afraid to ask questions. From what I witnessed, the AMA staff don’t think any question is a dumb question. Some places may have an intimidating circumstance, but the staff I work with are very helpful. Another thing I’d recommend would be to be ready to intake a lot of information, especially if you are very new to the field. When I began, I had little to no idea exactly what I’d be getting into. There was a lot of information to take in at the time so, for me, taking notes was very useful. Just taking notes from weekly meetings would help me remember important information that I knew I’d forget because of how much was being shared by everyone.

Conclusion

In conclusion, I have nothing but great things to say about AMA, it has been no doubt a great experience and has taught me so much in the last 6 months. One of the main things that I can take away from this experience is how you conduct yourself in the federal space. Working with federal contractors opened my eyes to how in-depth it is to potentially work in the Federal Government.

Although I am expecting to graduate in the spring, I feel that this internship has helped me in the sense that I’m not as afraid to ask questions. When I began at AMA, I was constantly asking questions because of how information-intensive it was. I learned that asking questions and being assertive about what I needed wasn’t a bad thing at all. This directly translates into working with other students, professors, and advisors/counselors. Working with these people not only requires patience but also requires me to be assertive in what I need and what I need to understand.

Finally, this internship can affect my future professional path because I feel that I can see myself working in cybersecurity in the Federal Government. Working with AMA gave me a taste of what it’s like to work with other Federal Government workers and how compressed and hectic their schedules can be.

conye001

CYSE 368 Cybersecurity Internship