Final Individual Reflection

Throughout my 15 week internship with the COVA Cyber Clinic, I had the opportunity of working with Tashaya Singleton of TJS Financial Solutions to perform a cybersecurity risk assessment of her business. When I started with the program, I wasn’t quite sure what to expect out of it. I originally thought I might meet with the client one time and then make a project based off what I learned from one interview, however I was actually much more engaged that expected and ended up meeting with Ms. Singleton once a week. Meeting several times actually made the experience way better because my group and I were able to ask follow up questions when needed, provide more immediate feedback, and also get to know the client better, making me feel more connected to the work I was doing.

I’d say only a couple things went wrong during the whole internship, and the main thing was that my group had a hard time getting our project started as we felt like we didn’t have a huge foundation to build from. On the other hand, most things went right, such as my group turning in all our work on time, the final presentation looking professional, and we didn’t have any missed meetings or issues with our client. I learned a lot of lessons throughout those 15 weeks, the main one being how to assess a company for their risks and communicate solutions in a presentable manner. If I could start the project over again, I would definitely check in with the professor or TA more often, as they provided valuable advice that helped jumpstart the project, but I wish I had talked with them sooner or more frequently to provide alternative perspectives and feedback on my work.

At the beginning of the clinic, I stated a few goals in my memorandum of agreement that I hoped to achieve out of the internship. The first one was that I want to gain real world experience in the realm of cybersecurity, and I believe I definitely accomplished that. By analyzing an entire company for potential risks and security issues, I don’t think there could’ve been a more effective way to get hands-on experience in a business environment. I also got to learn how to apply security and risk concepts to a company, such as NIST 2.0 or Greg Tomchick’s top 10 valor checklist, which is definitely a skill I can use in the future. Another goal I had was to network with peers in the classroom, which was definitely achieved. I mostly worked with my group members Araya and Kiori, and we communicated outside of class quite often to come up with solutions for our client and develop our presentation. Overall they were great group members and I’m glad I got to work with them. Finally, my last goal was to provide valuable feedback for TJS Financial Solutions security posture, and based on her gratitude for my work, I’d say that was accomplished too.

The most motivating aspect of this internship was definitely that I got to offer ideas and solutions that deeply affect how a business operates moving forward. Unlike most classes, it felt like my work had actual meaning and wasn’t just a basic assignment that I was turning in just to get points. Due to the importance of my work, I was constantly motivated to make the best presentation possible and not provide any bad advice that could harm the company. I took my time to carefully research and provide well informed recommendations, and presented them in a format that was easy to understand. That being said, there were still a lot of challenges I faced that ended up being a roadblock for some time. The biggest issue was that my client did not operate a database/network, or have any employees, which eliminated a lot of the recommendations that could be given to the client. Instead of being able to provide advice about network firewalls, company policies, or employee training like some of the other groups, my group felt like we had to scale back a bit and focus more on simpler things that can be done by one person, such as implementing multi factor authentication or using strong passwords. This challenge definitely made it difficult to start our project because we didn’t know where to begin, however looking back, the real issue was that we were comparing her small business to much larger companies, when in fact every company is at a different stage of growth, and even without million dollar databases or complex infrastructure, a small business can still benefit from cybersecurity improvements. The purpose of the clinic is to tailor our presentation to her current needs, so once I got that in mind, it was easier to start the project.

For future interns of the cyber clinic, I would recommend working hard and treating the client with empathy and respect. Since this is a paid program with real world impact, it’s important to stay motivated and put effort into creating a meaningful presentation, not just the bare minimum. One thing that I wish I did differently was communicate the scope of my work with the client early on. Some clients apply to the clinic thinking they’re going to get a whole network scan or pentest, when in reality it’s more of a consultation, so it’s important to manage client expectations. Before starting this internship I’d say it’s important to review different security frameworks and types of risk, that way you can enter the program with the information you need to provide valuable feedback and advice.

In conclusion, doing this internship has been an incredibly rewarding experience that helped me build skills I will use throughout the rest of college and my professional career. Over the 15 weeks I was able to deepen my understanding of cyber risk concepts and real world applications, and also work on soft skills like communication and collaboration. I’m proud of the project my team and I produced and feel like my work made a meaningful impact of Ms. Singleton’s business, and I hope the advice will help her secure her company for years to come. Throughout the remainder of my time at ODU, I can use my hands-on experience and apply the concepts I learned to complete coursework and deepen my understanding of new material I might learn in the future. This internship also helped confirm the fact that I definitely want to build a career in cybersecurity one day. In the past I mainly wanted to do more technical work, but this experience showed me I would also enjoy the consulting side of cybersecurity, conducting risk assessments and creating personalized solutions for an actual job.