When trying to find a suitable internship for my degree plan, I realized that my current job would be perfect and touches on several aspects of my degree path of cybersecurity. So, I spoke to my boss and was approved to begin the internship within my company of Apex systems.

 Apex systems is a sub-contractor group through a bigger company Leidos or the 1901 group. The 1901 group hold the current contract with the entire navy to be able to help handle any IT issues they may have and be able to provide a 24/7 service desk for them.  Apex systems is a technological services company that helps and facilitates business through many different companies worldwide and provide a variety of services to help with any technology needs. In this current job, Apex helps the 1901 group meet the demands of their contract by filling positions needed within their service desk for any possible software or hardware issues the navy may have. There are field technicians that are responsible for going out on location to wherever they may be needed to help resolve an issue, but the section I work in deals more with remote assistance and software troubleshooting. For both sections of the service desk, apex and other sub-contractor groups help to fill the roles for the 1901 group to ensure the needs on the contract are met. My current position is as a helpdesk technician. Although I work within the Virginia location, we have helpdesk locations located in San Diego, California and in Boise, Idaho. This is to help ensure we can encompass all of the navy’s issues with software and/or hardware without having the network connections be an issue if having to troubleshoot remotely. It wouldn’t be very efficient to just have one service desk location on the east coast to try resolving issues all across the nation. The servers and network in that location would be overworked and could potentially lead to a crash, which would then leave the navy without assistance with their issues, so having multiple sites helps to add security and redundancy.

When I was first going through the hiring process of working for Apex, I had to apply for my secret clearance and fill out several forms for a background check in addition to the clearance. In applying for the clearance, I had to do an interview with an agent to clarify any questions they had in concern with my application for the job as well as if I was a good fit for obtaining a secret clearance. Once I passed the initial background check and the secret clearance interview, I then had to obtain my common access card or CAC (Appendix A)to be able to be identified when I would go on base and to also be able to access any computers I have to use. Once all of the paperwork was done and I had the proper cards, that’s when we began training. The first two weeks were from home due to Covid-19 precautions at the time. During the first two weeks we covered the basis of information security as well as going through the basics of what we will deal with day to day. We also were able to hear practice calls and see some of the software applications that we would be using eventually to assist us in our new positions. After the first two weeks, we then had roughly a month of training before we started taking actual calls and assisting any navy employees with their issues. This month consisted of watching and being quizzed on computer based training modules, becoming more proficient with the different software and their different tabs and sections, and also attending in person training classes that dove deeper into the types of issues we would encounter and how to properly troubleshoot them and document in our tickets. Within the last week of our month-long training, we were moved to “shadow” veteran helpdesk technicians to see how they handle calls and structure their tickets and at the end of the week, we were actively taking the calls while the veteran techs were nearby taking notes. Once we would finish calls, they would give us evaluations on what was done well and what could have been improved on and if someone is really stuck, the tech will help while on the call to ensure the issue is handled properly. Once that was done, we transitioned into more on the job training which essentially meant we were ready to take calls and knew how to troubleshoot, but if anything came along, we were unsure of or stuck on, we had training guides and reference links to consult in order to help handle the calls.

When I started this job/ internship I had 3 major goals which were to further my knowledge and experience in the field of cybersecurity and having more hands-on experience with things such as scope of practice and chain of command in the workplace, to apply the knowledge I have already obtained to help navigate and complete my daily duties, and how to be able to handle unclassified and classified information as well as troubleshooting calls in the proper way. This was my first step into the cybersecurity world and my first IT job so My goal within the internship is to touch on all of these or at least one and be able to get more insight into the world of cybersecurity and information security. Once I got out of training and started getting more and more comfortable in the position, I started to be able to fall into the motions of thing and I started to gain confidence in what I was doing. I was becoming more and more of an essential gear in the service desk that keeps the navy IT infrastructure running. Since I’ve started this position, I have become more and more aware of the security implementation’s that are around and not just with what we help fix or troubleshoot for the customers. When I took the job, I assumed it was just an entry-level job that could help me gain experience in the workplace, but as I have furthered my degree path and gained more experience in this job, I have begun to notice the various levels of protection and close relation with cybersecurity and information security that this job has. Before I even started in the job, I had to obtain the security clearance which by itself displays what kind of security the company aims to keep, but I also had to obtain the common access card as well as an RFID badge. The common access card or CAC is a physical form of authentication used to not only get onto the base but allow access to any machine or computer with a card reader that I have permission to access. The RFID badge is the card that is used to gain entry into any door that has the badge read outside. The badges are coded separately depending on permission of each individuals’ duties so no one person can try to gain access to a space that there are not authorized to do so. Aside from the security that we have as individuals that we must uphold, there is also cameras outside any room that requires a badge to be scanned so anyone trying to badge into the area can be visually identified and it can be logged if they had a successful or unsuccessful attempt to access that area. Once in the appropriate area of my workplace, I use my CAC to log into the machine, and then there are passwords needed to access my service desk account and any of the applications we sue for troubleshooting. Any intranet websites we use also require additional authentication by selecting appropriate certificates listed on your CAC in order to authenticate.  In my previous job, I worked in the hospital setting and I am not unfamiliar to a level of security that may require badge scanning, but the requiring more than one badge for security access to different locations and devices as well as multiple cameras and passwords and certificates is a little different than what I was used to. I can say that even though the extra layers of security are more time consuming and have strict requirements, they definitely are warranted due working on a naval base and possible sensitive or classified information we deal with.

The structure of our workspace is a wide office space with at least a hundred different computers and desks for service desk technicians. Each desk is up to 6 feet from the desk adjacent to it and the desks across from each other are separated by a divider. This helps to not only ensure that the covid protocols that were in place were being followed correctly, but to also ensure that no personal or private information for any customers was being shared or noticed by a possible nosey coworker. There are a couple different sections within the main part of the service desk which includes the supervisor desks, regular unclassified, NNPI unclassified, and the OST section. The supervisor desks are scattered throughout the office space to ensure there is a supervisor readily available throughout the workplace. The unclassified NNPI (navy nuclear propulsion Information) is kept in a separate section from the regular unclassified because they require specialized ports for connection to the network in order to assist the specific NNPI customers. The majority of the space is regular unclassified desks and then halfway through the office is the OST section. OST is responsible for mass outages for power and auditing tickets and trends in any issues as well as possible resolves for ongoing issues they are already aware of. They are located in the middle of the office so everyone can easily locate them if they need to speak to them. In addition to the unclassified section, we have separate office space designated specifically for classified calls and issues. It is kept in a separate room and office space and you have to have not only a new RFID badge to gain access, but you have a separate set of access card used to gain access to your classified machine within the classified workspace. At each desk in the classified office, you have two computers you can use for calls and issues, one is unclassified and the other is used for classified calls and tickets.  In the back of the classified room there is an office for the supervisor specific to the classified section as well. In addition to the new cards and permissions you need to access the classified room, there is absolutely no electronic devices allowed into the classified space. This to ensure there is no spillage of information and/or any malicious devices brought in and plugged into the network to wreak havoc. To further ensure everything is secure, there is an alarm if an electronic device is noticed within the classified room and there is a safe combination lock on the entry way door as well in case the badge reader does not work. In a normal workspace, the amount of security I have listed may sound over the edge or extreme but being on a naval base, the information and people we are assisting are important and could potentially be highly sensitive information with our military and our government so it is crucial that everything is secured in the best possible way.

Security in the workplace not only falls to making sure the rooms and machines are secure, but ensuring the employees understand their roles and what is expected of them. To help with this, supervisors enforce firm guidelines and rules across the service desk and when they are unavailable, the tech leads assist. The tech leads are a step up from the service desk technician position but not positions of managerial responsibility. They help to ensure techs are following the proper updates and notices for any new issues or new resolution guides for ongoing issues. They also help to pass on any information that has been delegated by the supervisors. In addition, the tech leads tend to have more experience on the service desk, so they are available to answer questions when someone may be stuck or unsure. Tech leads are also responsible for the initial onboarding and training of new hires to make sure they are being trained appropriately. If the tech lead notices an issue with an employee or they have an issue with a tech, then they can make that known to the supervisors and they will handle it accordingly.

 The supervisors, also known as service desk managers, have a variety of duties. They help to delegate and enforce any dress code attendance/breaks policies any other new implementations that have been set in place by the different contracting groups. They also keep track of each employee’s certification status and their training as well. To work on the service desk, you must possess one of their preferred COMPTIA computer certifications and they make sure that each employee had a valid certification an alert them when it is close to expiring. They also track employee attendance to make sure they are following what their scheduled time. The service desk managers are in constant contact with workforce management, which is the section of the company that is in charge of the billing system for hours that are worked and when employees have been late or absent. Any time someone is late or absent, they alert the manager and then that is logged in a spreadsheet and after a specific number of issues, then the employees on the log that are flagged will be pulled aside and coached and advised on fixing their attendance or it could eventually lead to termination. In addition to attendance, the supervisors do address any issues in regards to security as well. For example, if an individual was not paying attention and they plug their phone charger into a workplace asset or computer, it will not only lock that employee account, but the supervisor will be alerted and then they have to go through a process for unlocking the machine and the employee’s account. The employee will also have to attend a training session in regards to security in the workplace to ensure they don’t make the same mistake again. The supervisors do a good job of enforcing the policy changes and any urgent updates when they occur because they tend to email out the notices as soon as they find out themselves, but I have noticed over time that when it comes to attendance, they are not as enforcing as they could be. It is understandable, given there are hundreds of employees at the service desk and the turnover rate is very high, it is a lot of names and accounts to keep track of and a lot of data to go through. I would suggest the number of supervisors could possibly be increased to help to balance the load of employees being supervised and assisted, that way attendance, policy changes, and security issues can all be handled properly without any one being missed and the current supervisors are not overworked either. To ensure the management ae not overworked also aids in enhancing security because if the mangers are overworked, they will be preoccupied potentially and could miss security issues or be unaware of issues due to being swarmed with paperwork and logs. Aside from that, I believe the infrastructure of the service desk is fairly solid and it keeps running as smoothly as it can with the turnover rate and steady flow of work and calls.

There is a lot of different aspects and duties that go into the daily duties of working as a helpdesk technician. I have already explained part of the physical security that is required for the job. Once we use our CAC to access our account, we then use passwords and RFID badges to access the applications and software that is required to help troubleshoot for the customers. Three of the main programs we use are SM notepad, Service manager, and multitool (Appendix B). Sm notepad is a notepad to which we document every step of troubleshooting for every call.  The program helps to log and document on every call we receive, and it saves it automatically so if the program was to crash, then it can be reopened and pick back up where it stopped. The service manager is a website where we create and submit a ticket for every call we receive. It also provides us access to previous tickets that have been created for the customers in the past as well as an extensive reference library on how to best troubleshoot the most common issues. The other main application we use is called Multitool. This is our pride and joy on the service desk. It is a compilation of scripts and commands used through PowerShell. Once we can make a remote tunnel connection to a customer’s machine, we can then run any of this command to help resolve some of the more common issues the customer may be facing. The multitool has several scripts that can be ran from simply restarting the machine or controlling the mouse on the customer computer to even helping rebuild files or programs on their machine if there are issues. Once I am logged into my sites and applications we use, then I can begin my day with troubleshooting and assisting customers with their issues and questions. When I started out as a regular unclassified helpdesk technician, a lot of the calls we would get consisted of a few common issues which were, outlook email issues, Microsoft teams issues, and account (PIV) alignments.

The outlook email issues tend to be that a customer is having issues with either sending or receiving emails that were encrypted or that need to be digitally signed. Each employee of the navy has certificates assigned to them for authentication, signature, and if necessary, encryption which is coded to their CAC. This outlook issue is typically due to the customer receiving a new common access card and the certificates that have been assigned to them for digitally singing their emails and encrypting their emails are new as well. Their machine has a log of what their old certificates were and also sees what the new ones are, and it causes an error in the outlook program to which it does not know which cert to use in order to validate and send the emails. To resolve this, we remote into the machine with the cx permission and then remove the old and new certificates from the internet options application. This changes what the machine has logged for what certs the customer has available, then we have the customer remove and then reinsert their CA into their computer. Once they do that, it helps to refresh and sync only the most current certificates on the customer account. Once we do this, we finish by making sure those certificates are published to the address list for outlook email. This helps to ensure the customer information is synced so that they can be automatically validated and authenticated when they need to either send encrypted emails or digitally sign an email. This is a very quick and common issue but is one that is quite important for the customers. If they are unable to encrypt and sign their emails, it leaves a big gap in the security and possible integrity of the data and information they are sending through outlook.

 With Microsoft teams, customers typically run into an issue with not being able to log into the application. The Teams software can be difficult on navy machines, and I am not sure if it is due to the security software on their computers, but users run into issues where they are unable to log into the application or access certain parts of the program. To assist the customers with this, we remote into their computers and make sure they are connected to the network properly and have them try to reopen the application. If they still have issues logging in or accessing parts of the application, then we go through the process of uninstalling the software and then go through with reinstalling the program on their machines. Usually in combination with reinstalling the software, we also rename the old install files so that there is no conflict when the new files are downloaded. Once the process is complete, we have the customer’s log back in with the correct email address and typically that resolves the issue. Most departments use Microsoft teams in some way so even though the program being down may not be a security issue, but it can cause a work stoppage or delay when they are unable to communicate with their coworkers so being able to solve this issue quickly is preferred. We actually do have a script in our multitool software that helps to automate this process but it does not always rename all of the old files which can cause issues in the reinstall so I prefer to do the steps manually since it doesn’t take much more time and I can confirm things are done in the correct way.

 The other most common issue would be PIV alignments and/or account enabling. PIV or personal identification vector is the number that identifies the customer in the system and allows them to access their machine. This number is then listed and coded to their CAC so when they go to log into the computers, it matches and grants access. When customers get new cards, sometimes the PIV has not been updated so the machine sees a number in the system that does not match what is on the customer card which will prevent the customer access to their account to do anything they need to do.  In order to assist with anything account related such as the PIV alignment, we have to be able to authenticate the customer is who they say they are. We have a few ways to do so and the primary way we do this is each customer has the ability to set a 4-digit secret pin used solely for authentication. If they have this set up, then we ask them to recite the pin for us and we verify in their account if it matches or not.  Another way we can authenticate the customer is if they have a supervisor or a coworker that has a pin set up who will verify for them. As long as their proxy gives the correct pin, then they are now authenticated, and we move forward with their account adjustments. The only other way we can authenticate the customer is sending encrypted emails to them and have them reply with a one-time pin. Once we receive the pin email, we then ask the customer to recite the pin they sent so we can fully authenticate them. Once the customer is authenticated through one of these ways, we then have the customer look on their machine and read off what their account number is and we pull them up in our directory and adjust the number in the system so that is updated and it matches. This is a huge security aspect of the job because we have to always make sure the customer is who they say they are before doing anything account related. If any adjustments are made and it’s the wrong customer, then it could, lead to a potential security violation or the wrong person could gain access to an account they shouldn’t. When enabling or disabling an account, the same methods of authentication are completed first before any adjustments, the only difference is that the person calling to enable or disable an account has to be a specific supervisor titled as an ISSM. In order to determine if someone is an ISSM, we have a raw document updated often that shows the current listings of all ISSM/ISSO for the entire navy.  This is part of our policy and no one other than ISSM can enable or disable an account. This is another aspect of security because if someone calls to enable or disable an account and they are not verified as an ISSM, then that is a security violation because an account would have been enabled or disabled without proper authorization. If all has been authenticated correctly and all account adjustments have been made, the adjustments typically show within the next few hours depending on how far the customer is from our location. The more servers it has to replicate across, the longer it can take. Recently I have been moved to the NNPI section, we do handle a lot of the same calls just with the added queues for calls for mobile phones too. Mobile phone issues also require authentication for any type of adjustments that need to be made in the account. NNPI users also have separate email accounts used for their NNPI data and they have to be authenticated before any adjustments can be made in their account as well per their security policy. Any situation to where there could be potential spillage or a customer account has to be adjusted permanently, there is authentication so that all parties are identified and there is clear documentation of consent and validation of proper credentials.  I have not worked in the department long, but I have briefly received training for classified calls and machines. One of the biggest adjustments is that when working in the classified section, I have access to both an unclassified machine and a classified machine. The calls for classified machines are generally the same types of issues, the difference in the troubleshooting is that we no longer have access to our multitool software, and we are unable to ask for a cx IP address over the phone. Sometimes to help with troubleshooting, sometimes we need the customer IP to help identify what the issues may be but being that the machines are classified, we do not want to list the IP verbally over the phone. Instead, if the IP Is truly needed for troubleshooting or documentation, then it must be sent to us through encrypted email to prevent anyone trying to intercept the information. Multitool is no longer available for use because it requires a remote connection to the machine, but due to security policy and the machine being classified, we are unable to do so. That would leave a huge gap in security if remote connections could be made to the classified machines and potentially could leave a backdoor to an agitated worker or outside attacker to cause problems. When handling classified issues, another difference is that an unclassified ticket as well as a classified ticket are created for each classified call. This is to ensure everything is documented properly and to help keep information clearly communicated on the unclassified side as well for the customer’s account in case they encounter issues again later and must call back. templates and autogenerated parts of our tickets in service manager are also not available. Most things that are automated are disabled when doing classified calls and tickets. This is to prevent any issues and possible information from tickets being copied or put in the wrong place. This helps to prevent spillage as best as possible.

               With working on the service desk, I confidently feel not only have I gained experience and skills but I feel I have expanded on knowledge and skills I had previously before I started the position. In my previous job, I was used to providing customer service, but it was not at the rate as I do currently. I handle 40+ calls a day and calls can range from 5minutes to almost 2 hours at a time so it has helped me further my experience with customer service and call handling. It also has helped me to further my level of patience with difficult issues or calls. I am a patient person but dealing with difficult customers or difficult issues for multiple hours can be frustrating for all parties involved and this job has helped me strengthen my level of patience and being able to try and mediate calls that may be deemed difficult. I would say this internship has helped me build the skills of troubleshooting in general for it issues. I had not worked in the IT field before this position, so it helped me build the troubleshooting skills and put some of my textbook knowledge to work. In addition to the IT troubleshooting, I also think the position has helped me look more broadly at what issues are occurring within a machine. Sometimes a customer may call about the problem they are noticing but looking more broadly at what is occurring, I can tell something else is going on and can potentially resolve the issue they see and other issues as well. I took several classes with TCC and through ODU for my degree plan in regard to networking, security, information security and cybersecurity in general and this job has helped put a lot of this knowledge to work. In one way, I needed those classes to study for the certifications needed to even apply for the position, but also daily I can understand deeper levels of what issues are occurring for customers based of my networking knowledge. With the encryption issues in outlook and the certificates, that is interesting and something I understand very easily due to me studying the certificate authority validating or denying access. seeing the encryption methods is vastly different than studying the concepts. It is one thing to break down the encryption and cryptographic methods and formula and it’s another to see encrypted emails being sent and it happens within seconds. The education I have received thus far has helped me to understand a lot more of my job than I thought necessary and in turn it helps me to troubleshoot and complete the calls in a more efficient way. Before starting this as my internship, I was not focused on what levels of cybersecurity and information security were at play within my job, but as I have continued on, it has helped me be more aware that as technology progresses, security becomes a big part of most workplaces as well.

               I would say that within the 3 goals I had set for myself at the beginning of this, I have greatly surpassed what I had expected. I as able to learn the clear difference of unclassified and unclassified calls and I have been trained to handle both types of calls and issues. I have not only observed the application of information security and cybersecurity in my current workplace but since I have become more aware of it, I realize that I daily help to ensure the level of security is upheld simply by authenticating customer as well as using my proper badges to access only where I’m authorized. I have also been able to further my knowledge as well ass apply what I’ve learned along my degree path to ensure my daily duties are completed in the most efficient way. In addition, I was also able to learn more about what my clear scope of practice is and how the chain of command works and flows in my current workspace as well.

Since I have been in this position and been able to partake in this internship, I have learned a lot about cybersecurity and its real-world application and I have learned a lot about myself as well. I have become more confident in my communication skill and I also have been able to more thoroughly plan out the rest of my schooling and pursue a master’s degree and I have been able to come to the decision of pursuing a career in security analyst. I am appreciative of the internship helping me to become more cognizant of my surroundings and the security around me whether in the workplace or in everyday life. Even though moving forward my current position isn’t exactly where my career goals line up, I am thankful for the experience and the aid it has been in furthering my cybersecurity knowledge and helping me realize the path that should be on. I will continue my education and furthering my knowledge within cybersecurity because it is an ever-changing field.

Appendix

Appendix A- CAC(common access card)-

This an example of the card we use to enter base as well as access any assets in the workplace I have permission to access.

Appendix B- Service manager example

• This is an example of the software that we use daily to create tickets and research quick troubleshooting guides as well.

** Due to the sensitive nature of my job and the workplace, I could not provide actual photos of work or applications so I provided examples I located online.

Works cited

1. Overview. (n.d.). Retrieved August 1, 2022, from https://www.cac.mil/common-access-card/
2. HP Service manager. HP Service Manager Reviews, Demo & Pricing – 2022. (n.d.). Retrieved August 1, 2022, from https://www.softwareadvice.com/crm/hp-service-manager-profile/