Final Internship Paper

Posted by eneal003 on

Final Paper

Apple Federal Credit Union

Evan Neal

CYSE 368

Summer 2023

Introduction

My name is Evan Neal and I am a cyber security major at Old Dominion University. In order to earn my degree, I must complete an internship during my time at school. I applied to various internships that were related to cybersecurity or Information Technology (IT) in some way. However, I soon realized that landing an internship can be very difficult. First there were not many opportunities to get an internship within the field of cyber security. I learned why this is the case once I got my own internship. Also, this was my first time “job hunting” and I got to learn the hard way that many companies won’t even respond to your application. I even attended an internship/job fair that was a host to many big name companies like Raytheon and Northrupp Grumman. After spending over 6 hours going booth to booth and applying for internships none of them even led to an interview. I continued to apply to as many internship positions within the tech field as I could. I only landed an interview with a single company called Apple Federal Credit Union. I was competing with 3 others for this position and I was the last to interview. I felt like I had a pretty good interview with them and they thought the same. 

I was offered a full time internship position at their HQ in Fairfax Corners which is very close to where I live. The three main objectives when I came here to work was to get as hands-on experience as I possibly could, to gain a better understanding of the IT field as a whole, and to get a sense of direction when it came to my career in cybersecurity and IT. This paper will share my experiences working my first internship and job in the tech field.

The Beginning

For my first day, I went to the headquarters where I was going to be working and attended the on-boarding meeting with all the other interns.I also just wanted to add that the HQ is beautiful and very accommodating to the employees. There were six interns including me who were hired for the summer. During this meeting I learned that the company started as a credit union for teachers and was later broadened to accommodate anyone.Also that they are a not-for-profit organization and member owned, as well as being only located in northern Virginia. 

All the interns were in different departments such as People and Culture, Facilities, and Marketing. However, as the IT intern I was the only one who had to work full-time since the IT department specifically requested a full time intern. The other interns were part-time and only came in on Mondays and Thursdays which are the days that all employees are expected to work in the office which was a shock to me. I was told this decision was made when covid began to die down and upper management didn’t feel remote work was negatively impacting the company much. However for IT, if you are a contractor or an intern you are required to work from HQ everyday. After the intern meeting, we got our badges and went to meet our new coworkers. When I first met everyone my first thought was that they looked much younger than I was expecting. My workstation was already set up and it was much nicer than I thought they would give me. We all have at least two monitors and a keyboard and mouse setup on a very large desk. I also got a standing desk that can move up and down with the click of a button. I quickly began to realize that all of my coworkers were very funny and more importantly super smart and technical. Overall, my first impressions of the company were very good. Everyone seemed organized, professional, and competent.

Management and Organization

The management side of things for me has been great. My management consisted of my service desk manager, Liam, and my tier three team lead, Lizeth. From the first week they started me on a six week ramp up plan. This plan was very thorough in making sure that I got to experience all the different tasks that come with the IT department. I will say that at the start it was very boring because most of the time I would just read up on SOPs (Standard Operating Procedures) in their database and shadow my coworkers occasionally. However, that boredom did not last for very long and in the long run it was actually very helpful for building my troubleshooting skills. 

Over the weeks, I had various one-on-one meetings with personnel who specialized in a certain field or application who would teach me in detail about their system. They also made sure that each week I had a group or one-on-one meeting with them to discuss my ramp up plan and to address any questions that I had over the week. These meetings were very helpful to my growth since I had a very flexible ramp up plan. I would use these meetings to bring up things that I want to learn for the next week or bring up questions I had about last week’s ramp up plan. During one of our meetings I even just asked them about career advice and they thoroughly explained the many paths I could take if I wanted a career in cybersecurity. They constantly encourage me to ask questions and learn all that I can from this internship, and I believe it is because they truly want the best for me. I also like how they are not constantly over my shoulders trying to micromanage me. I think that they have done a wonderful job of supporting me and fostering my growth.

Work Duties

It really took until my six week ramp up plan was over to become fully integrated into all of my roles and responsibilities. My job at the company has been very similar to my coworkers on the service desk. I had access to many administrative tools and had very similar responsibilities as the contractors. My main priority was to focus on the tickets that were coming into the service desk. As a member of the service desk I am on the front line when it comes to technical issues affecting the company. We use JSM’s ticketing system at the company and we have certain KPIs (Key Performance Indicators) that we had to adhere to. Also depending on if the ticket is from a VIP or not we have different levels of urgency. At first glance this does not seem like much. However, the amount of different systems and applications that are used within a bank’s structure is a lot. In order to solve these issues you had to have a fairly good understanding of each of these systems and how they all work together. This knowledge of systems is crucial to building your troubleshooting skills. 

There are many different types of tickets that we receive on a daily basis. Some of the types are alerts, service requests, and PCR requests. To start, we have to have the ability to understand when any of these tickets need to be escalated to another department. Sometimes it will instruct you to escalate within the ticket and other times you will have to diagnose an escalation yourself. Having correct escalation knowledge can be crucial especially when it comes to the alerts that we get in our queue. If you are not able to quickly and correctly diagnose what to do with a critical alert it could have a large impact on the organization. Alerts are automatically added to our queue by a bot that monitors our system for specific changes. Sometimes they are just informational and other times they need to be acted upon quickly.

Service request tickets are the most common and actionable tickets we receive. These are requests that can usually be solved by the service desk team and can require competent troubleshooting skills in order to solve the problem. These requests are what built and continue to build my troubleshooting ability. Some of the issues that can occur with these tickets have to do with banking software, account permissions, applications, or connectivity/VPNs. These types of tickets are very important to the production of the company. If an employee is locked out of their account or they cannot access a core banking program it could have a negative effect on members. Some examples of this loss of productivity can be if they need to approve a loan or they are working with a potential member while opening an account. Since member service is highly regarded within the company model, these tickets have their own sense of importance. We use many different tools in order to solve service request tickets. Tools such as Bomgar are very useful since it allows you to remote into any computer within the organization. Apple also has an on-prem active directory that allows us to access the account information and permissions of our employees. This helps with account lockouts and permission changes if need be. We also have incorporated a cloud-based active directory called Azure that pulls from our on-prem active directory. Except, most of the trouble shooting is done for a specific program. So when you get a ticket what usually happens is that you remote into their computer using Bomgar. Then using your knowledge of the system that is having issues, you troubleshoot the issue with help from SOPs, previous tickets, and your team.

PCR requests have to do with installing a new software or deploying new or replacement hardware to a user. These requests usually require various approvals before the service desk can take action. One approval that is needed every time is the manager’s approval or whoever is one tier above the requestor. This is to ensure that their manager knows about the issue they are having and if it is hampering their work. The last signature depends on what exactly is being requested. If it is for a new software to be installed it could require cybersecurity to take a look at it. If it is for a replacement monitor then IT would need to approve of it. If they need a certain license added to their account that could require upper management to take a look at it as well. Once all the approvals are in, we can begin working on preparing the equipment or installing whatever software it is. It’s very important that we also understand when to make a normal service request ticket into a PCR. This way we don’t just give out a new permission or download an application that we shouldn’t for them.

These tickets were the bulk of the work that I do at Apple. They are all very important to the success of the IT department and the business as a whole. Without a service desk to keep everything up and running any business would crumble.

Cybersecurity

Since I am a cybersecurity major I learned a couple of things at school that helped me with an IT job. However, since I am only a rising junior I never got to take very many cyber courses. I spent most of my classes the first two years finishing all my general education credits. Nevertheless, the limited classes I took did help me in a couple of areas. One of them being the usage of the command line. I would like to add that I only used the command line in linux previously, but it is very similar to windows. Networking was another area that I was able to grasp easier because of the basic networking and programming class I took. The class definitely helped when it came to the names and uses of the hardware that I see here. As well as when I get deployed onsite they can walk me through certain networking tickets due to my basic understanding of where and what everything is. I would also like to add that the knowledge from these classes helped me tremendously in the interview process. 

I did have to learn a whole lot on the job since I never had any other tech jobs in the past. So I had to learn how to troubleshoot effectively and the documentation processes that come with that. 

During my time at the credit union it has exposed me to the actual structure of the IT department of an organization. Which helped me understand exactly how cybersecurity is positioned within the company. One misunderstanding I had about cyber was that it was an “entry level” position. Cyber security does have entry level positions but the amount of knowledge and experience you will need to succeed in the role is vast. You really can’t just walk into a cyber security role like you can enter into an IT role. My basic understanding now is that it’s a higher up position within the IT department. This has changed the way I think about cyber mainly by understanding what it looks like in the real world. While I was in school I believed that cyber was something almost separate from every other part of a company. Then they just made sure everything was running smoothly and created proper practices and procedures. However, they are much more hands on when it comes to alerts and escalations. I am also in awe of their level of expertise and understanding of all aspects of IT and the systems within the company.

ODU Curriculum

Since I did not take very many classes on cybersecurity or IT so I can’t really say I was overly prepared for this role. I did make some pretty basic connections with some of the devices and terms that they use within their system. By using some keywords that I learned in class and inferring, they were able to point me in the right direction when I was having problems. This made me realize just how important it is to know and understand all the various terms and phrases that are taught in class. But overall, I learned mostly everything on the job. I think the biggest disconnect with ODU curriculum and the internship was troubleshooting skills. After spending some time at this internship, I believe that troubleshooting is one of the most important skills you can have as an engineer. For example, even if you know how to solve a connection issue, it won’t matter if you can’t identify that it’s a connection problem in the first place. Troubleshooting skills are built through experience but I still think that ODU should try to incorporate building this skill more within their curriculum.

Internship Objectives

When I came to Apple, I had three main objectives for what I wanted to accomplish. Firstly, I wanted to get a bunch of hands-on experience. This goal has been a success due to this internship being a full time job. I was able to follow a proper ramp up plan that prepared me for my responsibilities later on. So now I am basically a full fledged member of the team, and with this comes all the responsibilities of an IT technician. So I have been sent to branches to fix problems, I deal with equipment deployments to both users and branches, and I help all users that send in requests to the service desk. So with all of the different tasks I am assigned I have been able to gain a bunch of real world experience. 

My second goal was to gain more knowledge about the IT world as a whole. When I first started school I didn’t even know what cybersecurity and IT really entailed. Even when I applied for this internship I didn’t understand what I was really getting into. Now I have a much better understanding of what IT does and the large amount of knowledge it requires. As well as all of the different IT fields that meld together to keep a business running smoothly. 

Lastly, I wanted to gain a better understanding of the career path I want to take in cybersecurity and IT. I was able to gain a bunch of knowledge when it came to this from my coworkers and bosses. There are a bunch of people who never even went to college and some with degrees related to IT. So I got a lot of different viewpoints on what path is best for me personally. The path I decided to take is a mix of some suggestions I got from everyone. I want to continue finding jobs in tech fields to gain experience while I am still in college. Depending on the difficulty of the job hunt I might do the A+ certification. Also, I want to get my Security+ and Network+ certifications before I graduate. So when I graduate I can either get hired as a junior security analyst or get onto the IT team and get promoted into a cybersecurity role within the company.

The Internship Experience

The most exciting and motivating part of the internship for me was the ability to learn as much as I wanted on the job. The team is always very willing to help me learn anything new. They also encourage me to take on new challenges and point me in the right direction when I am lost. The most discouraging aspect would have to be when you are stuck on a ticket for multiple days. Especially when you are constantly working on it and fixing issues but more keep popping back up. So I guess the troubleshooting learning curve was definitely not the most fun. One of the most challenging parts of the internship for me personally has to be getting used to a 8:30am-5pm workday every weekday. I’ve never had a normal business schedule like this for previous jobs I’ve worked. So having to wake up early everyday and getting home with limited time to do my hobbies was tough. Other than that, I would say that learning to troubleshoot effectively was definitely one of the most important and challenging aspects of the job. 

One recommendation that I would give to a future intern would be to get comfortable with asking questions. There is a lot that you don’t know that you don’t know yet. Without asking questions and understanding what exactly is going on you won’t be able to develop your troubleshooting skills. Also, you should keep a notes page with solutions to common problems that you can refer to at any time. This helps you if you blank out and forget the correct steps you can pull them up. It can also help with the memorization of solutions to easier problems. Which can help you later on when you troubleshoot more complex issues. So overall, before starting an IT internship you should learn some basic troubleshooting skills.

Conclusion

In conclusion, my main takeaway from this experience is the fact that Cyber security is not going to be easy to reach. You need to have a great understanding of most of the aspects of IT in order to properly perform the job. I also learned that Cyber security itself is not an entry level position that you can just easily get an internship for. It is also very common for companies to promote people within their company onto the cyber team because they understand all the systems that they use in the first place. All of this affects the way I will spend my time at college now. The one thing I want to change this year is my interaction with the cybersecurity club we have at school. I never went to anything in my first two years, but I want to change that and participate in a CTF event. From a professional standpoint this internship has helped me create a better career roadmap for myself. It also allowed me to see just how much I have to learn in order to be where I want to be in the future. I can see myself applying here when I graduate but next time as a cybersecurity analyst.

Leave a Reply

Your email address will not be published. Required fields are marked *