My Cybersecurity Internship at Booz Allen
Initial Internship
Booz Allen Hamilton is a company founded in 1914 based around the idea that other companies could flourish if they got outside expert advice. As an advising company, they expanded to become one of the biggest contracting companies in America. Today, Booz Allen continues to provide expert advising, as well as selling products and experts out to companies in contracts to assist in taking care of other companies.
My mother worked with Booz Allen for over 12 years now and worked very closely with the United States Air Force. Her job was to buy and manage plane parts for top secret contracts and missions. This, however, is only one small aspect of Booz Allen. The biggest customer for Booz Allen is really just the entire DoD. They are consistently enlisting the help from Booz Allen, providing tons of job opportunities to all of Booz Allen. They cover everything, from insurance experts, auditors, and experts in consulting for any area of any job
Initially, I was very impressed. For a multi-billion-dollar company, their internship program feels incredibly inclusive and fleshed out for all potential interns, experienced or not. Considering the incredibly high pay, engaging material within the internship orientation alone, Booz Allen Hamilton has shown to be an incredibly impressive company, and even from the very beginning, I couldn’t have chosen a better internship.
The beginning of the internship was pretty rocky, however, this was their first time running the internship purely online, so some slack can be given. Initially the laptop that I was provided for work had to be completely updated and factory reset before it could turn on without a bluescreen, and I had a few issues with the smartcard and memory leak issues if it was on for too long. The internet only went out on Booz Allen’s side for 1 hour total, and this was due to an IP issue from a separate company bought to deal with IP assigning for the entire company. It was actually a funny learning experience for cyber security in getting hands on experience of the problems with using third-party companies to help out with managing your company. We had plenty of training and orientations in the very beginning, but then got straight to work.
Management
The management at Booz Allen was phenomenal. Not only were we assigned leaders who were experienced in the area that we were working in, we were able to apply for mentors that would be with us every step of the way to answer any questions or just be there to discuss problems or just to discuss the internship as a whole. My supervisor over the entire internship, or the group leader, was Julian Warchall and Fazzari Saverio. They were wonderful leaders and always encouraged us in the right direction, making sure to ask the hard questions exactly when they were needed, as to not slow us up, but to get is started working again after a major portion of our project was finished, or the editing was finished. My mentor was Kipp Malone who was another amazing person who just started working at Booz Allen not but a few years ago, and provided insight into the world of new Hires, and how to appeal to Principals of the company, as they would be the judges for the end of the internship, which I shall explain later. Jake Jordan was the principal champion, the person who resided above Julian and Saverio. His job was to select the final project idea for the internship. The overall management above those four people were just fine, as the internship was mostly hands off until the end after orientation.
The Internship
Right after the orientation, we got right to work. Our team was aligned to project ESCAPE, which stands for Electronics Supply Chain: Attaining Popular Equipment. Julian had assigned us our group task for project ESCAPE just after. The task was brainstorming for project escape. My team, Alyssa, Kaihil, and Roni began throwing down as many ideas as possible onto a Word document, and began separating out the possible from the impossible, and the good from the bad, but never deleting anything. Julian was always there to supervise on these brainstorming projects, but this would only be for a short time to make sure that we are on task and completing what we’re supposed to. He would step in sometimes to direct us in the right direction for brainstorming, but it wasn’t required much. After two days, we finalized our idea.
Our idea was to create a software tool that would analyze the risks in procuring electronics for the Department of Defense through machine learning. The way it would do this was through web scraping, we would have the program analyze keywords in the news about supply chain using hot word searches on Google. We would have it decide which news articles about that supply chain would have a positive or negative impact based off the words that were used within the news article. However, we quickly realized that using machine learning like this it would be incredibly difficult, especially since Ronnie with more custom to not using machine learning at all in programming. We just assumed that meant he wasn’t comfortable with it.
At that point we began brainstorming again, figuring out a new framework for our project. We did not change much, as all we did was change the basic idea of information capturing through machine learning to web scraping. Through looking up online databases about country data, we were able to figure out many different categories of risk through just searching up specific factors of data that we could then calculate into a one out of 10 grade using equations. We then had the task of setting specific weights for each risk, however, we decided to turn this into a feature. We set all the weights of the data points to average together to get the four main risk points: Security risk, political risk, economic risk, and production risk. It was quite entertaining to find that a lot of the problems that we were running into that we couldn’t develop ourselves, we turned into potential features for incoming clients, instead of hard coding it to block off these potentials in the first place.
At that point, the framework was essentially finished, we still had plenty of kinks to workout in it, but Ronnie would start to get to work on creating the software. This is where we began discussing and brainstorming about how the process is going to look for the user: Would this use a GUI or just be text-based? Will there be an auto complete? How will the data be shown to the user? What if there is more than one country related to a single category of risk? These are all the types of questions that we had for Roni as he was developing it, and Cahill was the major backbone in discussing options between Ronnie, the coder, and Aly and I, the data gatherers and framework developers. Because Kaihil had background in Roni’s programming language as well as plenty of knowledge about our framework, Kaihil was a healthy medium between the two backgrounds, and allowed for healthy communication.
Much of the work after this was built around finishing the software and smoothing the edges around the whole project. I wrote up much of the rough draft of the script that we would use when presenting, and Aly created the basic idea of what the PowerPoint will look like. You may be wondering what the presentation is. The whole point of the Summer Games internship at Booz Allen with to create a minimum viable product, or delivery of an idea of a product to be presented in front of judges who will judge how well the interns did the project. The work completed in the internship will determine whether you are offered a job, invited back to the internship next year, or recommended to again more experience. luckily, not many people proved to be such a problem that they weren’t even invited back next year. In fact, most people were actually offered jobs, about 40% last year.
The software itself was worked on by Roni mostly, but input was given by all members, no one person’s job was completed alone without input from the others. We created a software prototype and are very excited to know that this classifies as a Minimum Viable Product. We discuss this in the PowerPoint, and I have provided a reference work sample that shows the PowerPoint we did, as well as the actual pictures of the software:
This is SCRAPE, our tool that we finalized. It stands for Supply Chain Risk Assessment Program for Electronics. Those numbers you see on the screen are the actual calculated risk scores, ranging from one to ten. They are color coded to represent low risk, medium risk, and high risk. However, this is only one of the risk types, political risk. There are still three other risk types that are actually completed fully in the software. What you can also see on the screen is that GPU risks is selected. The full prototype of the software is able to use GPU, CPU, and ram calculations. The data is taking from those databases as mentioned before, where web scraping is used on predetermined websites. For example, the web scraper goes to worldbank.org and goes to the GDP of a specific country that is related to the part and takes that GDP and plugs it into the calculation to make it a one to 10 score. As you can see, Taiwan’s GDP is 9.79, compared to the USA’s GDP of 0.26. Because a higher GDP is typically better, the way this is calculated actually creates an inverse value, where a smaller GDP value is much worse. This means that Taiwan’s GDP is very low compared to the US GDP. The other values that you see or gathered the same exact way, do websites that provide an actual score that can be translated into a one to 10 score. We tried to make this as unbiased as possible, and though it may seem at certain points then allied country looks terrible compared to the US insert and values, all of this is pure data, and we have transferred everything to be a one to 10 value based off the number given. We do not use comparisons of values ever, and it is shown because if this were to be a biased piece of software, something we thought about, The US would not have such a bad political stability score compared to Taiwan.
Aly and I thought about most of the framework information mentioned in the previous paragraph. Even after the main brainstorming session was over, we constantly had extra brainstorming sessions about different aspects of the software. We also brainstorm about how to demonstrate the data, and how it can be turned into actionable data by the end user. It was my task to create a risk framework, and risk matrix sheet, to explain to the end user how the data can be utilized. However, we learn that because this is just a pitch project, this is something that will be extremely useful in the question section, but not in the actual presentation section. This is because of risk matrix sheet would be too much information for the judges to look at.
There really isn’t much more to talk about. The last 150 hours have mostly been spent working on the script and presentation. The software brainstorming was over in the first 50 hours, and the software was almost complete in the next 50 hours. The presentation is the thing that went through the most changes. We really focused on trying to condense our presentation so much, that it was essentially information liquid gold. Of course, we also tried to not overwhelm the judges with too much information. We actually just made our final official edit today, August 5th. Our presentation is officially on the 8th, just after this weekend. I hope we win the competition; I believe the work we did could possibly be the most thought out and of the highest quality out of the 36 groups. Not only do we have a Minimum Viable Product (MVP) in the form of computer software, but out of the four groups that we actually saw that had an MVP, ours was the most unique and well thought out of all of them, thanks to Roni for coding and the whole team for brainstorming. We also believe that our presentation is the perfect amount of being not too flashy, while also keeping the judges interested with plenty of graphics to explain the voice lines, and videos to spice up the presentation, without taking away from the information.