Carson Viscusi

5/31/2024

CYSE368 – Cybersecurity Internship

Reflection #1

My first couple of weeks at my internship were a huge adjustment compared to any sort of work I’d done in the past. I had never worked in a nine-to-five corporate environment, so every aspect was new. From my hours-long commute to getting system administration rights, I had never dealt with it before. The intern program at HSB’s Valley Forge office is relatively new, so it’s been an excellent opportunity to help them find their footing. I developed a great understanding of the slow start a new higher in cybersecurity has to go through at a large company. Before this experience, I had expected to have everything I needed and start working immediately, but it took most of the first week to get all the permissions I needed to do my job. Even without my permission, I was able to get started on my first IoT project. I work specifically for the Sensor Support IoT team, so my first project was to help them create a system that could automate the weekly Excel sheets so that the cases on the sheet could be assigned randomly throughout the team. It wasn’t very cybersecurity-related, but I could still take some of the programming I had learned in my cyber classes and apply that to Excel formulas to make the randomizer that evenly and randomly assigned the cases. 

My fellow IoT interns and I got to go to lunch with the head of HR, who started offering us some fantastic opportunities to partake in during our internship. Besides scheduling a one-on-one meeting with the CISO later in my internship, he wanted me to see other broader cybersecurity jobs. Since HSB is a cyber insurance company, one of its most prominent cyber jobs is actually cyber underwriting for cybersecurity-based insurance policies. I have yet to meet with them, so I wanted to look into what they do more before I shadow them. I found an excellent article from Cybersafe detailing how deep cybersecurity knowledge is required to underwrite cyber insurance policies effectively. One of the most important things I noticed is that they constantly have to evaluate the cyber needs of numerous companies and understand their monitoring systems and the cyber professionals that work at those companies to create an accurate policy. 

While I’m working on some other great projects that I’m not at liberty to discuss, I am very excited and eager to meet the cyber underwriters. This is an aspect of cybersecurity that I had never considered moving toward in my career. This has already been a fantastic opportunity, and I’m only just starting. I’m very excited to see what opportunities I’m afforded through this internship.

Work Cited

Cybersafe Technologies. “The Cyber Underwriting Process.” Cybersafe Solutions, 26 April 2022, https://www.cybersafesolutions.com/insights/the-cyber-underwriting-process. Accessed 31 May 2024.

/

Carson Viscusi

6/7/2024

CYSE368 – Cybersecurity Internship

Reflection #2

The third week of my internship brought major developments in the projects I have worked on before and the projects I will be working on. While I cannot include any pictures due to the confidentiality of the data, I have completed my first major project cleaning up old data in the backend of my company’s CRM, which was my first real experience using a customer relationship management tool. To effectively clear out the back catalog, we were trained to use all aspects of CRM, which provided valuable insight into how the tools would work in most organizations. 

Beyond that, my other major project was to find a way to combine the bi-weekly reports we receive about certain accounts and combine those reports into an in-depth living spreadsheet. To accomplish this, the spreadsheet needed to incorporate all the updated data from the new reports automatically, assign new cases to members of the team both randomly and evenly so no one team member has significantly more cases than another, track which cases are completed, in progress, and unstarted and sort them into new tables accordingly, and also keeping the whole list to only the top 50 cases. While this task seemed daunting at first, we were given a lot of liberty in how we chose to approach this solution. After a few days of nonstop work, I created the working model for the solution by teaching myself power query and power automation for Microsoft Excel. I was very grateful for the open-ended aspect of this project as it led to my much deeper understanding of Excel, a very valuable tool to have in all fields of work. I’m proud of the power queries I built for this project. To achieve my desired results, I hand-coded all of the queries with Javascript using the advanced editor. One of the most valuable resources I found online, while also being surprised to discover, is the large Microsoft Excel community that exists online. Specifically, Matt Allington’s guide on Self Referencing Tables helped me overcome my biggest hurdle: keeping comments on a constantly updating table.

This was also my first meeting-heavy week. From meeting all of the major heads of department at my location, new software alpha tests, and even presenting all of my process documentation for the training department, this week felt like the best example of real-world experience I’ve experienced up until now. I’m really enjoying myself and learning a lot about many important topics.

Work Cited

Allington, Matt. “Self Referencing Tables in Power Query.” Excelerator Bi, 21 June 2016, https://exceleratorbi.com.au/self-referencing-tables-power-query/. Accessed 7 June 2024.

Carson Viscusi

6/23/2024

CYSE368 – Cybersecurity Internship

Reflection #3

This week, I finally started getting some cybersecurity-focused assignments at my internship. I spent most of my week training to begin working in the tech support center, which will need some support over the next few weeks for several reasons. So far, it has been a good experience, learning how to interact with customers at a corporate job and interacting significantly more with the time I’ve worked with since I started the internship. Beyond experience in the job itself, this temporary tech support role has helped me improve at phone calls, something I was weirdly opposed to up until now.

The best part of my week was a one-on-one with Steve M., a Cyber Risk Services Manager from my company. While my internship has provided great hands-on experience with a tech-focused job, it has focused more on IoT/IT rather than cybersecurity. Still, now that I’ve had the chance to talk to Steve, I’ve gained a lot of insight into the aspects of cyber at my company that I had been curious about. We got to talk about a lot of the cyber operations at HSB. We went over the opportunities that the company has in cybersecurity and many of the different roles that major multinational companies like HSB have that one would not commonly consider when it comes to cybersecurity jobs. Although I’m unsure if I was ever given the exact name of the role, something that stood out to me when we were talking was the idea of being brought on to a company to teach the new cybersecurity hires for a plethora of reasons, whether it be coding best practices to save on storage and have code be more uniform across the company, teaching a new tool that is being incorporated into the SIEM environment, or even teaching cyber hygiene to non-cyber employees and conducting fake phishing tests to ensure that everyone is knowledgable on how to spot it. With my background in teaching, this immediately appealed to me and is something I intend to look into more. I was also intrigued by the role of Cyber Auditor, but that role would require much more research before I decide if it is for me.

Beyond discussing cybersecurity careers, Steve also gave me great advice on various aspects of the field. We discussed my upcoming BTL1 Certification Exam, and he provided me with many free and beneficial resources for various certifications. I also wanted to know what resources professionals use to stay informed in the cyber world, so Steve recommended that I read Dark Reading, a cybersecurity-focused news site. Since then, I have begun reading a story or two daily and find it incredibly insightful and interesting. I had a great time speaking to and learning from Steve, and I am hopeful we will get to work together at some point in the future.

Work Cited

Informa PLC. “Dark Reading.” Dark Reading | Security | Protect The Business, May 2006, https://www.darkreading.com/. Accessed 23 June 2024.

Carson Viscusi

6/28/2024

CYSE368 – Cybersecurity Internship

Reflection #4

I’ve officially started supporting the tech support lines as my primary assignment. This consists of always staying available in the call center so I can take and handle any calls when the rest of our IoT specialists are already on calls. While I was initially trained to assist with minor tasks and write down call-back information to pass on to our Sensor Support Specialists when they are free, I have received extensive training and solved every caller’s problem so far. While yes I can acknowledge that there is a clear difference between working with customers and working with internal employees, I still believe that working at the support center has given me a lot of great experience for my future career in the sense that I will need to be able to simplify technical terms and may even have to help people troubleshoot over the phone when I start working in Cybersecurity.

Another exciting development was learning that our internal company E-Learning platform has some excellent Cybersecurity courses ranging from fundamentals to awareness, and even a Splunk course that I have been using to study for my upcoming Blue Team Level 1 exam. While the learning platform was discussed in the orientation, I never heard anyone else mention it. It’s like a hidden gem that most people aren’t taking full advantage of. It offers a wide range of excellent, in-depth courses on various topics beyond cybersecurity. I plan to continue to utilize this learning platform when I have some downtime in my internship, I would like to see if it has courses on Amazon Web Services, another topic that I have recently become interested in.

Another exciting development this week is the launch of new technologies from the IoT department. Since this is my department, this new WINT Water Intel tech is something that I may soon have to help support on the call lines. It’s a combination of new intelligence systems and a performance warranty. In my opinion, it’s very interesting stuff, so I have included the press release. I think a big takeaway that I gathered from this, besides the constant improvements HSB makes to their services, is a better understanding of the broad range that IoT can cover. Personally when we discussed it in class I never considered that IoT could include something like water intelligence technology for construction sites.

I plan to reach out next week about arranging a meeting with the cyber underwriters team to see if that position is something that would interest me, and beyond that I’m also going to reach back out to my contact in the cyber department to see if there are any available projects I could assist on.

Work Cited

Hartford Steam Boiler. “HSB Adds WINT Water Intelligence Technology To Water Leak Detection Portfolio.” Munich Re, 24 June 2024, https://www.munichre.com/hsb/en/press-and-publications/press-releases/2024/2024-06-24-wint-water-intelligence-technology-leak-detection.html. Accessed 28 June 2024.

Carson Viscusi

7/8/2024

CYSE368 – Cybersecurity Internship

Reflection #5

My work in the sensor technical support center has recently ramped up as a few of my coworkers are on extended vacations. As I take on more calls daily, I improve my efficiency in providing solutions and my case writing abilities. I feel I’ve also become more adaptable in work than I previously was as I quickly adapted to this new role. As we have to write cases to log our phone interactions, I am constantly writing about varying interactions ranging from answering simple questions to helping customers set up their sensors if they are less tech-savvy. Of these, the most complex interaction I’ve dealt with so far has been diagnosing faulty sensors and ordering replacement equipment. This involves just about all of the processes I deal with when working at the sensor support center, and it’s because of this that I feel it is the process that best improves my skills. It starts with a regular troubleshooting call, which walks the customer through all the possible steps that may be able to correct the issues with their device, which differ depending on what device they are currently working with. If none of these solutions work, we will collect all of the customer’s information so I can fill out an equipment replacement order and pass it along to the order fulfillment team.

I also learned a lot about some internal data breaches at the company and how they were handled. A specific example I learned about was the Luxottica 2021 data breach, which was not confirmed until 2023. Our parent company, Munich, utilizes advanced dark web scanning technologies. At one point, not long after the breach was dumped online for free, many employees’ personal information began showing up on the scan. This dark web scan returned where the breach was coming from, but they needed to ensure there wasn’t any sort of internal leak. A cyber response team was assembled with legal, HR, risk management, and Cybersecurity department members. Once this team was assembled, they did an internal review to check for internal leaks. They determined that this leaked employee information resulted from a company used for employee benefits linked to Luxottica. They caught this and handled it appropriately, assisting the roughly 400 affected employees. Examining the company’s response to this breach has given me an extensive comprehension of how internal breaches are handled in the real world.

Work Cited

Toulas, Bill. “Luxottica confirms 2021 data breach after info of 70M leaks online.” Bleeping Computer, 19 May 2023, https://www.bleepingcomputer.com/news/security/luxottica-confirms-2021-data-breach-after-info-of-70m-leaks-online/. Accessed 8 July 2024.

Carson Viscusi

7/19/2024

CYSE368 – Cybersecurity Internship

Reflection #6

As I am reaching the end of my internship, I have had a lot of great opportunities through work recently. Beginning with the projects this prior week, we ended up having a pretty serious technical error occur during production where a large batch of our sensors were mislabeled. Because of this, people would not be able to set up their sensors when they received them, so my fellow intern and I were trusted to go through and create cases for all of the impacted shipments so that we could send replacements that were properly labeled. This project was specifically helpful in testing my multi-tasking skills under pressure, as we only had a day to recreate all of these cases and still had to cover the phone lines while creating the replacement cases due to a number of staff members being out. Along with having to create many cases, this was the most calls I had ever received in a day up until now. Along with the replacement case project, we have begun discussing the capstone project for the internship, which will help with the design elements of the brand-new IoT lab. Currently, the IoT department has been moving around the floor as different departments expand, but they plan to settle in a specific location in the office, which comes equipped with a meeting space and multiple TVs. For now, we are helping come up with visuals that can be displayed on these TVs but from previous discussions, it sounds as if we will also be helping create physical displays to show off our IoT hardware if other businesses come to the office to learn about our sensor program.

We also recently had a fantastic guest speaker talk to all of the interns about the impacts of AI on the insurance industry. This was a very educational presentation that shed light on the intricacy of AI in most modern businesses, which I had not previously considered. I ended up going back to read the research paper that was discussed which gives an idea of how AI will impact the labor market, which is of great interest to HSB as an insurance company. It also gave some excellent insights into the rapid growth of cyber security in the insurance industry as well. One of the things that drew me to HSB was that they are a leader in cyber insurance, and this presentation perfectly detailed how, similar to how AI is tracking to grow, cyber insurance started as something much smaller, being bundled in small ways into a lot of other insurance policies, but it grew so large that it could no longer be bundled in and soon became its own type of policies. I hope to learn more about this with my upcoming shadowing of the cyber underwriting team so I can expand upon it in my final paper.

Work Cited

Eloundou, Tyna, et al. “GPTs are GPTs: An Early Look at the Labor Market Impact Potential of Large Language Models.” arXiv, 17 March 2023, https://arxiv.org/abs/2303.10130. Accessed 19 July 2024.