Chris Hopkins

Cybersecurity Internship CYSE368

July 28, 2024

Supervisor: Douglas Gernat

Final Paper

Table of Contents

Introduction ……………………………………………………….. 1

Internship Overview ……………………………………………. 2

Management Environment …………………………………… 2 – 3

Work Duties and Projects ……………………………………. 3 – 4

Application of Cybersecurity Skills …………………………. 5

Achievement of Objectives ………………………………….. 6 – 7

Curriculum and Internship Preparation …………………….. 8 – 10

Motivating Aspects …………………………………………….. 10 – 11

Discouraging Aspects ………………………………………… 12

Challenging Aspects ………………………………………….. 12 – 13

Recommendations for Future Interns ……………………. 14

Conclusion ……………………………………………………… 14 – 16

My internship as an IT Specialist at the City of Richmond City Hall’s Department of Information Technology has been an invaluable experience, offering a unique blend of professional growth and personal development. Choosing this organization for my internship was driven by my desire to gain hands-on experience in a governmental IT environment, where the challenges are unique and the impact of the work is significant; I’d be remiss if connections and opportunities didnt serve as a motivator as well. This reflection paper aims to provide a comprehensive overview of my journey, capturing the observations, projects, tasks, and challenges encountered along the way.

The decision to intern at the City of Richmond’s Department of Information Technology was influenced by my interest in public sector IT operations and the critical role they play in supporting city functions. Working in this environment promised exposure to a wide range of IT challenges and opportunities to apply cybersecurity skills in a real-world context. Additionally, the chance to work under the mentorship of experienced professionals like James Furguson and Douglas Gernat provided an attractive prospect for learning and professional development.

This paper will provide a detailed account of my internship experience, starting with an overview of the City of Richmond’s Department of Information Technology, including its history, services, and organizational structure. It will then describe my initial orientation and training, my impressions of the company, and the management environment. The core of the paper will focus on my major work duties, assignments, and projects, highlighting how I utilized cybersecurity skills to address real-world challenges. I will reflect on the connections between my academic curriculum and practical experiences, assess the achievement of my internship objectives, and discuss the motivating, discouraging, and challenging aspects of my role. Finally, I will offer recommendations for future interns and conclude with a summary of key takeaways and the influence of this internship on my future career path.

To understand the context of my internship, it’s important to delve into the history and structure of the City of Richmond’s Department of Information Technology. The department, established under city ordinance, is led by the “Director of Information Technology, who has general management and control, including appointing and removing staff, and setting rules consistent with city ordinances” (City Hall DIT). By 2016, the department lacked a dedicated security team until Douglas Gernat was appointed as the Chief Information Security Officer (CISO). Douglas, along with Info Tech veterans; Charles Wilkerson and Stewart Kessler, laid the foundation for the department’s cybersecurity initiatives. In 2019, James Furguson joined as a System Tool and Mititgation Analyst, further strengthening the department’s technological infrastructure and security measures. These changes marked significant growth and development for the Department of Information Technology, enhancing the security and efficiency of IT operations within the City of Richmond. 

During my internship at the City of Richmond City Hall’s Department of Information Technology, I was tasked with several key responsibilities that contributed significantly to the department’s operations and security posture. One of my primary duties involved leveraging Tenable to monitor and identify vulnerabilities by filtering based on Common Vulnerabilities and Exposures (CVE) and exploitation availability. Through thorough analysis, I found that none of the identified vulnerabilities had associated exploitations, indicating that our current security measures were effectively mitigating known threats. This task was vital for maintaining the integrity and security of our IT systems.

Another significant task I was assigned was provisioning a batch of physical RSA tokens for the City Hall Department of Utilities (DPU) security domain. This involved preparing the tokens, configuring them correctly, and ensuring they were securely handed over to the DPU staff. These tokens are critical for secure authentication and access control within the department, enhancing the overall security posture. In addition to provisioning physical tokens, I was also tasked with provisioning digital tokens driven by user requests, which I had to approve or reject based on specific criteria. Leveraging City Hall’s Active Directory, I identified the users and their respective security domains to ensure that the tokens were set correctly, ensuring that only authorized personnel had access to sensitive information and systems.

Utilizing Tenable for vulnerability assessment broadened my practical insights into identifying and mitigating potential threats. This task was crucial for ensuring the ongoing security of the city’s IT infrastructure, preventing vulnerabilities from being exploited and mitigation insurance. Provisioning both physical and digital RSA tokens was essential for secure authentication and access control within the department. These tokens play a critical role in protecting organizational assets by ensuring that only authorized personnel can access sensitive systems and information. Developing a robust incident response plan was imperative for ensuring that the DIT could effectively identify, respond to, and mitigate security incidents. This plan provided a structured approach to managing security events, reducing the impact of potential breaches, and ensuring continuity of operations.

One of my major assignments involved using Trellix Skyhigh, a sophisticated tool essential to our security strategy. Trellix Skyhigh allows us to evaluate and categorize URLs based on their risk levels and associated IP addresses. This tool is crucial for swiftly identifying and mitigating potential threats to our network, ensuring the integrity and security of our IT systems.

Under the guidance of Mr. James Furguson, I was responsible for uploading batches of URLs into Trellix Skyhigh for assessment. This involved utilizing the tool’s automated system to analyze each URL against predefined risk criteria, which streamlined the threat identification process significantly. The automated system played a pivotal role in our operations by promptly flagging URLs that posed significant risks and automatically blocking them, thereby reducing potential vulnerabilities without requiring extensive manual intervention.

However, recognizing that automated systems have limitations, part of my role included manually reviewing URLs that were not flagged by Trellix Skyhigh’s automated system. This meticulous review process was essential in identifying any additional risks that may have been overlooked initially. Upon identifying potential threats through manual review, I took proactive measures to block these sites, ensuring comprehensive network security measures were in place.

The hands-on experience with advanced cybersecurity tools and the practical application of theoretical knowledge significantly deepened my understanding of network security and threat management. This assignment has been instrumental in advancing my skills in using sophisticated security tools like Trellix Skyhigh and gaining hands-on experience in threat assessment and risk management. It instigates the importance of employing a dual approach that combines automation with human oversight to effectively safeguard our network against evolving cybersecurity threats. Using Tenable for vulnerability assessment provided insights into identifying and mitigating threats, while provisioning RSA tokens highlighted the critical role of secure authentication methods. Developing an incident response plan reinforced the importance of having structured procedures to manage security events effectively. 

Additionally, my role extended to assisting the Department of Information Technology (DIT) in developing their incident response plan, which involved referencing policy-to-procedures and leveraging risk-based vulnerability management frameworks. Assigned to the blue team, we concentrated on internal and external risk analysis and mitigation, aiming to tailor a comprehensive response plan to meet the unique security needs of the City of Richmond. During our meetings, we meticulously defined key roles within the incident response team, such as the operator, incident lead, triage manager, and major event manager. Each role was carefully delineated to establish clear responsibilities and streamline response efforts during crisis situations. This structured approach is essential for maintaining organizational resilience and minimizing the impact of security incidents on our operations.

In accordance with role definitions, our discussions encompassed crucial aspects of the incident response plan. This included emphasizing the pivotal role of the Office of Security Management in overall preparedness and stressing the strategic significance of vendor relationships in securing timely support and essential resources. We also explored the concept of fusion, a strategic approach to bolstering our response capabilities in the face of significant threats, ensuring scalability and effectiveness in our response efforts.

Participating in the collaborative development of the Red Book has significantly enhanced my understanding of incident management and underscored the importance of comprehensive planning and communication in mitigating security risks effectively. This experience has equipped me with valuable insights into strategic incident response frameworks and strengthened my ability to contribute proactively to cybersecurity initiatives in a dynamic organizational setting.

Throughout this internship, I made substantial progress towards achieving the learning outcomes and objectives set at the start of the journey. My work with Tenable allowed me to gain a deeper understanding and practical experience in vulnerability management, fulfilling my objective of mastering this critical aspect of cybersecurity. Using Trellix Skyhigh for URL risk assessment further enhanced my ability to identify and mitigate potential threats, thereby strengthening my skills in network security and threat management.

By provisioning RSA tokens and developing an incident response plan, I enhanced my skills in secure access control and incident response, aligning with my goal of strengthening security protocols within an IT environment. The use of RSA SecureID tokens and Active Directory for managing user authentication underscored the importance of precision and accuracy in secure access management. Additionally, the manual review of URLs not flagged by Trellix Skyhigh’s automated system required keen analytical skills, reinforcing the necessity of human oversight in cybersecurity operations.

Working on the Red Book, our comprehensive incident response plan, provided me with valuable experience in strategic planning and coordination. This project involved collaborating with team members to define roles, responsibilities, and protocols, ensuring a robust and effective response to security incidents. The integration of policy-to-procedures and risk-based vulnerability management frameworks was instrumental in tailoring the response plan to the unique security needs of the City of Richmond.

The guidance and feedback from one of my sub-advisors, Mr. Furguson, held its weight in gold. His mentorship helped me refine my technical skills, adhere to best practices, and effectively tackle the challenges I encountered. His support was crucial in achieving my learning objectives and contributed significantly to my professional development. The hands-on experience with advanced cybersecurity tools and the practical application of theoretical knowledge significantly deepened my understanding of network security, threat management, and incident response, equipping me with the skills and confidence to handle complex cybersecurity challenges in the future.

Reflecting on my experiences, it’s clear that the Old Dominion University (ODU) curriculum played a pivotal role in preparing me for this internship. The practical skills and theoretical knowledge I gained from my coursework were directly applicable to the challenges I faced and the projects I undertook at the City of Richmond City Hall’s Department of Information Technology.

The “Cybersecurity-Technology-Society” course provided a broad overview of the impact of cybersecurity on technology and society. It helped me understand the broader context of my work, particularly the importance of maintaining robust security measures to protect sensitive information and maintain public trust. During my internship, this knowledge was reinforced as I dealt with real-world scenarios where the integrity and security of IT systems were paramount to the city’s operations and public services. For instance, one notable scenario involved a critical vulnerability identified through the Tenable vulnerability management system. This vulnerability could potentially compromise the city’s financial systems, which handle sensitive taxpayer information. Understanding the broader implications highlighted in Cybersecurity-Technology-Society, I collaborated with James to swiftly patch and mitigate the vulnerability. This proactive approach not only safeguarded the city’s data but also reinforced my understanding of how cybersecurity practices directly impact public trust and operational continuity in municipal governance.

Building on this foundational understanding, “Cyber Law” offered a critical perspective on the legal aspects of cybersecurity. This course delved into various legal frameworks and regulations that govern cybersecurity practices, providing me with invaluable knowledge that proved essential during the development of the incident response plan. Ensuring our plan adhered to legal requirements and industry standards underscored the importance of meticulous documentation and strict compliance with legal protocols in all cybersecurity activities.

Turning to the psycological side of cybersecurity, the “Cybersecurity & Social Science” course illuminated the crucial role of user behavior and social factors in security breaches. This course provided deep insights that were particularly valuable when managing user access and authentication with RSA tokens during my internship. Understanding the potential risks associated with user behavior enabled me to implement more effective security measures and educate incoming interns on best practices, significantly enhancing the overall security posture of the organization.

The technical rigor of the “Linux System for Cybersecurity” course was directly applicable to my internship tasks. The hands-on experience I gained in this course proved invaluable when dealing with network security and system management. The technical skills and familiarity with Linux systems enabled me to efficiently monitor and manage vulnerabilities using Tenable, a tool that often interacts with Linux-based systems.

Finally, the course on “Windows System Management and Security” provided the expertise needed for managing and configuring RSA tokens and using Active Directory. This knowledge was crucial for understanding the intricacies of managing Windows-based environments and implementing security measures effectively. This was especially relevant when provisioning digital tokens and ensuring accurate security domain configurations for authorized personnel.

The internship was filled with motivating and exciting aspects that fueled my passion for cybersecurity. One of the more enlightening aspects was working with advanced cybersecurity tools like Trellix Skyhigh and Tenable, which provided hands-on experience in real-world threat management and vulnerability assessment. Using Trellix Skyhigh to evaluate and categorize URLs based on their risk levels allowed me to actively contribute to safeguarding the city’s network, providing a profound sense of responsibility and achievement. Similarly, leveraging Tenable to monitor and identify vulnerabilities underscored the importance of proactive threat mitigation and reinforced my understanding of essential cybersecurity practices.

Another significant motivator was the opportunity to collaborate with experienced professionals like Mr. James Furguson and Mr. Douglas Gernat. Their guidance and mentorship were invaluable, providing insights into industry best practices and enhancing my technical skills. Working alongside such knowledgeable individuals and learning from their expertise was incredibly inspiring and played a crucial role in my professional development. The dynamic nature of tasks, from provisioning RSA tokens to developing a comprehensive incident response plan, ensured that my work remained engaging and diverse. Each task presented unique challenges and learning opportunities, keeping me intellectually stimulated and eager to tackle new responsibilities.

Furthermore, the collaborative environment and the ability to work on critical projects, such as the Red Book, instilled a sense of purpose and accomplishment. Knowing that my efforts directly contributed to the city’s overall security posture gave me immense pride in my progress and journey. The continuous learning and professional growth, coupled with the satisfaction of overcoming intricate security challenges, made the internship an exciting and fulfilling experience. Successfully completing projects and solving problems not only reinforced my commitment to pursuing a career in cybersecurity but also highlighted the tangible impact of my work. Every day brought new opportunities to learn, grow, and make meaningful contributions, making the internship an immensely motivating and impactful journey.

The internship presented several discouraging aspects that were also illuminating. One significant frustration was the time-consuming and meticulous nature of manually reviewing URLs using Trellix Skyhigh. Although the automated system streamlined the threat identification process, it often required extensive manual oversight to catch potential threats that were overlooked, leading to repetitive and tedious work. The painstaking process of provisioning RSA tokens also posed a challenge, as any errors in configuration could result in security vulnerabilities, requiring a high level of accuracy and attention to detail. Balancing the efficiency of automated systems with the necessity for human intervention highlighted the limitations of relying solely on technology, underscoring the need for constant vigilance. Additionally, managing user requests for digital tokens was demanding, as it involved evaluating each request meticulously and ensuring precise security domain configurations to prevent unauthorized access. The complexity of integrating RSA tokens with Active Directory added another layer of difficulty, as misconfigurations could disrupt access control systems, requiring careful management and technical expertise. The relentless nature of ongoing threat assessment and the need for proactive security measures also contributed to the discouragement, as staying ahead of evolving cybersecurity threats required continuous effort and adaptability. 

Despite these discouraging aspects, they often intertwined with the broader challenges I faced throughout the internship, highlighting the complexities of maintaining a robust cybersecurity framework. One of the most challenging aspects of the internship was the intricate process of managing and provisioning RSA tokens for secure access control. Each token had to be meticulously configured and assigned to the appropriate security domain, necessitating a high level of precision to prevent security vulnerabilities. This task involved coordinating with various departments and handling user requests, which sometimes led to discrepancies or delays. The complexity of ensuring secure authentication and access control underscored the critical importance of accuracy and attention to detail in cybersecurity, making this responsibility both demanding and vital.

The manual review of URLs using Trellix Skyhigh presented another significant challenge. Although the automated system efficiently flagged and blocked many high-risk URLs, it did not catch every potential threat. This necessitated a thorough manual review to identify and mitigate threats that were overlooked by the system. This task required a deep understanding of potential risks and keen analytical skills, highlighting the necessity of balancing automated processes with meticulous manual oversight. The complexity of this dual approach underscored the importance of a comprehensive and proactive strategy in threat management.

Developing the incident response plan, particularly the Red Book, was a sizable threshold as well. Collaborating with team members to define roles, responsibilities, and protocols required effective communication and coordination. Ensuring that the plan addressed both internal and external risks and complied with legal and industry standards involved a thorough understanding of various frameworks and regulations. The complexity of creating a robust incident response plan highlighted the need for strategic planning and detailed documentation, making it a rigorous and demanding task.

Balancing these technical tasks with the administrative aspects of the internship added another layer of complexity. Managing multiple responsibilities, from technical implementations to strategic planning, required effective time management and prioritization skills. The multifaceted nature of the internship often led to periods of high pressure, where meeting deadlines and maintaining the quality of work were critical.

Navigating the learning curve associated with advanced cybersecurity tools and practices was an ongoing challenge. Mastering new tools and methodologies required significant effort and adaptability. Each new tool or process introduced its own set of challenges, necessitating continuous learning and adjustment to ensure proficiency. This constant need for learning and adaptation underscored the dynamic and evolving nature of cybersecurity.

Finally, addressing and overcoming unexpected issues, such as rogue computers or discrepancies in user data, required quick thinking and problem-solving abilities. These real-time challenges tested my ability to respond effectively under pressure and reinforced the importance of being adaptable and resilient in the face of unforeseen obstacles.

To prepare for an internship of this stature, future interns should start by familiarizing themselves with core cybersecurity concepts, ensuring a solid foundation in risk management, threat identification, and mitigation strategies. Understanding legal and regulatory frameworks is essential, so interns should study relevant regulations and compliance requirements to develop protocols that meet industry standards. Developing strong analytical skills is important for tasks like manual reviews and vulnerability assessments, where attention to detail and critical thinking are paramount. Enhancing communication and collaboration skills will be key to engaging in detailed discussions, contributing to planning sessions, and articulating findings and recommendations clearly. Finally, interns should prepare for a dynamic learning environment by being adaptable and proactive in seeking additional resources and training, staying updated on industry trends, and networking with professionals to gain valuable insights and mentorship. Completing relevant coursework, engaging in online training and certifications, and reflecting on learning objectives will help interns maximize their experience and align it with their career goals.

The internship experience has been transformative, providing a comprehensive understanding of cybersecurity practices and the practical application of theoretical knowledge. One of my main takeaways is the realization of the critical balance between automated systems and human oversight in maintaining robust security protocols. The extensive work with tools like Tenable and Trellix Skyhigh demonstrated the efficiency of automation in threat management while highlighting the indispensable value of human intervention for thorough risk assessment. The meticulous process of provisioning RSA tokens and developing a comprehensive incident response plan, including the completion of the Red Book draft, emphasized the importance of precision, strategic planning, and continuous learning in the ever-evolving field of cybersecurity. Collaborating on the Red Book project was particularly illuminating, as it required detailed documentation, clear role definitions, and comprehensive protocols, underscoring the necessity of preparedness and structured response in cybersecurity.

This internship will significantly influence the remainder of my college time at ODU. The practical experience I gained will serve as a strong foundation for my advanced coursework, providing real-world context to the theoretical knowledge I will continue to acquire. I plan to leverage the skills and insights gained from this internship to pursue more specialized projects and research opportunities within my cybersecurity curriculum. The exposure to real-world scenarios has not only deepened my understanding but also highlighted areas where I can expand my knowledge further.

Additionally, the mentorship and guidance from professionals like Mr. Furguson has inspired me to seek out further mentorship, employment and networking opportunities; understanding their critical role in professional development. I intend to actively participate in career oppurtunity meetings, attend industry conferences, and join professional organizations such as (ISC)² to connect with experienced professionals and peers in the cybersecurity field. Building these connections will be invaluable for gaining insights into industry trends, best practices, and emerging threats, as well as for receiving guidance and support as I advance in my career.

Moreover, this internship has inspired me to deepen my knowledge and prepare rigorously for the Certified Information Systems Security Professional (CISSP) exam, scheduled for September. The hands-on experience with advanced cybersecurity tools such as Tenable and Trellix Skyhigh, coupled with the comprehensive drafting of the incident response plan, has provided me with a robust foundation across many of the CISSP domains, including security and risk management, asset security, and security operations. To build on this foundation, I plan to integrate the practical skills and insights gained from this internship with targeted CISSP study materials and resources.

This preparation will involve a strategic combination of reviewing theoretical concepts and applying practical scenarios, ensuring a thorough understanding of each domain. By leveraging my internship experience, I aim to enhance my proficiency and confidently approach the CISSP exam. Achieving this certification will not only validate my expertise but also significantly enhance my career prospects in the cybersecurity field. My goal is to use this momentum to continue advancing my knowledge, taking on more specialized projects, and ultimately nurture my career more effectively in the cybersecurity industry.

Photos of Official Hunt & Incident Response Team Coin:

Work Cited

Richmond City Hall DIT Code of Ordinance. vol. Division 12. https://library.municode.com/va/richmond/codes/code_of_ordinances?nodeId=PTIICICO_CH2AD_ARTIVDE_DIV12DEINTE_SS2-514–2-534RE