Jadon White
August 1, 2025
HunaTek \u2013 Internship
Reflection Paper #3<\/p>\n\n\n\n
During my third 50-hour reflection period at HunaTek, I was able to support our cybersecurity leadership more directly in advancing the Authorization process. This portion of my internship has marked a shift from hands-on scanning and enclave-focused technical tasks to more process-driven, documentation-heavy work. The timing couldn\u2019t be better\u2014I’ve developed enough technical understanding to see how policies and systems fit together, and now I\u2019m learning how to capture, structure, and validate that information for federal review.<\/p>\n\n\n\n
Lately, I\u2019ve been focused primarily on the Risk Management Framework (RMF) lifecycle. More specifically, I\u2019ve supported the team with writing System Security Plans (SSPs)<\/strong>, developing system architecture diagrams and relationship maps, and drafting Standard Operating Procedures (SOPs)<\/strong>. Central to all of this is documentation that describes not only how a system functions but also how its policies and controls are implemented. A key lesson I\u2019ve learned is that in cybersecurity, documentation isn\u2019t just a formality\u2014it\u2019s often the control itself. You can\u2019t hold systems accountable, implement controls, or perform audits without accurate documentation.<\/p>\n\n\n\n In creating these SOPs, I\u2019ve reviewed current and proposed documentation, interviewed system owners and technical contacts to gather information, and aligned procedures with the control families outlined in NIST SP 800-53<\/strong>. This work has deepened my understanding of implementation evidence<\/strong> and how to ensure that controls are traceable from policy down to the artifact. I\u2019ve learned to be critical not just of what a system does, but of how it works\u2014and how to prove that it aligns with required security baselines. There\u2019s a major difference between saying \u201cwe secure this port\u201d and being able to show the technical and procedural evidence that demonstrates it.<\/p>\n\n\n\n In addition to SOPs, I\u2019ve collaborated with the team to build system architecture diagrams<\/strong> for inclusion in the ATO submission package. These diagrams illustrate data flows, security perimeters, and trust boundaries between components. This was a natural next step for me, having already worked on enclave design, but now I\u2019m approaching it with a greater emphasis on formal accuracy and alignment with other documents. Translating real system configurations and interfaces into visual schematics that withstand external review has been eye-opening\u2014and has shown me how critical these visuals are as a single source of truth for audits and ongoing compliance.<\/p>\n\n\n\n Another key takeaway has been learning how control inheritance<\/strong> works. I\u2019ve begun tracking which controls are inherited from the hosting environment versus which are system-specific. This has broadened my understanding of layered security and reinforced how essential it is to collaborate with both infrastructure teams and policy stakeholders. Whether it\u2019s contributing to security categorizations or mapping narrative text to technical controls, I\u2019m starting to grasp RMF at a deeper, more practical level\u2014beyond just checking a box for compliance.<\/p>\n\n\n\n Looking back on these 50 hours, I can clearly see my transition from student to contributor. I\u2019m no longer just studying RMF\u2014I\u2019m applying it. I\u2019m not simply shadowing security analysts\u2014I\u2019m producing tangible deliverables that are moving our system closer to ATO. This internship has shown me that the behind-the-scenes work\u2014planning, documenting, reviewing, and validating\u2014is just as important as the technical defenses we implement.<\/p>\n\n\n\n Above all, this reflection period has made me realize that the strength of a cybersecurity program doesn\u2019t just come from tools or firewalls. It stems from repeatable processes, clear documentation, and structured roles. I now have a clearer understanding of how compliance frameworks shape real-world security practices\u2014especially in federal environments. I\u2019m proud of the contributions I\u2019ve made so far and even more excited for what lies ahead. The knowledge and experience I\u2019m gaining at HunaTek are not only preparing me for future roles, but also shaping me into a more disciplined and capable professional.<\/p>\n","protected":false},"excerpt":{"rendered":" Jadon WhiteAugust 1, 2025HunaTek \u2013 InternshipReflection Paper #3 During my third 50-hour reflection period at HunaTek, I was able to support our cybersecurity leadership more directly in advancing the Authorization process. This portion of my internship has marked a shift from hands-on scanning and enclave-focused technical tasks to more process-driven, documentation-heavy work. The timing couldn\u2019t… <\/p>\n