Reflection #1<\/strong><\/p>\n\n\n\n Over the first 3 weeks interning with the COVA cyber clinic, I\u2019ve learned a whole lot of valuable information through teaching styles that are significantly more engaging than just basic presentations and lectures. Specifically, working with our guest professor John Baaki has been one of the most unique learning experiences in my college career. From doing his team building exercises at the beginning of meetings to the implementation of the design and possibilities framework into a class presentation, I\u2019ve been able to gain valuable knowledge and skills such as problem solving, collaboration, and design thinking, all of which I can utilize for work later in the clinic, and for my future career. <\/p>\n\n\n\n During the beginning of the clinic, I definitely felt more reserved and didn\u2019t speak up a ton when it came to discussions, but over time by working in small groups and presenting to everybody, I\u2019ve become more comfortable in sharing my input and adding my perspective to the class. One thing I enjoyed during our first meeting with Dr. Baaki was where I worked with a small group to identify points of \u201cempathy\u201d and \u201cdefine\u201d for the Heavenly Paws security scenario. Under this environment, I was able to engage in a discussion under less pressure, and collaborating with those people helped me practice providing constructive feedback and actively listening, which I can now integrate into larger group discussions to have more effective contributions.<\/p>\n\n\n\n On top of that, I also learned a great method of creating and building off new ideas within a group by using the \u201cyes add\u201d technique and bouncing ideas off each other to bring the concepts to new possibilities. Dr. Baaki also taught us about the design and possibility spaces framework to have a structure of turning ideas into a plan, and I really can’t understate the importance these technique will bring when I need to come up with security solutions for a real company moving forward<\/p>\n\n\n\n Working with the clinic for just 3 weeks now already has me wondering what a career in risk management might look like. Cybersecurity is a very diverse field and I\u2019m still unsure of what sector I want to work in after I graduate, but if I continue to enjoy working on the next projects in the cyber clinic, I can seriously see myself considering a career in risk management at some point in my future.<\/p>\n\n\n\n\n\n\n\n Reflection #2<\/strong><\/p>\n\n\n\n In the COVA Cyber Clinic over the last couple weeks, I\u2019ve started applying the concepts we\u2019ve been studying in the first 6 weeks of the program into real world scenarios. On Thursday last week, I got to meet my client for the first time, and it was a very fulfilling experience. My group and I had the privilege of interviewing Tashaya from TJS Financial Solutions, diving into the history of her company, her experience with data breaches, and her goals from a cybersecurity standpoint. We also had a followup meeting with her today where we got to provide some immediate solutions for some of the security issues she\u2019s been having while we work on our final presentation to give to her in April, and ask her some important questions to get the most out of this project. Conducting these meetings with an actual business owner has felt incredibly rewarding and has helped me develop skills such as professionalism, communication, and problem solving.<\/p>\n\n\n\n Throughout my past 3 years in college, the only methods of applying what I\u2019ve learned is by taking exams or completing homework assignments, which while important, does not have much of a satisfaction element to go along with it. Learning with the Cyber Clinic however has already felt way more rewarding because instead of just seeing grades and exam scores, I get to witness the impact of my knowledge in a real world context by communicating with my client and engaging in meaningful discussions. During our meeting today for example Tashaya described the information we provided with her \u201cthought provoking\u201d and \u201cvaluable,\u201d and seeing that immediate effect of the services we\u2019re providing make my learning feel much more significant and impactful.<\/p>\n\n\n\n I hope that in the remaining 6 weeks after spring break, I\u2019ll be able to create a presentation with my group that will be able to shape the direction of an entire company and create a lasting influence on the owner. So far my experience has been great and I\u2019m eager to continue growing through it.<\/p>\n\n\n\n\n\n\n\n Reflection #3<\/strong><\/p>\n\n\n\n Over the last few weeks during my Cyber Clinic internship, my group and I have begun to prepare all the information our client has given us and come up with solutions and feedback to improve her security hygiene and lock down her devices. One thing that\u2019s been a struggle regarding the development of our project is that the business does not have a huge digital footprint, or even a network at all, at least for the time being. At first, it was somewhat difficult to find a direction to take our presentation because our client\u2019s current scenario is so different from a typical business. <\/p>\n\n\n\n After thinking more about it however, I realized that most companies are never running under ideal circumstances, especially ones that have a lower budget to spend on IT infrastructure. Even if she did have a network or database, there would be other shortcomings that would take its place. These thoughts have made me realize that if every business is different, then every presentation should be different, so my group and I can just tailor our powerpoint to what best fits our clients current setup, and anything regarding a network can be presented as ideas for the future of the business.<\/p>\n\n\n\n Nonetheless, It\u2019s been interesting to see how a small business approaches cybersecurity, especially when my views on how IT departments worked before starting this internship were mainly limited to big business with a decent level of money and employees dedicated to keeping a network running and secure. Working on this section of the clinic has definitely been an eye opening experience and I hope that I can use my new perspectives to deliver exactly what my client needs in the remaining few weeks.<\/p>\n\n\n\n\n\n\n\n Final Individual Reflection<\/strong><\/strong><\/p>\n\n\n\n Throughout my 15 week internship with the COVA Cyber Clinic, I had the opportunity of working with Tashaya Singleton of TJS Financial Solutions to perform a cybersecurity risk assessment of her business. When I started with the program, I wasn\u2019t quite sure what to expect out of it. I originally thought I might meet with the client one time and then make a project based off what I learned from one interview, however I was actually much more engaged that expected and ended up meeting with Ms. Singleton once a week. Meeting several times actually made the experience way better because my group and I were able to ask follow up questions when needed, provide more immediate feedback, and also get to know the client better, making me feel more connected to the work I was doing.<\/p>\n\n\n\n I\u2019d say only a couple things went wrong during the whole internship, and the main thing was that my group had a hard time getting our project started as we felt like we didn\u2019t have a huge foundation to build from. On the other hand, most things went right, such as my group turning in all our work on time, the final presentation looking professional, and we didn\u2019t have any missed meetings or issues with our client. I learned a lot of lessons throughout those 15 weeks, the main one being how to assess a company for their risks and communicate solutions in a presentable manner. If I could start the project over again, I would definitely check in with the professor or TA more often, as they provided valuable advice that helped jumpstart the project, but I wish I had talked with them sooner or more frequently to provide alternative perspectives and feedback on my work.<\/p>\n\n\n\n At the beginning of the clinic, I stated a few goals in my memorandum of agreement that I hoped to achieve out of the internship. The first one was that I want to gain real world experience in the realm of cybersecurity, and I believe I definitely accomplished that. By analyzing an entire company for potential risks and security issues, I don\u2019t think there could\u2019ve been a more effective way to get hands-on experience in a business environment. I also got to learn how to apply security and risk concepts to a company, such as NIST 2.0 or Greg Tomchick\u2019s top 10 valor checklist, which is definitely a skill I can use in the future. Another goal I had was to network with peers in the classroom, which was definitely achieved. I mostly worked with my group members Araya and Kiori, and we communicated outside of class quite often to come up with solutions for our client and develop our presentation. Overall they were great group members and I\u2019m glad I got to work with them. Finally, my last goal was to provide valuable feedback for TJS Financial Solutions security posture, and based on her gratitude for my work, I\u2019d say that was accomplished too.<\/p>\n\n\n\n The most motivating aspect of this internship was definitely that I got to offer ideas and solutions that deeply affect how a business operates moving forward. Unlike most classes, it felt like my work had actual meaning and wasn\u2019t just a basic assignment that I was turning in just to get points. Due to the importance of my work, I was constantly motivated to make the best presentation possible and not provide any bad advice that could harm the company. I took my time to carefully research and provide well informed recommendations, and presented them in a format that was easy to understand. That being said, there were still a lot of challenges I faced that ended up being a roadblock for some time. The biggest issue was that my client did not operate a database\/network, or have any employees, which eliminated a lot of the recommendations that could be given to the client. Instead of being able to provide advice about network firewalls, company policies, or employee training like some of the other groups, my group felt like we had to scale back a bit and focus more on simpler things that can be done by one person, such as implementing multi factor authentication or using strong passwords. This challenge definitely made it difficult to start our project because we didn\u2019t know where to begin, however looking back, the real issue was that we were comparing her small business to much larger companies, when in fact every company is at a different stage of growth, and even without million dollar databases or complex infrastructure, a small business can still benefit from cybersecurity improvements. The purpose of the clinic is to tailor our presentation to her current needs, so once I got that in mind, it was easier to start the project.<\/p>\n\n\n\n For future interns of the cyber clinic, I would recommend working hard and treating the client with empathy and respect. Since this is a paid program with real world impact, it\u2019s important to stay motivated and put effort into creating a meaningful presentation, not just the bare minimum. One thing that I wish I did differently was communicate the scope of my work with the client early on. Some clients apply to the clinic thinking they\u2019re going to get a whole network scan or pentest, when in reality it\u2019s more of a consultation, so it\u2019s important to manage client expectations. Before starting this internship I\u2019d say it\u2019s important to review different security frameworks and types of risk, that way you can enter the program with the information you need to provide valuable feedback and advice.<\/p>\n\n\n\n In conclusion, doing this internship has been an incredibly rewarding experience that helped me build skills I will use throughout the rest of college and my professional career. Over the 15 weeks I was able to deepen my understanding of cyber risk concepts and real world applications, and also work on soft skills like communication and collaboration. I\u2019m proud of the project my team and I produced and feel like my work made a meaningful impact of Ms. Singleton\u2019s business, and I hope the advice will help her secure her company for years to come. Throughout the remainder of my time at ODU, I can use my hands-on experience and apply the concepts I learned to complete coursework and deepen my understanding of new material I might learn in the future. This internship also helped confirm the fact that I definitely want to build a career in cybersecurity one day. In the past I mainly wanted to do more technical work, but this experience showed me I would also enjoy the consulting side of cybersecurity, conducting risk assessments and creating personalized solutions for an actual job.<\/p>\n","protected":false},"excerpt":{"rendered":" COVA Cyber Clinic Internship Reflection #1 Over the first 3 weeks interning with the COVA cyber clinic, I\u2019ve learned a whole lot of valuable information through teaching styles that are significantly more engaging than just basic presentations and lectures. Specifically, working with our guest professor John Baaki has been one of the most unique learning… <\/p>\n