City Of Virginia Beach Internship Final Paper
City Of Virginia Beach Internship Final Paper
Shaquile Garces-Phillips
Old Dominion University
CYSE 368 Cyber Security Internship
August 03 2025
Introduction
Internships serve as a practical bridge between academic learning and professional application, especially in dynamic fields like cybersecurity. As a senior at Old Dominion University majoring in Cybersecurity, I Wanted an internship that would allow me to refine my technical skills, expand my industry knowledge, and gain hands-on experience supporting real-world IT operations. I chose the City of Virginia Beach’s Human Services Information Technology (HHS IT) department because of its impact on public services, collaborative work culture, and focus on data protection and system reliability. Although I applied for two internships, the one I truly wanted was with the City of Virginia Beach. The other internship I applied for was with STIHL as a Help Desk Technician, which wouldn’t have been a bad opportunity, as it offers a solid introduction to the IT field. I was comfortable with STIHL as a backup plan; however, landing the internship with the City of Virginia Beach allowed me to gain a broader range of experience. In addition to help desk responsibilities, I was involved in password resets, account creation, deploying new workstations and monitors, and troubleshooting technical issues.
The City of Virginia Beach serves over 450,000 residents and is a key hub for regional public services, including health and human services, public safety, and infrastructure support(About Virginia Beach. City of Virginia Beach). The Human Services Department supports families and individuals with healthcare, behavioral health, housing, and social welfare services. The HHS IT division plays a critical role in maintaining and securing the systems that enable these operations. In which that was the division that I was assigned to for my Internship. From the beginning of my internship, I was welcomed by supervisors and team members, introduced to key platforms such as Cerner Millennium and DOMA, and guided through orientation processes that emphasized cybersecurity, system integrity, and data compliance.
Management Environment
The structure of the HHS IT team was collaborative and lateral, led by approachable and supportive supervisors. My direct mentor and supervisor, TJ Klak, provided steady guidance while empowering me to take initiative and solve problems independently. The team conducted weekly meetings to evaluate progress and redistribute workloads, encouraging open communication and knowledge sharing. Interns were treated as vital contributors rather than temporary participants. In addition, once a month we had the opportunity to meet with Mr. Ed Feeney, the Deputy Chief of Enterprise Solutions and Services. During these meetings, he would review the city’s IT portfolio, including current initiatives and future planned projects. These sessions typically lasted over an hour and provided valuable insight into the broader goals and direction of the city’s technology infrastructure.
Throughout my internship, I consistently felt supported. Whether working with Gina Harris on access audits or receiving daily task assignments from Assad and Daquan to assist IT staff during hardware rollouts, there was always clear guidance and a strong sense of collaboration.
The work culture was grounded in mentorship, transparency, and respect. Questions were welcomed, and mistakes were treated as opportunities for growth. No matter how many questions I asked throughout the internship, they were always met with a smile and answered thoroughly. The team consistently went above and beyond, often providing additional context and information beyond what I initially inquired about, which greatly enhanced my learning experience. I was impressed by how accessible the leadership team was, with supervisors regularly checking in and providing constructive feedback. One of the most helpful practices was the weekly wrap-up meetings which were early Tuesday and Friday morning, during which each team member had the opportunity to share what they had worked on, learned, or found challenging. These reflective conversations enhanced team cohesion and allowed me to learn from others’ experiences.
Major Duties, Assignments, and Projects
Over the course of my internship, I engaged in numerous assignments essential to departmental operations. One of the first projects involved assisting Gina Harris with the City’s internal audit for Human Services. This included reviewing system access across platforms such as ADAPT RO, ANOAS, Child Care Contacts, DSNAP, DMIS, and SDX. We hosted 35 meetings with department supervisors and reviewed over 385 employees. We processed 92 access removals, recorded 385 audit entries in SAMS and SharePoint, and updated 50 Acceptable Use documents. This massive effort not only sharpened my attention to detail but also illustrated the significance of system access reviews in preventing data overexposure and minimizing internal threats.
For instance, there was a moments came while reviewing access permissions for a benefits worker. The supervisor hadn’t realized that the employee had access to an outdated system. Thanks to our audit, we were able to revoke unnecessary access, enhancing security and reducing the risk of data leakage. For instance, if the City of Virginia Beach did not consistently monitor employee access or ensure that former employees’ credentials were deactivated, it could face a serious security threat like the Colonial Pipeline incident. In 2021, the ransomware group Darkside gained access to Colonial Pipeline’s systems using a compromised VPN password that was no longer in use. This password, which had been leaked on the dark web, remained active and was not protected by multi-factor authentication. As a result, the company was forced to shut down a major fuel pipeline, leading to widespread fuel shortages across the southeastern United States. This incident highlighted the importance of conducting regular access audits and promptly removing outdated credentials. Any organization that neglects these essential practices is at risk of experiencing similar vulnerabilities. This helped me understand just how critical access reviews are to maintaining secure systems.
Another major area of responsibility was password management for both Cerner Millennium and DOMA systems. Cerner Millennium, now a part of Oracle Health, is a comprehensive Electronic Health Record (EHR) system widely used by healthcare organizations. It brings together clinical, financial, and operational data into one system, giving providers real-time access to patient information for improved decision-making and care coordination. However, password resets aren’t automatic. A help desk ticket must be submitted and assigned to our team before we can assist. Once a Cerner password is reset, we notify the user by email, providing a temporary password along with a secure link that allows them to set a new password.
These platforms are central to health data management and document workflows, so account security is paramount. I handled numerous password resets, each triggered only after a support ticket was properly assigned. Once reset, I would notify users by email, providing a temporary password and secure link.
For DOMA, the process varied slightly. After receiving a ticket, I accessed the system with my credentials, unlocked the user’s account, and selected the option to send an automated password reset. Unlike Cerner, DOMA handled email notifications internally. These tasks taught me the critical nature of identity verification and secure communication when working with electronic systems.
I also supported hardware deployment throughout the City of Virginia beach buildings. We deployed over 80 monitors, replacing outdated equipment and configuring workstations for optimal functionality. In which this involved adjusting display settings, labeling assets, and ensuring users had seamless access to their workstations. After each deployment, we would update SharePoint with data like workstation type, storage details, AD users, and purchase order numbers. What seemed like a basic equipment replacement task actually required deep understanding of asset tracking and organizational data management. This experience showed me the importance of process documentation in public IT projects.
Real-World Use of Cybersecurity Skills
I once came across a quote online that said, “At this point in my life, if I can’t remember my password, I just hit reset.” That quote truly resonated with me—especially after witnessing firsthand how much password management takes place in a professional IT environment. It is estimated that millions of passwords are reset each year, although the exact figure is difficult to determine. A study by Gartner revealed that 20% to 50% of help desk calls are related to password resets. Furthermore, a Yubico-sponsored report found that the average user spends approximately 10.9 hours per year dealing with password resets. This equates to a productivity loss of about $5.2 million annually for a 15,000-user organization, based on an average hourly wage of $32 (Software, 2023).
These statistics emphasize just how significant password-related issues can be not only as an inconvenience but also as a major factor in productivity and security. Many organizations implement multiple credentials across systems to reduce the risk of widespread damage if one login becomes compromised. Seeing this in action helped me realize that password resets are far more than routine tasks; they are vital security controls that help safeguard an organization from broader cyber threats.
During my internship, I had the opportunity to observe and support these layers of security in practice. Prior to this experience, most of my cybersecurity knowledge was theoretical. I had studied the CIA Triad (Confidentiality, Integrity, and Availability), malware, firewalls, encryption, and authentication protocols in the classroom. However, working hands-on changed my perspective. From configuring Duo two-factor authentication to managing user permissions in Cerner, I was regularly applying core cybersecurity principles in real-world scenarios. This practical exposure not only deepened my understanding but also reinforced how essential these measures are to protecting sensitive systems and data.
One exciting aspect was helping users enroll in Duo. Duo is a two-factor authentication solution that helps organizations boost security by verifying user identity, establishing device trust, and providing a secure connection to company networks and applications(What is duo? Two-factor authentication from Cisco, June 2025). We began the Duo rollout in the Human Resources building, starting with the third floor as a trial run. The goal was to assess how long the enrollment process would take and identify which users required assistance. We went desk-to-desk, walking each employee through the Duo two-factor authentication setup step by step. For those who needed help, we provided direct support to ensure successful enrollment. Once the initial rollout was completed, we awaited feedback from our supervisors before proceeding with the full deployment, which eventually included over 500 users. As the rollout expanded, we also began handling support tickets related to Duo enrollment. Each user required a personalized walkthrough, which greatly improved my ability to communicate technical concepts in a clear and accessible way.
Academic Preparation and Application
Old Dominion University’s curriculum gave me a strong foundation that prepared me for many of the tasks I faced. Courses such as Introduction to Cybersecurity, Systems Administration, and Networking Fundamentals taught me key principles I later applied in the internship. For instance, understanding how user roles and access control lists work helped me manage account provisioning. Similarly, familiarity with Windows operating systems helped me during monitor deployments.
Some classes also introduced me to Microsoft Teams and ticketing workflows, which helped me acclimate quickly. However, the internship also exposed me to enterprise tools like Cerner Millennium and the state’s audit systems platforms not available in an academic setting. These systems required learning on the job, and I was able to pick up new technical skills quickly with the support of my mentors. In addition to my ability to quickly pick up new technical skills, I gradually earned the trust of my team, which led to increased independence in my tasks. Over time, they began allowing me to complete assignments on my own without constant supervision. This gave me the opportunity to assist users in various buildings throughout the city, rather than remaining solely in our main office. Even when I needed help, my growing proficiency with Microsoft Teams enabled me to effectively reach out for support when necessary. This combination of independence and resourcefulness significantly strengthened my confidence and problem-solving abilities in real-world IT environments.
This experience reinforced the importance of continuous learning in the IT and cybersecurity fields. Even though I had studied access management and encryption, working in a real-world environment made the relevance of those topics far clearer. Seeing how access reviews align with security policy compliance provided valuable context that’s hard to gain from textbooks alone. I also recognized the value of interdisciplinary knowledge understanding how social services programs and clinical care operate helped me configure access in context, ensuring staff had the tools they needed without overreaching privileges.
Personal Growth and Learning Objectives
My three main learning objectives were to gain technical experience, develop professional communication skills, and deepen my understanding of cybersecurity’s role in public service. I am proud to say I met and, in many ways, exceeded all three.
Technically, I participated in everything from Duo authentication to monitor installations to SharePoint record-keeping. I communicated daily with users and staff, helping solve problems and explain processes clearly. Most importantly, I now better understand the broader role of cybersecurity not just as a set of tools or systems, but as a culture and responsibility integrated into every part of an organization. I developed an appreciation for proactive security measures ones that prevent threats before they occur such as endpoint protection, routine audits, and layered authentication.
My professional communication skills developed significantly. I learned how to be courteous but efficient over the phone, how to write clear and direct support emails, and how to document each action I took for future reference. These soft skills are just as critical as technical know-how in a cybersecurity career. I also became more comfortable communicating with supervisors, asking clarifying questions, and even offering suggestions for process improvements skills that will serve me well in any team-based IT environment.
Motivations, Challenges, and Reflections
One of the most exciting aspects of the internship was knowing that the work I was doing had real-world consequences. Every password I reset, every audit I contributed to, and every system I deployed played a part in maintaining the security and efficiency of public services. There’s a profound sense of fulfillment in helping an organization protect sensitive data and serve the public better.
There were certainly challenging moments. During our first full week, we had to ensure over 100 employees’ access credentials were properly audited a tedious task that required coordination, precision, and endurance. There were also times when equipment didn’t work as expected or when a user’s issue took longer to resolve than planned. But every challenge helped me grow. Even the seemingly small obstacles like navigating conflicting ticket notes or resolving remote login delays became chances to learn. These real-world experiences strengthened my resilience and decision-making under pressure.
Advice for Future Interns
As Eva Chen once said “ My advice for young people is, study what you love and intern in what you want to do. And I think it’s okay to pivot as many times as you need to.” Future interns in this role should embrace every opportunity to learn even the seemingly small tasks. Ask questions, take initiative, and document everything. Come in with a strong understanding of cybersecurity basics, but remain open to learning new systems and tools. Your willingness to adapt will set you apart. I would also recommend becoming comfortable with Microsoft Excel, SharePoint, and remote access tools, as they are heavily used in government IT environments.
Prepare to use platforms like Microsoft Teams, SharePoint, and Active Directory. And most importantly, remember that every small action from resetting a password to auditing a user profile contributes to a safer, more secure government infrastructure.
As I state above, Eva Chen once said, “Study what you love and intern in what you want to do. And it’s okay to pivot as many times as you need to.” I feel fortunate that I am currently studying what I love and had the chance to intern in the exact field I want to pursue. This internship with the City of Virginia Beach was my top choice and it did not disappoint.
Conclusion
Oliver Wendell Holmes Jr. once said, “A mind that is stretched by new experiences can never return to its original dimensions.” This quote perfectly encapsulates my experience with the City of Virginia Beach’s HHS IT department. I am leaving this internship with a broader mindset, a deeper understanding of cybersecurity in action, and a greater appreciation for the work that IT professionals do every day.
I now know that I want to work in a public sector role where I can make a difference through technology. This internship has solidified that goal, and I feel more equipped than ever to pursue a career in cybersecurity. As I complete my studies at Old Dominion University, I look forward to applying the skills I’ve gained and continuing to grow as a professional committed to securing critical infrastructure and supporting the greater good.
Work Cite
About Virginia Beach. City of Virginia Beach. (n.d.). https://police.virginiabeach.gov/community/about-virginia-beac
What is duo? Two-factor authentication from Cisco. Cisco. (2025, June 3). https://www.cisco.com/site/us/en/learn/topics/security/what-is-duo.html
Software, S. (2023, January 25). Password reset calls are Costing your org big money. BleepingComputer. https://www.bleepingcomputer.com/news/security/password-reset-calls-are-costing-your-org-big-money/