CYSE 368

Reflection Paper 1

15 September 2024

The first day was daunting because most of my college classes were entirely online. We used a different method of introducing ourselves to the class, where you get to know a few things about someone else and introduce them. I thought this was interesting because it allowed me to practice networking, which I have never done.

Next, we discussed the importance of ethics in cybersecurity. Most of my cybersecurity skills were purely technical, but this topic made me realize how much more goes into cybersecurity. I never considered cybersecurity professionals’ responsibilities other than ensuring the client’s systems are secure.

For the remaining three days, we had Dr. John Baaki as a guest speaker, who made creating a risk management plan fun and exciting. We went into our groups to make a risk management plan for a provided scenario. Before this exercise, I had little experience working in a team, so I was nervous about presenting any ideas because I thought my group members would think they were terrible. Instead, they reinforced my ideas and made me feel more welcome to put them forward. Before the presentation, I was extremely nervous since I am not a strong speaker, but on the day, I did not feel nervous at all, which was new for me, and I think it is because of the class environment that was set up from the previous days. The supportive and encouraging class environment significantly reduced my nervousness and made me feel comfortable.

In conclusion, the first week of class was a valuable learning experience. From practicing networking and exploring cybersecurity ethics to working on a risk management plan, each activity helped me grow both personally and professionally. The supportive class environment made a significant difference, allowing me to feel more confident and engaged.

Reflection Paper 2

11 November 2024

Most of this portion of the clinic was meeting with the client to get the information needed for a risk assessment. The online meetings were very informative with them giving both teams a demonstration of how they do vulnerability management using Tenable. The meetings went well aside from a few difficulties with voices cutting out. My favorite moment from this section was being able to go to client and see in person how they do things. They did a great job at making me feel welcome and were very open to any questions that were asked which was great for getting to know exactly what they wanted. The head of Networking even gave us a tour of their server room which was a first for me. The only issue with the tour was that in a server room, there needs to be a lot of powerful fans which made it hard to hear everything that was said, and I was also at the back of the line which didn’t help, but I was able to understand a good amount of what was being said. Apart from the meetings with the client, working with my team is also going very well. Both of my team members are very responsive whenever I need to ask a question, whether we are in the classroom or working on our own time at home, and they are also amiable people who make sure that I feel included in the project. So far I have been able to learn so much about vulnerability management especially how complicated it is for an organization like a local government to patch vulnerabilities, and I have also been able to gain more experience in working in a team.

Reflection Paper 3

24 November 2024

Since the previous reflection, our team has focused on putting the finishing touches on the PowerPoint, getting the deliverables together, and the presentation. For the PowerPoint, it was a matter of ensuring it was high quality and set up to an executive level. Since we were combining both groups into a single presentation, it was important that the flow was smooth and the format matched throughout the entire presentation. There was a slight misunderstanding about where to make the edits to the presentation.  I made some changes to the slides that I would be presenting whether it was changing the content on the slides or adding speaker notes to the version of the presentation that was submitted to the final folder. However, the version of the presentation that was ultimately used was not the one in the final submission folder so my changes were not on that copy. This was just an accident that I didn’t recognize until it was my turn to speak. This caused me to have a moment when presenting where I did not remember what I was going to say because one piece of information was incorrect since my changes didn’t carry over, and the speaker’s notes were not there which made me panic and talk a lot faster. I don’t blame anyone in either group other than myself; this was just an unfortunate circumstance that will serve as a great learning experience for me in the future. Regardless, I have enjoyed working with my group members, as well as Team A to complete this project.

Final Reflection Paper

8 December 2024

This course combined classroom learning with hands-on clinic experience to provide a practical understanding of digital security. In class, we explored cybersecurity fundamentals and tools for managing risks in under-resourced organizations. In the clinic, teams worked with businesses to assess vulnerabilities and implement tailored solutions, balancing security with operational needs. The knowledge needed for these real-world, partner-focused projects, was provided through the in-class lectures. This reflection will evaluate my experiences, successes, and challenges in the course, offering insights into lessons learned, recommendations for future interns, and the impact on my professional growth.

Most of the team project went without any issues. I believe where our team shined was through our communication. My teammates, Rebecca and Micah, set up a group chat with all three of us so that any questions or difficulties any of us had during the project could be answered by the other group members. Everyone was very quick to respond to each other with most questions being answered within an hour or two, even if a question was asked late at night. The only major aspect of the project that went wrong was getting the scan results for the SQL database. Our team was using tenable.io to scan for vulnerabilities on the client’s system, but the scans would not show any results after completion. We later figured out was because we were not physically on their network. After going on-site, both to ask questions and to get a walkthrough of the IT department, we were able to scan their system from within their network and get the information that we would need to complete the assignment. The only thing that I would change about my approach to the project was the amount of research that I did before meeting the client. My knowledge of SQL databases was very surface level from what my previous courses, and I do not feel that I had enough knowledge to ask targeted questions about the system.

All my personal learning objectives for this course were fulfilled. My learning objectives were to gain real world experience, learn to work better within a team, learn how to manage risks, learn how to provide feedback to companies, and to develop better problem-solving skills. The real-world experience was being able to perform risk management for a local government’s SQL database while using tenable.io, which is a very popular risk management tool that is used by many organizations. For better teamwork, I got more comfortable asking questions and providing feedback to my teammates. Learning how to manage risks was achieved mostly through classwork, and our team had the learn how to prioritize risks and determine mitigation for a local government which is different from the other groups in the clinic. Learning how to provide feedback was interesting because I had to learn the missions and goals of the client, as well as how they measure success, to determine the type of feedback I should be presenting. Finally, I was able to advance my problem-solving skills naturally when my team found issues such as which vulnerabilities were the most important and diagnosing the issue with receiving the scan results.

There were a few aspects that excited me throughout the internship. One was the client inviting our team to their organization and showing us around the IT department. He also provided us a large amount of information about what goes into dealing with vulnerabilities such as how much coordination with other departments or other personnel is required. None of the courses that I have taken contained any of this sort of information, but instead focused on detecting vulnerabilities and how they are exploited. Another aspect that was interesting to me was the teamwork aspect. This was the first project during my time at college that was not completed as an individual. There were some group assignments, but they were never to the scale that this project was. As mentioned previously, the only challenging aspect was learning how to use tenable.io to perform the risk assessment.

I have a few recommendations for future interns, such as doing research beforehand, making sure they are comfortable with public speaking, being able to work in a team, and knowing how to ask questions. Researching cybersecurity concepts and tools before the internship begins will help interns feel more prepared and confident when tackling real-world challenges. Public speaking is necessary for presenting findings and recommendations to partners, so practicing this skill can be highly beneficial. Since much of the work is collaborative, being able to work effectively within a team through productive time management and distribution of tasks will make the project go smoothly. Lastly, knowing how and when to ask questions is vital for clarifying expectations, understanding complex tasks, and demonstrating a willingness to learn and engage fully with the internship experience.

This course provided a valuable combination of classroom learning and hands-on experience, allowing me to apply cybersecurity concepts to real-world situations. The emphasis on teamwork, communication, and problem-solving was instrumental in achieving our objectives and overcoming challenges, such as resolving the issues with scanning the client’s SQL database. My learning objectives were fulfilled as I gained real-world experience, improved my ability to work in a team, and enhanced my risk management and problem-solving skills. The opportunity to interact directly with a client, learn about their operations, and provide actionable recommendations was both exciting and insightful. There are only two things that I would change about this course and that is to limit the number of community outreach visits to one and work with each client to determine the deliverables prior to starting the internship. Our team felt that having to do more than one visit to local businesses limited the time we had to work on the main project. For the deliverables, we were originally told one format for both the presentation as well as a paper to provide to the client; however, as we talked with the client more, we learned that they had a specific method for deliverables that they would want instead. This made us change how we created the deliverables which also made it take longer. Moving forward, this experience has solidified my understanding of cybersecurity and strengthened my confidence in pursuing a professional path in this field.