Kiori Edwards
Reflection 1
2/2/2024
My First Impression of The Cyber Clinic
The first 50 hours of being a part of the Cyber Clinic have been the best time spent in any
course I’ve taken at ODU. The most intriguing aspect of the clinic thus far has been the
collaborative assignments and the engagement that is initiated throughout the class. Unlike most
courses, where learning is primarily lecture-based, this class is interactive, hands-on, and filled
with meaningful discussions. There are group-based activities that challenge me to think
critically and work alongside my peers which has made each class both educational and
enjoyable.
One of the standout features of this internship has been the guest speakers who have
joined our class. Having industry professionals share their experiences, insights, and advice
brings a fresh perspective to the learning process.
In addition to these experiences, I have learned a lot in just the first 50 hours. What I have
learned most is the importance of incorporating empathy when taking the initiative during
cybersecurity assessments for small businesses. Consulting is not just about identifying risks and
providing technical solutions; it’s also about understanding the unique challenges and constraints
that small businesses face. Being able to communicate security recommendations in a way that
aligns with their resources, operations, budgets, and long-term goals. This experience has
reinforced that cybersecurity isn’t just a technical field, it’s also about building trust, educating
clients, and working collaboratively to create realistic and effective security solutions.
In conclusion, I have enjoyed every moment in the cyber clinic and have already learned
an abundance of techniques. I look forward to further developing my skills, gaining deeper
insights into cybersecurity risk management, and continuing to collaborate with my peers and
mentors as I progress through the rest of this internship.
Kiori Edwards
Reflection 2
3/7/25
Life as a Consultant
After now having over 50 hours in the cyber clinic internship; I have had a multitude of
opportunities that involved consultations, and collaborative work with my team. I was fortunate
to be approved to do my first two cybersecurity assessments for the first two companies I walked
in to. The first company I did my assessment with was Jersey Mike’s Subs. I spoke with the
manager, Johnanthen and did a cybersecurity assessment with him using the Valor Cybersecurity
top 10 checklist. The second company I did my assessment with was Chicken Salad Chick. I
spoke with Brandon, the manager for them and again did the Valor checklist. Each of these
assessments were a great experience and helped grow my confidence in consulting.
My team and I were assigned to do an assessment for TJS Financial Solutions. We have
been actively working with the owner, Tasha, on improving her security measures. February 27th
we met Tasha for the first time and did the initial assessment, primarily building a report. March
7th we had a meeting via Teams and went over a presentation that we built and tailored for her
security posture; including vulnerable areas, enhancement and CMMC compliance standards.
In conclusion, I have been offered great opportunities to work with others from the cyber
clinic which has helped put my skills to the test. My team and I are giving our best efforts to help
our client become more secure, and we will continue to provide a service to help protect her
company.
Kiori Edwards
Reflection 3
3/30/25
Challenges as a Consultant
As I reach the 150-hour milestone in my cyber clinic internship, I have had the opportunity to work closely with my team and our client, Tasha, to improve her cybersecurity posture. Over the course of our internship, we have met with our client three times, each time preparing and presenting a PowerPoint that addresses her specific concerns. These presentations have been continuously refined to align with her evolving needs and our strategic approach to strengthening her security.
One of the most significant challenges we encountered was our client’s lack of cyber hygiene. Through our consultations, we identified several critical vulnerabilities and implemented key security measures to mitigate risks. Some of the major improvements we helped establish included enabling multi-factor authentication (MFA), setting up new email accounts for different devices, deploying ransomware protection, and integrating virtual private networks (VPNs). These implementations have significantly enhanced our client’s overall security, not just for her business operations but also for her personal cybersecurity practices.
Beyond technical solutions, this internship has been an invaluable learning experience in developing essential soft skills. As cybersecurity consultants, we learned the importance of patience, effective communication, and the ability to understand and address a client’s needs. Working with a small business has allowed us to see firsthand the impact that cybersecurity best practices can have on protecting sensitive data and daily operations.
As this internship comes to an end, I can say I genuinely appreciate the opportunity to contribute to a program and make a tangible difference to small businesses. This experience has also reinforced my passion for cybersecurity and shown me insights on project management. This experience has also provided me with skills that will be invaluable as I continue my professional journey.
Kiori Edwards
5/2/25
Cyber Clinic
Final Reflection
Participating in the Cyber Clinic internship was a great experience that allowed me to grow professionally, especially in the areas of leadership, client engagement, and consulting. Over the course of the program, I led a team of three students in developing cybersecurity assessments and recommendations for a small business client. While the internship did not include hands-on technical implementation, it provided valuable insight into the consulting side of cybersecurity: teaching me how to assess client needs, communicate recommendations effectively, and manage a real-world engagement from start to finish.
What Went Right and What Went Wrong
Several aspects of the internship went very well, particularly the strength of our teamwork. From the beginning, our group operated with strong organization and clear role assignments. Each team member leaned into their specific responsibilities, and we consistently collaborated to deliver thoughtful, practical solutions to our client. We made a number of strategic recommendations that were well received and ultimately implemented. The client was receptive and took our feedback seriously, which reinforced the impact of our efforts.
One of the more difficult parts of the project involved understanding the technical nature of the attacks our client claimed to have experienced. There was confusion surrounding incidents that were said to be similar to major breaches like those at Capital One and T-Mobile. However, without access to the devices involved or more detailed documentation, we were unable to validate or fully analyze these events. If I could do the project over, I would request the opportunity to examine the client’s devices directly to perform a proper forensic review. This would have allowed us to understand how vulnerabilities were exploited and what countermeasures were most appropriate.
Lessons Learned
As the team lead, I developed significantly as a project manager. I learned how to coordinate efforts among multiple people, provide guidance, and make decisions that kept us on track. I also learned patience, especially when working with a client who wasn’t always clear about their needs or expectations. This experience highlighted the importance of translating technical language into client-friendly terms, and tailoring solutions to their level of understanding and business constraints. Consulting is not only about delivering answers; it’s about listening, adapting, and guiding the client toward realistic and sustainable security improvements.
Internship Objectives and Fulfillment
One of the primary goals laid out in our Memorandum of Agreement was to help improve the cybersecurity posture of a small business. That goal was clearly met. Throughout the engagement, we were able to assess the client’s current state, identify vulnerabilities, and recommend solutions that addressed both immediate risks and longer-term resilience. I also developed critical consulting skills, learning how to perform a structured assessment, guide a client toward action, and follow up with reports and presentations to show progress. These experiences were aligned with the internship’s mission to expose students to real-world cyber consulting for small businesses.
Most Motivating and Challenging Aspects
The most motivating part of the internship was seeing our work make a direct impact. Knowing that our client felt safer and better informed about how to protect her business was incredibly rewarding. Additionally, having the trust of my peers to lead the team and orchestrate our strategy was both exciting and fulfilling. I enjoyed being in a position where I could help shape the direction of the project while also lifting up the team around me.
On the other hand, the most challenging aspect was the lack of technical implementation opportunities. Although we provided guidance on security controls, we were not able to directly install tools, run scans, or use penetration testing software. Furthermore, our client’s business lacked an enterprise network environment, which made it difficult to apply the more technical aspects of cybersecurity training. This limited our ability to work with endpoints, analyze traffic, or conduct hands-on risk analysis.
Recommendations for Future Interns
I recommend that future interns approach this experience with flexibility and a willingness to take initiative. Every client will be different, and you won’t always have a clean technical environment to work with. Students should be prepared to think creatively and communicate clearly, especially when working with clients who may not be tech-savvy. Interns should also come in with a foundational knowledge of cybersecurity frameworks, and perhaps even some experience with assessments and consulting practices. The better prepared you are to lead conversations and drive action, the more successful you’ll be.
Conclusion and Takeaways
This internship gave me the opportunity to experience cybersecurity from a consulting perspective, where technical knowledge had to be paired with soft skills like communication, leadership, and adaptability. My biggest takeaway is that consulting is just as much about building trust and relationships as it is about solving technical problems. I also saw firsthand how important cybersecurity is to small businesses and how much they rely on guidance from informed professionals.
Since I will be graduating soon, this experience won’t influence the rest of my academic career. However, it has had a significant impact on my professional goals. I’ve been inspired to pursue consulting as a long-term path and have even begun exploring the idea of launching my own cybersecurity consulting firm. This program gave me the confidence and the practical knowledge to begin shaping that vision.
Course Recommendations
To improve the course, I would recommend adding technical modules that offer hands-on training with cybersecurity tools. For example, professors could lead sessions on how to use penetration testing software, endpoint monitoring tools, or vulnerability scanners. Teaching students how to actually perform these tasks would greatly enhance their readiness to support clients. Beyond that, I believe the current format should remain in place, the client engagement, team collaboration, and presentation elements all contribute meaningfully to the learning experience.