Jadon White
July 25, 2025
HunaTek – Internship
Reflection Paper #1

My internship at HunaTek has been a pivotal next step in my cybersecurity journey. Over the past 50 hours, I’ve had the opportunity to build upon the skills I developed during my academic career and apply them in a professional environment where accuracy, policy, and security intersect. My initial focus has centered on Security Technical Implementation Guides (STIGs), the Risk Management Framework (RMF), and system enclave architecture. These areas have introduced me not only to the technical structure of systems but also to the federal cybersecurity standards and documentation processes that govern them.

A large portion of my time has been spent supporting the development of a system enclave. The enclave is a secure, segmented portion of the network designed to isolate sensitive systems and data. As part of this project, I’ve helped document firewall rules, identify potential access control requirements, and align security settings with STIG benchmarks. Working alongside engineers and senior analysts, I’ve developed a deeper understanding of enclave boundaries, the interactions between internal and external interfaces, and how system components are designed to operate securely within their own zones. Each meeting and technical session has expanded both my vocabulary and my practical understanding of network segmentation and defense.

One of the most rewarding aspects of this experience has been how hands-on it is. I’ve used tools like Nessus, SCAP Compliance Checker, and audit logs to validate system posture and compliance. While I studied STIGs in the classroom, seeing how they’re applied in practice has given me a new appreciation for the complexities of maintaining compliance — especially when operational needs must be balanced with security policies. I also began drafting documentation such as System Security Plans (SSPs) and network diagrams, all of which support the system’s eventual Authority to Operate (ATO). Understanding how RMF control families map to actual system behaviors has been eye-opening and crucial in helping me see how frameworks shape the entire security lifecycle.

Beyond the enclave work, I’ve taken steps to strengthen my understanding of RMF as a whole. Early in the internship, I was introduced to NIST Special Publications 800-37 and 800-53. From there, I worked through categorizing system risks, identifying assets, and determining which controls were inherited versus system-specific. This process introduced me to key concepts such as Common Control Providers (CCPs), varying Confidentiality-Integrity-Availability (CIA) priorities, and the importance of traceability between security controls and their corresponding artifacts. With consistent hands-on exposure, I’m beginning to see how RMF governs every stage — from design and implementation through authorization and continuous monitoring.

I’ve also spent time exploring the technical foundation of the systems at HunaTek. Since the organization operates in alignment with federal security compliance, I’ve become more familiar with FIPS 140-2 validation, DISA STIG enforcement, and routine patch management. I’ve assisted with tracking system updates, contributing to vulnerability scan summaries, and reviewing endpoint configurations for compliance. Additionally, I’ve learned how tools like Jira and ServiceNow help structure remediation workflows, highlighting how closely security and operations work together in real-world environments.

Looking back on these first 50 hours, I’m proud of the progress I’ve made. A year ago, I wouldn’t have felt confident navigating topics like RMF, enclave architecture, or STIG compliance. Now, I’m regularly engaging in those conversations and contributing to the work. This internship has helped eliminate the uncertainty I once felt around complex cybersecurity concepts. The abstract has become tangible, and the theoretical has become real. I’ve also grown professionally through interactions with cross-functional teams — including developers, auditors, and system engineers — which has helped me understand the broader context in which security decisions are made.

Overall, HunaTek has been an ideal learning environment for this stage of my career. It has exposed me to real-world cybersecurity challenges, especially those found outside the classroom or lab. I’ve learned that success in this field depends not just on technical knowledge but also on clear communication, meticulous planning, and thorough documentation. I’m excited to continue contributing to the system enclave project and to take these lessons with me as I move forward in my cybersecurity career.