Reflection Paper 3:

FINAL REFLECTION PAPER

Old Dominion University

Department of Cybersecurity

Internship: T&T of Tidewater

Submitted by:

Kenneth Thomas

Course: CYSE 368 / Internship

Term: Spring 2026

Date: April 19, 2026

Employer: T&T of Tidewater

Instructor: Professor Teresa Duvall

Teaching Assistant: Joshua Russell

1. Introduction

The decision to pursue an internship at T&T of Tidewater was driven by my desire to apply academic / theoretical cybersecurity knowledge in a real-world professional environment. And I definitely got that chance. As a Cybersecurity student at Old Dominion University (ODU), coursework provided a strong theoretical foundation, but I recognized early on in my journey that practical, hands-on experience is what really bridges the gap between classroom learning and professional readiness. Within the tech industry hiring managers and tech professionals. Stress the need for practical hands-on experience. T&T of Tidewater, a tax preparation and financial services firm serving clients across the Hampton Roads area of Virginia, offered just that opportunity: the chance to protect sensitive client financial data in an industry where data security is not just a best practice but a legal mandate. The intersection of cybersecurity and the tax industry felt both challenging and deeply important, and that combination made this internship an easy choice.

Heading into this internship, I had a clear idea of what I wanted to get out of the experience based on my initial MOA. My first priority was moving past the textbook definitions of security audits and actually getting my hands on a live production system. It’s easy to talk about access reviews in a classroom, but it’s a completely different challenge when you’re responsible for the integrity of a real business network.

I also wanted to see how federal regulations, like the Gramm-Leach-Bliley Act and IRS mandates, actually work in the real world. In the tax industry, “compliance” isn’t just a buzzword, it’s a legal requirement that dictates every part of how you handle sensitive client data. Finally, I knew I needed to work on my communication. I wanted to get better at taking complex security concepts and turning them into clear policies or explanations that someone without a tech background could actually understand and follow. These goals really became the roadmap for everything I did at T&T of Tidewater.

T&T of Tidewater is a small but established tax preparation business operating in the Tidewater region of Virginia. The firm provides a range of financial services including individual and business tax preparation, bookkeeping, and financial consulting. Its clientele spans individual taxpayers, small business owners, and nonprofit organizations, making the volume and sensitivity of the data it handles substantial. The business relies on a combination of cloud-based platforms, including Microsoft 365, QuickBooks Online, Intuit tax software, and cloud storage solutions such as Google Drive and OneDrive, to manage day-to-day operations. Because its work involves collecting, storing, and transmitting highly sensitive client information, including Social Security numbers, income records, and banking details, cybersecurity is not an afterthought but a core operational concern.

My initial orientation began in the first week of the internship, during which I met with the organization’s leadership to understand the scope of my role and the firm’s current technology environment. I was given an overview of the software platforms in use, introduced to the firm’s existing (and truly informal) security practices, and walked through the kinds of client data the organization handles on a daily basis. My initial impression was that the firm was staffed by highly knowledgeable tax professionals who were genuinely committed to their clients, but who had not yet formalized many of their cybersecurity practices. This gave me an exciting opportunity. I had the chance to make a measurable and lasting impact during my internship by helping move the organization from reactive security habits to a more structured, proactive security posture. This opportunity was all the  motivation I needed from day one.

2. Management Environment

The management environment at T&T of Tidewater is exactly what you’d expect from a small professional services firm: the hierarchy is pretty flat, it’s highly collaborative, and things are driven more by personal accountability than by rigid formal structures. Unlike a massive corporation where a cybersecurity intern might just be a face in the crowd within a huge IT department, I was right in the middle of the firm’s daily operations. Reporting directly to leadership meant that my work was actually visible and valued. When I finished a project, it didn’t just sit in an inbox, it was acted on quickly, which was a huge motivator for me.

My supervision throughout the internship was consistent and very hands-on. I had regular check-ins with my supervisor, who was great at helping me see the “big picture” of how my technical security tasks fit into the firm’s overall business goals. Because we were dealing with real clients and their sensitive financial data, there was an underlying seriousness to everything we did. My supervisors didn’t sugarcoat things; the feedback was direct and practical. Instead of vague praise, they told me exactly why a certain task mattered and what a successful outcome looked like. That kind of “straight talk” really accelerated my professional growth because I always knew where I stood.

What I appreciated most was the emphasis on trust and initiative. I definitely wasn’t micromanaged. Instead, I was given projects with clear goals and then left to figure out the best approach, document my process, and come back with recommendations. This “supervised autonomy” was the perfect middle ground; it forced me to take ownership of my work, but I knew I could still ask for guidance if I hit a wall. It felt like a true preview of what it’s like to work in a small-to-midsize cybersecurity role after graduation, where you’re often expected to work independently while staying accountable to the boss.

The management style worked really well for me because there was almost zero organizational friction. In a huge company, a security proposal might take weeks to clear different departments, but here, decisions were made fast. If I identified a security gap and suggested a fix, we could usually start implementing it almost immediately. That gave my internship a sense of real-world impact. Every hour I put in felt like it was directly improving the security of a business that was working hard to protect its clients’ most private information.

3. Major Work Duties, Assignments, and Projects

My internship at T&T of Tidewater involved several major projects that touched on almost every part of the firm’s security. These assignments grew in complexity as I went along, starting with foundational access reviews and moving all the way up to drafting formal policy.

The first big project was a full security hardening and access review. Essentially, I had to dig through every platform the firm uses Microsoft 365, QuickBooks, Intuit tax software, Google Drive, and their various banking portals to see exactly who had access to what. I spent my time tracking down every active account, checking their permission levels, and making sure nobody had more access than they actually needed for their job. I also had to hunt for any old or redundant accounts that were still lingering in the system from past employees. It’s a huge deal for a business like this because over-privileged accounts are such an easy target for breaches. Even if someone doesn’t mean any harm, having too much access just creates unnecessary risk if their credentials ever get compromised. By going through every single access point methodically, I was able to help the firm really tighten up its security and shrink its overall attack surface.

My second project was rolling out Multi-Factor Authentication (MFA) across all the firm’s accounts, which is easily one of the most effective ways to harden a small business’s defenses. Everyone knows MFA is a basic security step, but actually setting it up in a professional environment involves a lot of balancing between technical settings and helping the team through the transition. In a small firm like this, you can’t just flip a switch; you have to consider how it affects the daily workflow of the staff who are trying to meet deadlines.

I had to go platform by platform everything from Microsoft 365 to our specialized tax software to enable authenticator-based verification. Instead of relying on less secure SMS codes, which can be intercepted through SIM-swapping, I pushed for the use of authenticator apps to provide a more robust out-of-band verification method. This required setting up secure account recovery options for each user to ensure that if a device was lost or replaced, the firm wouldn’t be locked out of its own critical data. I also spent a significant amount of time documenting the whole process, creating simple “how-to” guides so the staff knew exactly what to expect when they logged in.

The impact was immediate and measurable. We went from just relying on passwords which are way too easy for attackers to phish, guess, or find in old data breaches to having a second layer of defense that is significantly harder to crack. For a tax business, where credential theft is a top threat, this was a game-changer. It was a great example of how one well-executed change can basically wipe out the majority of our credential-based risks and provide peace of mind that a stolen password alone isn’t enough to compromise our clients’ sensitive information.

After finishing the MFA rollout, I shifted my focus to workstation hardening, which is essentially the process of securing the laptops and desktops the staff uses every day. Since these devices are where people check emails and log into tax software, they’re effectively the “front lines” of the firm’s defense. If a single workstation is left vulnerable, it can become an entry point for an attacker to move laterally through the entire network.

I went through the Windows configurations on each machine to make sure they were following a consistent, secure baseline. A huge part of this was applying the “principle of least privilege.” In many small businesses, it’s common for everyone to have administrative rights just for convenience, but that’s a major risk. If a user running as an admin accidentally clicks a malicious link, the malware gains those same high-level permissions to infect the system’s core files. By stripping back these rights and ensuring the team uses standard user accounts for daily tasks, I made it much harder for any automated threats to take hold.

I also worked on reducing the “attack surface” of each machine. Every piece of unnecessary software or “bloatware” is just another potential door for a hacker to walk through, so I cleared out any apps and background services the firm didn’t actually need. I also made sure remote access was locked down, specifically Remote Desktop Protocol (RDP) to ensure it was only accessible to authorized users through secure tunnels. Since workstations are usually “patient zero” for malware or ransomware hits, these steps turned the office computers from vulnerable entry points into hardened endpoints that are much more resilient against social engineering and common cyber attacks.

The biggest undertaking of the entire internship was putting together a Written Information Security Plan (WISP). In the tax world, this isn’t just a good idea it’s a strict legal requirement under IRS Publication 5293 and the Gramm-Leach-Bliley Act (GLBA). For a small firm, a WISP is the glue that holds all the technical security together, turning individual tools into a cohesive defensive strategy. I had to write a formal document that covered every possible angle of data protection, starting with a comprehensive risk assessment to identify exactly where sensitive client PII (Personally Identifiable Information) lived within the office and in the cloud.

The document had to be incredibly thorough, spanning administrative, technical, and physical safeguards. I drafted policies for everything from employee background checks and confidentiality agreements to the specific encryption standards and backup protocols we used for tax files. I even had to include physical security rules, like locking filing cabinets and “clean desk” policies, because in a tax office, a paper return left on a desk is just as much of a vulnerability as an unencrypted file. I also built out a detailed incident response plan so the firm would know exactly what to do in a “worst-case scenario” breach, which is a requirement that many small businesses often overlook until it’s too late.

Developing the WISP forced me to take all the hands-on technical work I’d done so far like the MFA rollout and workstation hardening and translate it into clear, professional policy language. It was definitely the most demanding project I worked on because it required a deep understanding of both cybersecurity best practices and federal law. However, it was also the most rewarding because it moved the firm beyond “ad-hoc” security and created a permanent, legally compliant roadmap that will protect the business and its clients for years to come.

Looking back, every one of these projects was essential. Tax firms handle some of the most sensitive data there is, and a leak could lead to identity theft or financial ruin for our clients. Beyond just the ethical side of things, the firm faces serious legal penalties if they don’t have these safeguards in place. I feel like my work didn’t just check a compliance box for an audit; it actually gave the firm a much more solid, resilient foundation that will protect them and their clients for years to come.

4. Cybersecurity Skills and Knowledge

Entering the internship, I brought a foundational set of cybersecurity skills developed through coursework at ODU. This included a working understanding of core concepts such as the CIA triad (confidentiality, integrity, and availability), identity and access management principles, network security fundamentals, and an introductory familiarity with security frameworks and compliance standards. I had also developed basic proficiency with tools and technologies commonly used in enterprise environments, like Microsoft 365 and its administrative features, and I had some exposure to the concepts underlying multi-factor authentication and endpoint hardening. Powershell also came in handy for automation of tasks. These pre-existing skills gave me the language and conceptual framework to understand my assignments from day one, even though the practical execution demanded new learning.

The skills I had to develop on the job were abundant and instructive. The first was a deeper, more practical understanding of identity and access management at the business level. In school, I learned the principles of access control in the abstract. At T&T of Tidewater, I had to apply those principles across a heterogeneous mix of platforms, each with its own administrative interface, permission model, and documentation requirements. Managing access across Microsoft 365, QuickBooks, Intuit, Google Drive, and banking portals simultaneously required me to think systematically about identity and develop a practical workflow for tracking and documenting account status across multiple systems.

I also had to develop proficiency in compliance-driven security work, which is a distinct discipline from purely technical cybersecurity. However, the implementation of compliance is highly technical. Before this internship, I had read about regulations like the GLBA and IRS data security requirements, but I had never had to actually apply them. Writing the WISP required me to read primary regulatory guidance carefully, understand what specific controls were legally mandated versus recommended best practices, and translate those requirements into policies that a small business could realistically implement and maintain. This was a new and challenging kind of thinking that pushed me well beyond my academic preparation.

My understanding of the subject matter changed substantially through this experience. Prior to the internship, I thought of cybersecurity primarily in terms of technical tools and configurations, firewalls, antivirus, MFA settings. After working at T&T of Tidewater, I understand that the technical layer is only one component of a complete security program. Policy, documentation, employee awareness, physical security, and regulatory compliance are equally important. A technically perfect MFA configuration means little if employees share passwords or leave sensitive documents on their desks. This holistic perspective is one of the most valuable things I gained from the internship.

5. How the ODU Curriculum Prepared Me for the Internship

Old Dominion University’s cybersecurity curriculum provided a genuinely strong foundation for my internship work, though the translation from academic preparation to professional application was not always seamless. The connections between classroom learning and practical work were most clear in areas where the curriculum had emphasized conceptual depth: understanding why certain security controls exist, what threats they are designed to mitigate, and how they fit into a broader security architecture. Those conceptual frameworks made it possible for me to approach new tasks logically even when the specific tools or platforms were unfamiliar.

My coursework in network security and systems administration gave me the background to understand workstation hardening. Concepts like the principle of least privilege, attack surface reduction, and secure configuration baselines are exactly what workstation hardening implements in practice, and having studied those ideas made the hands-on work intuitive. Similarly, my exposure to identity and access management concepts in coursework directly informed my approach to the access review project. I understood why unnecessary privileges are dangerous, how role-based access control should be implemented, and what a well-documented account inventory should look like, all because those ideas had been covered in class.

My coursework on security policies and governance, while perhaps less immediately exciting as a subject than technical security, proved remarkably relevant during the WISP development project. The basic structure of security policy documents, the relationship between technical controls and administrative safeguards, and the importance of incident response planning were all topics I had encountered in class. That foundation made it much easier to understand what the IRS WISP guidance was asking for and how to structure a document that met those requirements.

There were also areas where the curriculum had not fully prepared me and where I encountered genuinely new concepts and skills. The most significant of these was working within the specific regulatory context of the tax industry. My coursework covered compliance frameworks at a general level but did not focus on industry-specific regulations like the IRS data security requirements or the particular obligations that the GLBA imposes on tax professionals. Learning to navigate those specific requirements on the job was challenging and required significant independent research. This experience reinforced the reality that professional cybersecurity work always involves industry-specific context that general academic preparation cannot fully anticipate.

Another area of new learning was the practical challenge of implementing security controls in an environment with real users who have existing workflows and habits. In school, security is often discussed in idealized terms where controls can simply be applied. In reality, enabling MFA means communicating with staff, managing account recovery scenarios, and balancing security improvements against disruption to daily operations. That human dimension of security implementation was not something I encountered in coursework but was central to my internship experience.

6. Internship Outcomes and Objectives

Reflecting on the three learning objectives I identified at the start of my internship, I can say with confidence that all three were substantially fulfilled through the work I completed at T&T of Tidewater, though the fulfillment took forms I did not always anticipate.

My first objective was to gain practical experience conducting security assessments and audits on live business systems. This objective was met comprehensively. The Security Hardening and Access Review that occupied the early weeks of my internship was exactly the kind of real-world security assessment I had hoped to experience. I audited accounts across multiple live platforms, documented current security states, identified vulnerabilities, and developed remediation plans. What I did not anticipate was how much this process would teach me about the complexity of identity management at even a small organizational scale. The sheer number of access points, each requiring individual attention and documentation, gave me a respect for the difficulty of access management that no classroom exercise had conveyed.

My second objective was to develop a working knowledge of compliance-driven security frameworks as they apply to sensitive data in a regulated industry. This objective was exceeded beyond my original expectations. Writing the WISP required me to engage directly with IRS guidance, GLBA requirements, and the specific security standards that govern tax professionals. I did not merely learn about these frameworks in the abstract; I applied them to produce a real policy document that the firm will use in its ongoing operations. That level of engagement with compliance-driven security work gave me a depth of understanding that reading about regulations in a textbook simply cannot provide. I now understand not just what compliance frameworks require but why they require it and how those requirements are implemented in practice.

My third objective was to improve my technical communication skills, including my ability to document security configurations and write formal policies. This objective was also fully met. Every project I completed required thorough documentation, and the WISP project demanded that I write formal, policy-level prose that would be read by both the firm’s leadership and, potentially, regulatory auditors. Learning to communicate security requirements clearly and professionally to a non-technical audience was a skill I had hoped to develop, and the internship provided abundant opportunities to do so. I left with a much stronger ability to translate technical security concepts into language that business stakeholders can understand and act upon.

7. Most Motivating and Exciting Aspects

The most motivating aspect of my internship was the tangible, immediate impact of my work. In academic settings, assignments are evaluated and returned, but their real-world consequences are largely theoretical. At T&T of Tidewater, every security improvement I implemented made a genuine difference to the safety of real client data. When I completed the MFA implementation and documented the before-and-after security states, the improvement was not a grade on a rubric but a measurable reduction in the organization’s vulnerability to credential theft. That sense of real impact was deeply motivating and reinforced my commitment to a career in cybersecurity.

I was also genuinely excited by the scope and variety of the work. The internship did not confine me to a single narrow task but asked me to engage with access management, endpoint hardening, compliance policy, and risk assessment, all within a relatively short period. That breadth allowed me to discover which areas of cybersecurity I find most engaging and which might align well with my long-term career interests. I found the policy and compliance work particularly interesting, which surprised me. Going in, I expected to be most excited by the hands-on technical tasks. Coming out, I have a genuine interest in the governance side of cybersecurity, the work of building and maintaining the frameworks that make technical controls coherent and sustainable.

The professional environment at T&T of Tidewater was also a source of motivation. The firm’s leadership took my work seriously, engaged with my findings thoughtfully, and expressed genuine appreciation for the contributions I made. Being treated as a professional rather than merely a student intern made me invest more fully in the quality of my work and helped me develop a sense of professional identity that I will carry forward into my career.

8. Most Discouraging Aspects

The most discouraging aspect of my internship was confronting the gap between security best practices and what is practically achievable in a small business environment. Throughout my academic training, I had absorbed a picture of security best practices that assumes adequate resources, technical support, and organizational capacity. At a small tax firm, reality is more constrained. Implementing every recommended control, maintaining ideal configurations across all platforms, and conducting regular security reviews on the frequency that best practices prescribe is difficult when the organization’s primary focus is serving its clients through a demanding tax season. Balancing ideal security with operational practicality is a real tension that I had not fully appreciated before this internship.

I also found it occasionally discouraging to encounter resistance, even gentle resistance, to security changes that I knew were necessary. Not everyone welcomes additional authentication steps or new procedural requirements, even when those requirements exist to protect them and their clients. Learning to advocate for security improvements in the face of practical pushback, without becoming dismissive of legitimate concerns about workflow disruption, was a skill I had to develop on the job. It is a genuinely difficult balance and one that I do not think I have fully mastered, though I am now far more aware of the interpersonal and organizational dimensions of security work than I was when I began.

Finally, I occasionally felt the limitation of working without a dedicated IT team or security department. As the sole cybersecurity intern at a small firm, I was often the most technically knowledgeable person in the room on security matters, which was both empowering and isolating. There was no senior cybersecurity professional to consult when I encountered a novel problem, and I had to rely heavily on independent research and my own judgment. While that independence was valuable for my professional development, there were moments when I would have greatly benefited from mentorship from an experienced security practitioner.

9. Most Challenging Aspects

The single most challenging aspect of my internship was developing the Written Information Security Plan. This project demanded a kind of thinking that was genuinely new to me: synthesizing regulatory requirements, organizational risk assessments, technical controls, and administrative policies into a single coherent document that was both legally compliant and practically implementable. The challenge was not any individual component of the WISP but the integration of all of them into a document that worked as a whole. Understanding how each control related to each risk, how each policy aligned with each regulatory requirement, and how to write all of it in language that non-technical readers could understand and act upon required sustained intellectual effort over several weeks.

Managing access across multiple heterogeneous platforms simultaneously was also technically challenging in ways I had not anticipated. Each platform had its own administrative interface, its own permission model, and its own documentation requirements. Developing a systematic workflow for tracking account status, privileges, and changes across all of them, without losing information or allowing gaps to persist, required careful organization and attention to detail. This challenge taught me practical skills in documentation and project management that are not always emphasized in academic cybersecurity training.

A more personal challenge was developing confidence in my own technical judgments when working without senior oversight. At several points during the internship, I had to make decisions about security configurations or policy language without being able to verify my approach with an experienced mentor. Learning to trust my own knowledge while remaining appropriately humble about the limits of my experience was an ongoing challenge throughout the internship, and I believe I am a more self-aware and competent professional for having navigated it.

10. Recommendations for Future Interns

Future interns at T&T of Tidewater, or at any similar small professional services firm, would benefit from several specific preparations before beginning the internship. First and most importantly, develop a working familiarity with compliance frameworks relevant to the tax industry before your first day. Read the IRS Publication 5293 (Data Security Resource Guide for Tax Professionals) and familiarize yourself with the broad requirements of the Gramm-Leach-Bliley Act. Understanding the regulatory context in which the firm operates will make every other aspect of your work more coherent and will allow you to contribute meaningfully from the very beginning.

Second, practice your documentation skills. Cybersecurity work in a professional setting is only as valuable as the records kept of what was done, when, and why. Query logging and logging in general is also very important Before beginning your internship, practice writing clear, concise technical documentation. Learn to write before-and-after security assessments, configuration change logs, and policy memos that a non-technical reader can understand. These skills are rarely emphasized in coursework but are central to professional effectiveness.

Third, develop your comfort with Microsoft 365 administration and other common business platforms. Much of the practical security work in small business environments involves administering and securing the platforms that businesses actually use. Familiarity with Microsoft 365’s security and compliance features, Google Workspace administration, and cloud storage access controls will allow you to contribute technical work immediately rather than spending the early weeks of your internship simply learning new interfaces.

Fourth, cultivate your interpersonal communication skills. Security improvements often require convincing stakeholders to change habits and adopt new workflows. The ability to explain why a security measure is necessary, listen to concerns, and find solutions that balance security with operational practicality is just as important as technical knowledge. Practice explaining technical concepts to non-technical friends or family members, and develop the patience to advocate for security without alienating the people whose cooperation you need.

Finally, come prepared to work independently. Small organizations do not have large IT departments or dedicated mentorship programs. You will need to be self-directed, resourceful, and comfortable conducting independent research when you encounter problems you have not seen before. Build your research habits before you arrive, and make a habit of thoroughly documenting your own reasoning so you can review and refine your approach over time.

11. Conclusion

My internship at T&T of Tidewater was one of the most formative professional experiences of my academic career. The core takeaway is one that sounds simple but has genuine depth: cybersecurity isn’t just a technical problem with a technical solution. It’s an organizational challenge that requires balancing technology, policy, human behavior, and regulatory compliance into a single, sustainable program. I learned that no individual control   no matter how well it’s set up   can replace a real security culture that is embedded in the firm’s daily habits, written into its policies, and understood by everyone who touches sensitive data. That shift in perspective is easily the most important thing I’m taking away from this experience.

This internship is going to change how I handle the rest of my time at ODU in some really concrete ways. I’m planning to seek out classes that dive deeper into cybersecurity governance, risk management, and compliance (GRC). Before this, I might have seen those areas as “boring” compared to the technical work, but now I recognize they are actually the backbone of professional effectiveness. I’ll be approaching my remaining coursework with a much more practical lens, always asking myself how these academic concepts actually translate into a real office setting and what the regulatory landscape looks like for the industries I might work in. There’s a real gap between “classroom” security and “professional” security, and I want to use my time left at ODU to narrow that gap as much as I can.

Looking further ahead, this experience has really cleared up my career goals. I went into this expecting to just confirm my interest in hands-on technical work, but I’m leaving with an even stronger interest in the governance and policy side of things. Roles in security management or program development appeal to me now in a way they didn’t before. I also developed a huge appreciation for working with small and medium-sized businesses. In a place like T&T of Tidewater, the impact of a single person is enormous and you can feel the results of your work immediately.

Being responsible for protecting real people’s sensitive financial data gave me a sense of purpose that you just can’t get from a lab assignment. Whether I end up in a technical role or move toward compliance and management, the foundation of practical knowledge I built here is going to shape my career for years to come. I’m not just finishing an internship; I’m starting my career with a much clearer understanding of what it actually means to be a cybersecurity professional.

Works Cited

Internal Revenue Service. “Data Security Resource Guide for Tax Professionals.” IRS Publication 5293, 2024.

Internal Revenue Service. “Written Information Security Plan (WISP) Guidance for Tax Professionals.” IRS.gov, 2023.

Federal Trade Commission. “Gramm-Leach-Bliley Act: Safeguards Rule.” 16 CFR Part 314, amended 2023.

National Institute of Standards and Technology (NIST). “Framework for Improving Critical Infrastructure Cybersecurity.” Version 1.1, 2018.

Microsoft Corporation. “Microsoft 365 Security and Compliance Documentation.” Microsoft Learn, 2024.

Intuit Inc. “Security Best Practices for Tax and Accounting Professionals.” Intuit ProConnect Resource Library, 2024.

Thomas, Kenneth. “Internship Reflection Paper 2: First 100 Hours.” ODU CYSE 368, Spring 2026.

Thomas, Kenneth. “Internship Reflection Paper 3: 150 Hours – Developing a Written Information Security Plan (WISP) for Tax Infrastructure.” ODU CYSE 368, Spring 2026.