Cybersecurity Internship

This course allows students to volunteer to work in an agency related to cybersecurity. Students must volunteer for 50 hours per course credit and complete course assignments.

Course Material

On this page, you will want to include the following internship materials, explaining what you did and why so an outside audience would understand.

• Internship Journal
• Internship Evaluation
• Research/Summary Paper

Then provide on this page a reflection, responding to the questions below regarding your internship experience.

Internship Reflection #1 – An Interview with Steven Reece, IT Manager at FedWriters.

Interview with Steven Reece of FedWriters

Cybersecurity/IT Manager

February 5, 2026

Interviewed by Ian Burd

CYSE 368

Spring 2026

Professor Teresa Duvall

TA Joshua Russel

• Why did I choose to interview Steven? 

I chose to interview Steven Reece, the IT Manager at FedWriters, because he is the one who interviewed me for this internship position and played a key role in my transitioning into this internship. Since my interview, he has been in constant communication with me and ensured that I am ready for the internship, allowing me to feel more confident before the start. This was my first ever internship, and he understood that and made it easy for me to adjust to this new position. He offered me additional guidance and provided me with resources I could use to gain a basic understanding of Microsoft Azure and how we would be using it. He is always quick to answer any questions, he’s approachable, and he is the one I am working with during my internship. 

• How did you get into the Cyber/IT Field? How did you get into the position you now hold?

I moved into the cybersecurity field in my mid-twenties after starting my professional path as a project manager within a construction firm. Looking for opportunities for advancement, I went back to finish my degree in Cybersecurity. After graduating, I obtained a role as a systems administrator at a small organization in Leesburg, VA, where I directed initiatives to attain CMMC compliance to pursue DoD (now DoW) contracts. This position gave me valuable, hands-on experience as I rapidly built proficiency in Microsoft and Azure administrative platforms while ensuring the environment satisfied CMMC standards. Following several years, I connected with a larger organization looking for support with CMMC compliance and infrastructure oversight. This resulted in my current position as IT Manager at FWI.

• What would be the most important knowledge, skills, and abilities needed by someone in this field?

In this profession, success requires a combination of technical knowledge and real-world experience. A solid understanding of operating systems—particularly Microsoft and Azure—paired with familiarity with security and compliance frameworks like CMMC, serves as a core foundation. Strong analytical and problem-solving skills are necessary to resolve technical issues and apply compliance controls effectively. Project management skills, flexibility, and a commitment to ongoing learning are also vital, given the constantly changing nature of the cybersecurity field.

Communication and leadership abilities are just as important. The capacity to clearly explain complex concepts to both technical and non-technical audiences, along with the ability to lead teams and manage initiatives, plays a major role in maintaining security and compliance. Building professional networks within the industry can further offer valuable resources, guidance, and opportunities for career advancement.

• What are some of the ‘soft’ skills they have found to be most important in this job/position?

Some of the most critical soft skills I have developed in this role include effective communication and strong interpersonal skills. Clearly translating complex cybersecurity and compliance topics to peers and leadership without technical backgrounds is essential. Collaboration and teamwork are equally important, as partnering across departments and fostering relationships helps advance security and compliance efforts. Adaptability and a continuous learning mindset are also crucial due to the rapid pace of technological and regulatory change. In addition, problem-solving, time management, and organizational skills have been essential for managing multiple initiatives and consistently meeting deadlines.

• What technical skills have they found are the most important in this job/position?

Some of the most important technical skills in this position include a deep understanding of Microsoft and Azure environments, as these platforms are fundamental to systems administration and security control implementation. Experience with configuring, managing, and securing operating systems and networks is critical. In addition, familiarity with regulatory frameworks like CMMC and the ability to translate those requirements into practical IT and security measures are essential. Skills in troubleshooting, monitoring system performance, incident response, and managing backups and disaster recovery processes are also highly valuable.

• What would be good entry-level jobs for gaining experience to become a Cybersecurity/ IT Manager?

Strong entry-level positions for building experience toward an IT Manager role include IT Support Specialist, Help Desk Technician, and Systems Administrator. These jobs offer practical exposure to everyday technical operations, user support, and troubleshooting tasks.

Roles such as Network Administrator or Junior Security Analyst also provide valuable experience by introducing candidates to infrastructure management, security controls, and compliance processes. Beginning in these positions helps develop the technical foundation and problem-solving skills necessary to progress into more senior IT leadership roles.

• What qualities are you looking for regarding full-time employees at your organization?

When evaluating candidates for full-time roles within our organization, we seek individuals who exhibit strong technical aptitude and a desire to learn, particularly regarding emerging technologies and compliance standards such as CMMC. We value collaborative team members with strong communication skills who can work effectively across departments and clearly explain complex technical topics to non-technical staff.

Adaptability and a proactive problem-solving mindset are also critical, as our environment is dynamic and continuously changing. We look for employees who show initiative, manage their time effectively, and take ownership of their responsibilities and projects.

Additionally, for administrative roles, integrity is essential. Our team regularly works with sensitive information, so we prioritize candidates who demonstrate responsibility, trustworthiness, and ethical judgment.

• What I learned during my interview with Steven.

My interview with the IT Manager at FWI, Steven Reece, helped me learn a lot about the reality of getting into the Cybersecurity/IT field, and helped me decide what skills I need to develop or improve. Strong communication skills and interpersonalization is extremely important in most fields, but they are essential when working in IT. Being able to explain complex technical concepts to someone without a technical background is a crucial skill. Another soft skill to master is adaptability. The field of Cyber/IT is constantly changing, growing, and evolving. Being able to continuously learn and adapt to these changes is critical for success and to avoid burnout. On the more technical side, for a position similar to Steven’s role, knowledge of Microsoft and Azure is essential, as these platforms are essential to System Administrators and implementing security controls. Aside from these, skills in troubleshooting, incident response, and managing backups are also important. To break into the field, experience is necessary; however, cybersecurity is not an entry-level field by itself. Working as an IT specialist, a Sys Admin, or a Security Analyst is a good way to get experience and work your way up the career ladder. Cybersecurity professionals look for employees who are responsible, have integrity, and a willingness to learn in the ever-evolving field. Much of the information administrators or security professionals look at is confidential, so they need trustworthy and responsible employees to ensure that the information is not misused. I really enjoyed interviewing Steven, as he is very knowledgeable in his field and is passionate about what he does. He is a great person to work for, and I look forward to learning more about this field, as well as Microsoft Azure, as the internship continues. 

Internship Reflection Paper #2 – Second 50 Hours

Working as a Cybersecurity Intern has allowed me to expand my learning and get real-world experience. Over the course of my internship, I have learned a lot about Microsoft Azure, Power Automate, and setting up Host Pools and virtual machines. Gaining experience in the field of cybersecurity is extremely important when it comes to starting a career in cybersecurity or IT. I am very lucky to have gotten this opportunity, as many of the other internships I have applied to have all resulted in rejection or no responses at all. 

Over the course of the Internship at FedWriters, I have learned valuable, job-applicable skills in the field of cybersecurity or IT, especially on the side of Azure, CMMC, and Virtual Machines. This has allowed me to grow more confident in my abilities and feel like I have a fighting chance in this somewhat disastrous job market. 

Learning how to set up Host Pools and use Power Automate are the most important things I have learned so far. Setting up host pools, session hosts, Microsoft Entra ID, and Microsoft Intune have all been extremely important, as it allows me to design and start Virtual Machines when physical devices are unavailable. I learned which licences we would need, how to configure the VMs for security, including how to add MFA through Entra ID, and how to give administrator privileges to only a select group of people. Learning all of these things allowed me to create a secure, yet easy-to-start virtual machine that can host several users, if on-site locations are unavailable. 

Power Automate is another one of the more important things we have learned so far. Power Automate allows you to link to other Microsoft-related sites to it, such as Microsoft Forms and SharePoint. In one of our projects, we created an IT support form and connected it to a SharePoint list with the corresponding information. We then used Power Automate to send the data from the IT Support form to the SharePoint list. This included the answers to each question, any attachments provided, and who created the form and when.  When the support ticket was marked ‘in progress’, we used Power Automate to send an Email notification to the user who submitted the ticket to show it was in progress, and another Email to confirm it was complete once the status was marked ‘completed’. This made it significantly easier to track and update the ongoing IT support tickets and allowed us to see each ticket in an easy-to-read format. 

One of the challenges I’ve faced over the last 50 hours was figuring out how to get some of the information, mainly the attachments and status updates, to show up in the SharePoint list for the IT Support Ticket. This part of the project was difficult for me, as it was my first time using Power Automate and SharePoint. I originally tried to get the attachments the same way I did with the other questions, but it was not working properly. To fix this, I had to change the format of each attachment to .json, create a true/false condition, and then have it send the attachment to the SharePoint list. 

What I hope to learn next is more about Power Automate. From working with it, even on just a simple level, I can tell that it is an extremely powerful tool that has the potential to make tasks significantly easier, once you get the automation flow set up properly. I would also love to learn more about security compliance and how to ensure that FWI and anything I set up is CMMC Level-One certified. I have begun some past research on CMMC compliance, but have not gone through and made everything fully compliant just yet. 

Overall, this internship has been an amazing experience. The other interns I am working with are extremely kind, very helpful, and eager to learn, just as I am. Steven, the IT manager, is a great person to work for. He is always pushing me to work hard and learn more, yet he will always help out when I need it. I hope to have another internship opportunity with them in the future, or a job with them later down the line.

Internship Reflection Paper #3 – Third 50 Hours

Over the last 50 hours, during the internship, we have been focusing on 3 longer assignments.  One of the projects we were working on, involved creating a separate machine on an already configured and set up host pool, and turning that machine into a kiosk. We only wanted the Kiosk to allow access to one browser, only allowing interaction with that page, and the other pages linked to it. This assignment was, on the surface, very simple to set up. There was a device configuration rule in Microsoft intune, that used a template for a kiosk, which would supposedly make the whole setup take only a few minutes. However, something was not working properly on one end, or other. I had to go back and reconfigure the entire machine several times, change permissions, and rebuild configurations. None of these worked, despite trying and changing different settings one at a time to see if I could get it working, despite doing everything on the normal setup properly; something was stopping it from working. As an alternative to Intune’s template not working, I decided to try and create a PowerShell script within the VM itself, and use a task scheduler to run it on startup. I set the configurations, gave myself admin privileges and ran Task Scheduler as administrator and everything seemed to be working great. When I started up the machine next time to test, it wasn’t working. I tried to set up the Kiosk this way several more times, with no success. I asked Steven for help as well, considering how much trouble I was having, and after he had the same problems, we decided to try enforcing an app onto the VM through Intune’s device application configurations, to allow the Kiosk to be enforced that way. He and I worked on this for several hours, and eventually, the project had to be scrapped due to the amount of errors and headaches it was causing us. 

The next project I was assigned to do, was to create a policy in Microsoft Intune that required all devices within a specific dynamic group to install the Company Portal app. This application was extremely important to have in each VM, and it made syncing and ensuring that other Microsoft Intune configurations were working properly significantly easier. It acted as sort of a central hub for Intune information and configurations on FedWriters’ network.  To successfully set this up, I needed a deeper understanding of dynamic device groups inside of Intune, regarding how membership rules are defined based on certain device attributes. I needed a solid understanding of this, to ensure that only the intended devices were required to install the Company Portal app, not every device on the network. To do this, I logged into the Intune Admin Center, double-checked the devices that were members of the dynamic device group I was planning to use and reconfigured the application policy to ensure that the installation of the company portal was required, rather than optional or restricted. This project helped me to grow my understanding in policy management, application deployment and troubleshooting in an organization’s environment. 

One of the other main projects we focused on, was setting up a template baseline configuration for FedWriters network. While I am not allowed to specify what exactly was included in that configuration, it involved a lot of time and effort. My brother and I worked on creating this Baseline Configuration together. We met the expectations of the assignment and created a solid starting point, though in the end we had hardly scratched the surface when it came to creating a fully mature baseline configuration, due to the sheer amount of information and time it would take. We focused on providing detailed coverage of the most important information in regareds setting up a network, or rebuilding one in the case of a catastrophic event. There was still much that was left out, but his was done with the knowledge that things would be  modified as needed, when devices continued to be added and policies and configurations were consistently changing. This configuration ensures that the core elements of the network should be applied consistently, to ensure security and stability.  Getting this opportunity to be an intern at FedWriters was an overall amazing experience. I enjoyed every second of the work I did working as an intern, even if some of it was extremely challenging, time consuming and head-ache inducing. I have learned a lot about how cybersecurity information technology, and cloud infrastructure operates in real world organizations. It was a privilege to be given the opportunity, and I sincerely hope that I can continue to be a part of FedWriters someday, whether as an intern, or as a full time employee once career paths start to open up. Steven, as well as the other interns were all great to work with.