First 50 Hours

Working as a Cloud Development Intern at Old Dominion University for 50 hours has given me a clear view of how security testing and continuous integration intersect in a real-world environment. My main responsibility so far has been integrating OWASP ZAP (Dynamic Application Security Testing) into the GitLab CI/CD pipeline. Through this work, I have learned to experiment safely in a forked copy without disrupting production, to troubleshoot pipeline issues more confidently, and to read logs closely to find the actual point of failure. I originally expected to be working directly in AWS CodePipeline and CodeBuild, but focusing on GitLab CI/CD first has given me a strong foundation in pipeline design and security scanning.

The value of developing both technical skills and professional habits has been the most important lesson so far. On the technical side, I strengthened my YAML syntax skills for GitLab CI, learned how GitLab runners function behind a VPN, explored Content Security Policy headers, and began to understand dependencies and their security implications. I also practiced researching vulnerabilities, deciding whether findings are relevant in context, and planning next steps for remediation (though remediation has been less of a concern, since I work in a forked repo. I usually ask my supervisor if a particular issue is something that needs to be prioritized/escalated). On the professional side, I have started to build habits such as preparing daily DSU updates and reaching out for guidance when needed, though I know I need to do this more consistently to resolve issues faster.

In addition to pipeline work, these first weeks have changed how I understand cloud development and DevSecOps. Even without deep AWS exposure yet, I am starting to see how teams protect production code, stage changes safely, and manage dependencies responsibly. Practices such as working in branches before committing to development or main are new to me but are quickly becoming part of my workflow. My work has not yet delivered direct business value or produced documentation for others, but it has set the groundwork for eventually integrating OWASP ZAP scanning into the main pipeline with fewer false positives and clearer reporting.

Overall, the first 50 hours have given me a solid platform to build on. They have improved my technical confidence, research skills, and understanding of secure CI/CD practices. For my next 50 hours, I plan to ask for more supervisor guidance, gain hands-on practice with AWS services, and begin producing documentation for the OWASP ZAP integration process. I am also studying for the AWS Solutions Architect Associate certification on the side, which should complement my internship work and help me deliver greater value as the internship progresses.