Final Paper

Final Internship Paper: CYSE 368

Date: August 4, 2025

Student Name: Jadon White

Employer: HunaTek Government Solutions

Company: HunaTek

Internship Class: CYSE 368/Internship

Term: Summer 2025

Table of Contents

1. Introduction

2. Background on HunaTek

3. Initial Orientation and Training

4. Management Environment

5. Work Duties and Assignments

6. Application of Cybersecurity Skills and Knowledge

7. ODU Curriculum Connections

8. Outcomes and Objectives Review

9. Highlights of the Internship

10. Challenges Faced

11. Recommendations for Future Interns

12. Conclusion

1. Introduction

Choosing to intern at HunaTek Government Solutions was a pivotal step in my journey toward becoming a well-rounded cybersecurity professional. As a student of cybersecurity at Old Dominion University (ODU), I sought an opportunity that went beyond textbook theory—a place where I could see the complex world of information assurance, system hardening, and compliance in real time. HunaTek’s work with federal agencies and support of Department of Defense (DoD) contracts gave me a unique opportunity to immerse myself in a security-conscious environment governed by the Risk Management Framework (RMF), NIST SP 800-53, and DISA STIGs.

My goals entering this internship were threefold: first, to gain exposure to RMF practices and understand how the Authority to Operate (ATO) lifecycle is carried out; second, to work on technical documentation, system design, and compliance standards; and third, to improve communication and leadership skills within interdisciplinary teams. I wanted this experience to push me to grow not just technically but professionally, as I believe true cybersecurity maturity comes from balancing technical depth with organizational awareness.

From the very first day, I was challenged to think critically, manage multiple responsibilities, and engage with technical and policy documentation alike. Over the course of my internship, I developed a deeper understanding of enclave design, vulnerability management, patch deployment, database administration, documentation practices, and compliance processes. More importantly, I gained confidence in my ability to contribute in a professional setting and make an impact.

This paper outlines the journey I took during my internship, the challenges I encountered, the skills I strengthened, and the lessons I will carry with me as I continue to pursue a career in cybersecurity.

2. Background on HunaTek

HunaTek Government Solutions is a mission-focused organization specializing in providing innovative IT services, cybersecurity solutions, and systems engineering support to federal clients. Based in Herndon, Virginia, HunaTek operates under strict compliance requirements, particularly those relevant to the Department of Defense (DoD), which made it an ideal setting for learning about federal cybersecurity operations.

The company’s reputation for technical excellence and security compliance is rooted in its work with RMF, NIST standards, DISA STIGs, and its ability to support secure enclaves and systems designed for high-security environments. HunaTek is structured to support both government clients and private contracts, offering insight into the practical application of federal cybersecurity mandates in real-time operational contexts.

At HunaTek, I was surrounded by experienced professionals in system administration, cybersecurity governance, policy documentation, and IT operations. The supportive culture emphasized both learning and accountability, and I was treated not just as an intern but as a contributing team member. This environment helped me mature professionally and allowed me to align my academic experience with enterprise-level practices.

3. Initial Orientation and Training

My first few days at HunaTek were focused on onboarding and orientation. I was introduced to the systems, tools, and security protocols used by the organization. This included walkthroughs of internal documentation platforms, security clearance policies, project overviews, and introductions to key personnel. Orientation gave me the context I needed to understand the technical and policy landscape of the organization.

Early on, I was assigned to assist with a system enclave project—an isolated network designed to protect sensitive information. My role began with observing and gradually transitioned to contributing to firewall documentation, identifying security requirements, and applying STIG benchmarks. I received hands-on training with vulnerability scanning tools like Nessus and SCAP Compliance Checker, as well as guidance on interpreting audit logs and compliance reports.

The training process was gradual but comprehensive. I was encouraged to ask questions, shadow experienced staff, and slowly build confidence with key tools and procedures. My mentors took time to ensure I understood not just the “how,” but the “why” behind each security practice. These early weeks helped establish a strong foundation that I continued to build on throughout the internship.

4. Management Environment

One of the most impactful aspects of my internship was being immersed in a structured yet flexible management environment. HunaTek’s leadership operated with a strong sense of mission alignment, where every task and project was tied to client needs and federal compliance standards. While there was clear hierarchy and accountability, the culture also encouraged initiative and collaboration.

My direct supervisors fostered an open-door policy and were quick to offer feedback, guidance, and encouragement. I participated in regular check-ins, stand-up meetings, and project reviews. This not only kept me on track but also exposed me to the management workflows that govern IT and cybersecurity projects in a real-world setting.

Beyond technical work, I learned how tasks were prioritized, how resources were allocated, and how communication flowed between technical teams, project managers, and clients. I also observed how leadership navigated time-sensitive tasks, documentation reviews, and policy updates. As a result, I gained a better understanding of the importance of planning, coordination, and accountability in delivering secure, compliant systems.

5. Work Duties and Assignments

Throughout my internship, I was exposed to a wide range of technical and administrative responsibilities. I contributed to system enclave development, authored documentation such as System Security Plans (SSPs) and Standard Operating Procedures (SOPs), and participated in vulnerability assessments and patch management.

One of my primary duties was supporting the Risk Management Framework (RMF) lifecycle. This involved collecting and organizing evidence to support control implementation, mapping policies to technical configurations, and reviewing compliance with NIST SP 800-53. I became familiar with terms like control inheritance, control tailoring, and how to differentiate between system-specific and common controls.

I was also responsible for performing database backup tasks, validating system recovery procedures, and contributing to network diagramming efforts. Using tools like Nessus, SCAP Compliance Checker, and Microsoft Visio, I assisted in visualizing our environment’s architecture and highlighting trust boundaries, security perimeters, and communication flows.

Another major assignment was reviewing and improving technical documentation. I worked on updating configuration records, crafting recovery guides, and aligning operational workflows with federal compliance expectations. Each assignment helped sharpen my technical, organizational, and communication skills—whether I was troubleshooting, diagramming, or drafting a procedure for others to follow.

6. Application of Cybersecurity Skills and Knowledge

The HunaTek internship provided a fertile ground for me to apply and test the cybersecurity concepts I had studied in the classroom. Topics such as RMF, CIA triad, vulnerability management, STIG compliance, and incident response became more than academic vocabulary—they became daily conversations and actions in the workplace.

I was actively involved in applying Security Technical Implementation Guides (STIGs) to system components. I supported scan reviews using Nessus and interpreted output in SCAP format to validate our configurations. Understanding how STIGs map to specific system settings helped me see the full lifecycle of compliance—from policy to implementation, and eventually to documentation.

My academic background in system hardening, risk assessment, and security frameworks helped me quickly adapt to real-world challenges. I knew the theory behind risk prioritization, but seeing how vulnerabilities were triaged based on impact and exploitability gave me a stronger appreciation for operational risk management.

Additionally, I applied my knowledge of network segmentation and secure architecture when helping build and refine system enclave diagrams. Each connection and node had to be scrutinized from a security perspective. I drew from classroom exercises but expanded those ideas through practical problem-solving and mentorship from more experienced team members.

In short, the internship helped bridge the gap between theory and practice. It confirmed that the foundational knowledge I had built at ODU was relevant and valuable—and it helped me develop the confidence to apply that knowledge in a professional setting.

7. ODU Curriculum Connections

Many of the skills I utilized and strengthened during my internship were directly connected to what I learned through ODU’s cybersecurity curriculum. Courses like CYSE 200 (Introduction to Cybersecurity), CYSE 301 (Cybersecurity Techniques and Operations), CYSE 407 (Digital Forensics), and CYSE 368 (Internship) laid the groundwork for understanding cybersecurity principles, tools, and best practices.

For example, my experience with vulnerability assessments and patch management reflected the hands-on labs and projects we completed in CYSE 301. That course introduced tools like Nessus and helped me understand how to interpret and act on vulnerability data. During my internship, I took that skill further by communicating scan results to stakeholders and confirming remediation steps.

In CYSE 407, we focused on forensic analysis, which emphasized the importance of chain of custody and integrity of evidence. That helped guide how I approached documentation during my internship—recognizing that every artifact must be accurate, reproducible, and auditable. Whether drafting SOPs or assembling the ATO package, I was careful to ensure every detail aligned with compliance expectations.

I also drew heavily from my understanding of system architecture, STIGs, and RMF documentation learned in CYSE 200. The frameworks and models introduced in class gave me a strong foundation to understand security categorizations, control families, and policy enforcement. At HunaTek, I applied those lessons when aligning SSP content with control requirements and verifying control inheritance models.

The alignment between coursework and my internship proved to me that ODU’s cybersecurity program is not only academically rigorous but also industry-relevant. I felt well-prepared to tackle the tasks assigned to me, and I look forward to building on this foundation in both future academic and professional roles.

8. Outcomes and Objectives Review

When I began my internship at HunaTek, I established several clear objectives: to deepen my understanding of the Risk Management Framework (RMF), to improve my technical documentation skills, and to strengthen my communication and leadership within a cybersecurity team. Reflecting now on my completed hours, I can confidently say that these objectives were not only met—they were exceeded.

In terms of RMF, I have gained real-world exposure to how the framework is implemented in a federal setting. I worked directly on Authorization to Operate (ATO) packages, drafted System Security Plans (SSPs), and supported the creation of control evidence. I now understand how RMF weaves through the lifecycle of a system, from categorization to continuous monitoring. This experience has provided clarity that academic case studies alone could not deliver.

My documentation skills have improved significantly. Through SOP writing, configuration records, and architectural diagramming, I learned how to write clearly, accurately, and in a way that aligns with both technical and compliance needs. I became more detail-oriented and aware of how documentation can support audits, investigations, and system recovery efforts.

Finally, I grew in my ability to communicate with technical and non-technical audiences. I regularly discussed findings with engineers, contributed to workflow diagrams, and asked questions in meetings without hesitation. These experiences made me more confident in articulating my thoughts and in working collaboratively toward shared goals.

Overall, the internship allowed me to demonstrate professional readiness. I not only gained technical experience but also grew personally in how I manage time, take initiative, and handle complex tasks with focus and composure.

9. Highlights of the Internship

Several moments stand out to me as highlights during my time at HunaTek. The first was contributing to the development and visualization of a secure system enclave. Seeing my name attached to diagrams, configuration files, and firewall rules that would be included in real compliance packages made me feel like an integral part of the team.

Another major highlight was supporting the drafting of System Security Plans (SSPs) and Standard Operating Procedures (SOPs). At first, these tasks were intimidating because of their importance and complexity. But over time, I developed a rhythm—interviewing stakeholders, reviewing policies, and aligning language to match control requirements. These deliverables became my way of contributing directly to the success of the project.

Participating in vulnerability assessments and recovery planning also gave me a real sense of responsibility. I wasn’t just checking boxes; I was helping ensure that systems were hardened, backups were validated, and risks were understood. Each time I discovered an issue, communicated it, and saw a resolution put in place, I felt empowered by the process.

Finally, a personal highlight was building professional relationships with team members across departments. From system engineers to compliance leads, I learned how to engage respectfully, seek feedback, and contribute meaningfully to shared goals. Those relationships made the experience even more rewarding.

10. Challenges Faced

No internship is without its challenges, and mine was no exception. One of the earliest challenges I faced was adjusting to the pace and expectations of a professional cybersecurity environment. Unlike school projects with defined deadlines and structured feedback, real-world work demanded constant communication, quick pivots, and the ability to manage multiple tasks simultaneously.

Another challenge was navigating unfamiliar documentation standards. Writing SOPs and SSPs required a level of precision and consistency that took time to develop. I had to revise my work frequently to match the tone, structure, and format required for federal submission. While this was frustrating at first, it helped sharpen my attention to detail and taught me the value of iteration and feedback.

Technical challenges also arose, especially when interpreting scan results or configuring compliance tools. In some cases, I had to troubleshoot issues that had no clear solution, forcing me to dig through documentation, consult with team members, or try different methods until something worked. These moments were difficult but also among the most educational.

Lastly, balancing technical accuracy with clear communication was an ongoing challenge. I wanted to ensure that my documentation was both technically correct and accessible to stakeholders who might not have a deep technical background. Achieving that balance required me to step outside my comfort zone and grow as a communicator.

11. Recommendations for Future Interns

For future interns at HunaTek or any organization with a focus on cybersecurity compliance, I have a few key recommendations that may enhance the experience and lead to greater growth.

First, be proactive in asking questions. No one expects you to know everything, but your willingness to learn and seek clarification speaks volumes. Whether it’s understanding a control family, asking about scan output, or confirming a documentation format—speak up. Your curiosity is your best asset.

Second, take detailed notes. The volume of information you’ll encounter—from meetings to manuals—can be overwhelming. Keeping a log of tasks, concepts, and terms will help reinforce learning and give you a reference point for future work.

Third, embrace documentation. Even if you prefer hands-on technical tasks, strong documentation is essential in cybersecurity—especially in federal environments. Learning to write clearly, structure policies, and maintain records will elevate your value to the team.

Fourth, build relationships. The best part of my internship was working with people who were willing to mentor, teach, and collaborate. Introduce yourself, attend meetings, and ask to shadow others when possible. These connections can be more impactful than any single project.

Lastly, stay organized. Prioritize your tasks, track deadlines, and stay on top of your assignments. Time management is key, and being dependable builds trust with your team. If you treat the internship like a real job, it will pay off like one.

12. Conclusion

My internship at HunaTek Government Solutions has been a transformative experience. It allowed me to grow from a student with theoretical knowledge into a capable contributor in a complex cybersecurity environment. I developed technical skills in system administration, vulnerability management, and compliance documentation, while also refining my communication, organization, and leadership abilities.

This internship gave me a front-row seat to the challenges and responsibilities of supporting secure federal systems. From the creation of secure enclaves and architectural diagrams to the authoring of SOPs and risk assessments, every task helped shape my understanding of what it means to work in cybersecurity at the enterprise level.

More than just a resume builder, this experience confirmed my passion for cybersecurity and clarified the kind of work I want to pursue in the future. I am thankful for the support, mentorship, and trust extended to me by the HunaTek team. I leave this internship not only more technically capable, but also more confident, disciplined, and driven to make a difference in the field of cybersecurity.