CYSE 368

Matthew Burd
CYSE 368 4/3/2026
Spring 2026
Professor: Teresa Duvall
TA: Joshua Russell
Employer: Steven Reece
FedWriters

My First Reflection was replaced with an interview, which I included my own reflection of.

In order to better relate the professional ideas offered to my own academic and career progress, I have presented my interview with reflective analysis, instead of typing the whole interview. This reflection-style method, as opposed to merely listing answers, enables a more thorough analysis of the interviewee’s experiences, abilities, and recommendations, as well as how they connect to actual demands in the IT and cybersecurity fields. I can show that I comprehend the subject, relate the coursework to my professional practice, and consider how these realizations affect my own career objectives and field readiness by carefully examining each response.

Student Reflection on Career Path into Cybersecurity

The non-linear introduction into the IT industry is exemplified by Steven Reece’s professional path in cybersecurity. Instead of starting out in technology, he saw the need for more long-term prospects and career advancement, so he moved from a construction project management position into cybersecurity. This supports the notion that, in addition to technical expertise, the field of cybersecurity rewards transferable abilities like planning, leadership, and organization. For students who might not have pursued a traditional path, his decision to return to school in his mid-twenties also shows that it is never too late to change course and pursue a career in information technology.

The most noteworthy aspect is how his job advancement was greatly aided by practical experience. Early in his career as a systems administrator, he led CMMC compliance initiatives, which exposed him to federal contracting standards and practical security frameworks. This implies that aggressively pursuing hard initiatives and responsibility can greatly hasten professional development. His advancement to the post of IT Manager demonstrates how technical proficiency, leadership, and compliance expertise may lead to more senior roles.

Analysis of Required Knowledge, Skills, and Abilities

The mixed character of contemporary cybersecurity roles is shown by Mr. Reece’s description of his knowledge, skills, and talents. It is obvious that technical understanding of operating systems and cloud platforms like Microsoft and Azure is fundamental. The capacity to comprehend and use compliance frameworks, such as CMMC, which connect technological and regulatory needs, is as crucial, though. This emphasizes the need for cybersecurity experts to think about policy, governance, and risk management in addition to technological setups. 

Furthermore, the focus on problem-solving and analytical thinking captures the unpredictability of a cybersecurity job. Professionals frequently have to weigh trade-offs between security, usability, and cost because problems rarely have a single obvious answer. The assumption that cybersecurity measures are frequently long-term, systematic activities rather than one-time technical fixes is further supported by the apparent recurrence of project management skills..

Reflection on the Importance of Soft Skills

Mr. Reece’s list of soft skills is very similar to what students in technical disciplines tend to neglect. Particularly, communication abilities seem to be equally as crucial as technical proficiency. Success in IT leadership jobs mostly relies on clarity and persuasion, not only technical correctness, as demonstrated by the necessity of explaining cybersecurity threats and compliance obligations to non-technical stakeholders.

The fact that cybersecurity cannot operate in a vacuum is reflected in the emphasis placed on teamwork and collaboration. To guarantee that policies are properly followed, IT teams must collaborate closely with management, legal departments, and end users. Given the speed at which laws and technology are changing, flexibility and a commitment to lifelong learning stand out as critical qualities. This supports the notion that cybersecurity is a dynamic field that requires lifelong learning.

Evaluation of Critical Technical Skills

The need of having solid system administration foundations is further supported by the technical skills discussed. A thorough understanding of the Microsoft and Azure platforms indicates that cloud computing is a necessary skill for IT workers. Organizational security is directly impacted by basic competences including operating system security, network management, backup implementation, and incident response.

The emphasis on CMMC compliance emphasizes even more how cybersecurity positions frequently touch on legal and regulatory requirements. One important ability that sets seasoned experts apart from entry-level technicians is the capacity to convert complex compliance requirements into practical technical controls. This realization highlights how crucial it is to comprehend the rationale for controls rather than only how to apply them.

Personal Connection to My Career Goals

My personal interests in IT management and cybersecurity are well matched with this interview. A good professional path is formed by a combination of technical expertise, compliance knowledge, and leadership qualities, as demonstrated by Mr. Reece’s journey. His focus on lifelong learning and flexibility aligns with the demands of the cybersecurity industry and strengthens my desire to keep up with new frameworks and technology.

Furthermore, the emphasis on accountability and honesty aligns with the moral duties of cybersecurity experts. It takes professionalism, accountability, and integrity to handle sensitive data. As I strive for a future position in cybersecurity or IT leadership, this interview has made it clearer how important it is to acquire both technical proficiency and personal integrity.

Overall Takeaways from the Interview

This interview offered me a realistic and useful perspective on what it takes to establish and maintain a career in cybersecurity and IT management. Compared to what can be learnt from coursework alone, hearing directly from a professional who is actively employed in the sector helped to clarify the demands of the position. The conversation focused on how cybersecurity professionals must combine technology, compliance, communication, and leadership in their everyday tasks rather than just technical expertise.

The significance of flexibility and ongoing development is among the most important lessons learned from this conversation. Mr. Reece’s journey into cybersecurity from a non-technical background serves as an example of how initiative, tenacity, and a desire to learn are essential for success in this industry. His experience also highlights the growing importance of compliance frameworks like CMMC in contemporary IT operations, especially for businesses that handle government contracts. This supports the notion that cybersecurity experts need to remain up to date on changing standards and laws in addition to new technologies.

All things considered, this interview strengthened my comprehension of cybersecurity as a dynamic, multidisciplinary field. It gave a clearer picture of the processes required to advance from entry-level positions into leadership positions and emphasized the abilities and traits that employers value most. As I continue to pursue a career in cybersecurity or IT management, this experience will have an impact on how I approach my coursework, internships, and future job choices.

REFLECTION 2 of my Internship

During my internship, for my second 50 hours, I had the opportunity to work directly with enterprise-level cloud infrastructure, security tools, and automation within the Microsoft ecosystem. My knowledge of practical IT administration has greatly increased as a result of this training, particularly in settings that make use of Microsoft Azure Virtual Desktop (AVD), Microsoft Intune, Microsoft Defender, and Power Automate. In addition to improving my technical abilities, the projects I finished gave me a better understanding of how automation, security, and policy management enhance organizational operations.

Setting up Azure Virtual Desktop environments was one of my main responsibilities. I made sure that the AVD device group automatically added the IT Interns group as local administrators. This needed knowledge of role-based access control (RBAC), device group setups, and Azure Active Directory group assignments. In order to verify correct privilege escalation, I launched a virtual machine session and ran an application as an administrator after putting the configuration into practice. I learned from this project how crucial it is to test configurations in a controlled environment to ensure permissions are applied correctly. It also reaffirmed the importance of effective access control for both operational effectiveness and security.
I made dynamic device groups and dynamic user groups for virtual machines and VM users in addition to role management. In order to automatically classify devices and users according to particular attributes, this process required creating and defining membership rules. I discovered how automation lowers manual administrative overhead and minimizes human error when I learned how dynamic groups work in Azure AD. The system can automatically assess criteria and apply memberships in real time, eliminating the need to manually assign devices or users to groups. My understanding of scalable infrastructure management in corporate settings has improved as a result of this training.

Another significant aspect of my internship was automation. I used Power Automate and Microsoft Forms to create and deploy an IT help ticket workflow. This required developing a form to gather ticket data submitted by users and then setting up an automated flow to properly route and monitor inquiries. I developed my skills in conditional logic, workflow architecture, and Microsoft 365 service integration during this process. This study illustrated how automation may increase response times, simplify help desk operations, and establish responsibility in support procedures. Additionally, it exposed me to low-code automation solutions that are frequently utilized in commercial settings.
Another important aspect of my internship was setting up security and protecting endpoints. In order to ensure appropriate endpoint management and threat protection integration, I configured Microsoft Intune to operate with Microsoft Defender. I investigated the creation of a baseline corporate compliance policy and onboarded devices into Microsoft Defender for Endpoint. I had to take device health, operating system specifications, security settings, and risk management guidelines into account when creating the compliance policy. I gained an understanding of how compliance policies uphold end-user usability while enforcing organizational security needs thanks to this procedure. I discovered how endpoint detection and response (EDR) tools enable businesses proactively address possible threats and give visibility into device security posture. 

Pushing a unique backdrop image to a virtual machine environment was another project. This operation may appear insignificant in comparison to security configurations, but it illustrates the significance of standardizing user environments and centralized control. The ease with which group policy, Intune configuration profiles, and centralized device management simplify administrative control in business settings is reinforced by the ability to implement configuration changes across numerous systems.

In order to satisfy logging requirements, I also set up a storage account and established a Log Analytics workspace. I looked into and put into practice ways to gather simple logs from a virtual machine and transfer them to the Log Analytics workspace. I gained a better understanding of the significance of monitoring, observability, and data retention thanks to this assignment. Logs are essential for security investigations, audits, and troubleshooting. By setting up log collection, I was able to obtain useful knowledge about how businesses keep an eye on their infrastructure and examine operational data.

During my second 50 hours of my internship, I gained professional confidence, problem-solving skills, and technical proficiency. Reading documentation, conducting independent research, and resolving configuration problems were all necessary for many activities. I discovered that IT solutions are rarely one-click fixes; instead, they necessitate meticulous preparation, testing, and validation. I also realized that cloud services are interrelated; modifications to device management, identity management, or compliance guidelines might have an impact on several platforms.
All things considered, this internship so far has given me valuable practical experience with cloud administration, automation, security configuration, and monitoring. My knowledge of Microsoft Intune, Microsoft Defender, Power Automate, Azure Virtual Desktop, Azure Active Directory, and Log Analytics has improved. More significantly, I learned how enterprise IT infrastructures function and how automation, security, and compliance must cooperate to preserve productivity and safeguard organizational assets. My interest in cloud security and systems administration has been strengthened by this experience, which has also equipped me for positions in the IT and cybersecurity industries in the future.

REFLECTION 3 of my Internship

I have now reached 150 hours in my Internship at Fedwriters! After completing about 150 hours, I continued to broaden my experience working with enterprise cloud settings in the final phase of my internship, concentrating more on security policies, system setup, and controlled access inside the Microsoft platform. Using programs like Microsoft Intune, Azure, and Conditional Access, this part of my internship focused on the practical application of security frameworks, browser-based virtual environments, and policy-driven management. These assignments improved my comprehension of how businesses retain usability while enforcing security.

Making a kiosk-mode virtual machine to run Microsoft 365 apps via a browser was one of the more complex projects I worked on. In order to guarantee that users could only access authorized apps in a controlled setting, this design necessitated careful limitation of system capability. Setting up kiosk mode showed how businesses might restrict user involvement to lower security risks, particularly in systems that are shared or exposed to the public. In order to minimize potential attack surfaces and uphold the principle of least privilege, I learnt how to set up the environment so that users cannot access the underlying operating system. I was learning how to do it, alright, but unfortunately, it never deployed properly. I manually tried to figure it out, then watched videos on how others did it, followed them, and still, the Kiosk mode did not work. My brother and I tried for about a week to figure this out, as well as Steven, the IT director himself, tried to help us, and even do it from scratch, only to get the same results. Failure, this was obviously frustrating, but luckily, it was just a “Proof of concept.” So he decided to scrap it, and move on.

Another significant task worked on was developing a Conditional Access policy in report-only mode. I learned about a crucial component of enterprise security through this task: testing policies before completely enforcing them. I was able to model how the policy would affect users without actually preventing access by utilizing report mode. This made it possible for me to examine possible problems, such as unexpected limitations or user lockouts, before implementing the policy throughout the entire company. I had a greater understanding of the significance of safely and carefully validating security controls as a result of this exercise. Additionally, it demonstrated how Conditional Access combines risk signals, device compliance, and identity to make judgments about access in real time.

The group then worked on creating and implementing custom configuration scripts in addition to access control. Writing and executing scripts that automate system setups across devices was necessary for this assignment. I discovered that scripting may be used to guarantee adherence to organizational rules, minimize manual administrative effort, and enforce consistent settings. My comprehension of automation in IT environments has been reinforced by this experience, which also showed how scripting is essential to scalability. Administrators can use scripts that effectively and consistently apply configurations across numerous devices instead of configuring each system separately.

Working with session rules was another crucial aspect of this phase. Session rules, which include limitations on operations like downloading files, transferring data, or accessing specific features, are used to specify how users interact with applications during active sessions. Setting up these guidelines made it easier for me to comprehend how businesses safeguard sensitive information while it’s being used, not only at the point of access. It reaffirmed the idea that security is ongoing and needs to be maintained for the duration of the user session. Additionally, this work exposed me to more sophisticated control methods that go beyond basic authorization and authentication.

My brother and I worked on developing a base setup template in tandem with this. This template acts as a basis for system configurations, guaranteeing that every deployed device satisfies fundamental operational and security standards. The configurations required for both functionality and security had to be carefully considered when creating this template. I discovered how baseline configurations facilitate deployments, enforce compliance, and give all systems in an organization a uniform starting point. My brother and I worked closely together to develop the template during this process, which necessitated that we thoroughly examine and comprehend the setups that FedWriters had previously put in place in their environment. We had to review the current settings, note what was already there, and decide what needed to be added to or changed in our template. In addition to enhancing my technical knowledge, this experience highlighted how crucial teamwork and meticulousness are while operating in a well-established business setting.

During this final part of my internship, I kept developing my technical confidence and problem-solving abilities. Numerous of these jobs needed independent investigation, testing, and troubleshooting. I had to examine documentation, investigate logs, and modify settings when configurations did not operate as I had anticipated. This reaffirmed the notion that Cybersecurity employment in the real world requires constant learning and adjustment. Enterprise contexts necessitate meticulous validation and attention to detail, in contrast to theoretical exercises. 

All things considered, this phase of my internship improved my comprehension of system administration and business security. I obtained practical basic experience with scripting, session controls, kiosk environments, which unfortunately did not work out, Conditional Access policies, and system imaging. I now have a better understanding of how businesses maintain effective operations while striking a balance between security and usability, thanks to these experiences. More significantly, as I pursue a career in cybersecurity and IT infrastructure, I have strengthened my foundation in cloud security and administrative procedures. I really enjoyed this experience, and will miss it. 

MY FINAL PAPER FOR MY INTERNSHIP

Table of Contents (add page numbers later)

  1. Table of Contents………………………………………………………………………1
  2. Introduction……………………………………………………………………………2
  3. Management Environment…………………………………………………………….3
  4. Duties, Assignments, and Projects…………………………………………………….4
  5. Cybersecurity Skills and Knowledge Applied…………………………………………5
  6. Connection to ODU Curriculum………………………………………………………6
  7. Internship Learning Objectives……………………………………………………….7
  8. Motivating Aspects of the Internship…………………………………………………8
  9. Discouraging Aspects of the Internship……………………………………………….8
  10. Challenging Aspects of the Internship……………………………………………….9
  11. Recommendations for Future Interns……………………………………………….10
  12. Conclusion…………………………………………………………………………..11

Introduction (Dates taken from the official Fedwriters website)

I planned to achieve several important cybersecurity and cloud technology learning objectives during my internship. Initially, I wanted to learn how businesses create and manage cybersecurity procedures to comply with legal standards and gain practical experience with CMMC. Second, I wanted to learn about CMMI and see how models of process improvement are used to maximize project management, workflows, and operational effectiveness. Third, I aimed to expand my practical understanding of cloud architecture, including how networking, software, and hardware components are set up to enable scalable cloud services. Lastly, by learning how businesses safeguard data and applications from threats while adhering to industry standards and best practices, I hoped to deepen my understanding of cloud security.

FedWriters is a small business that focuses on government contracting and cybersecurity-related services. The company began in 2010 and slowly grew into a successful federal contractor. In 2014, the company received the SBA 8(a) certification, which helped expand its opportunities in government contracting. Over time, FedWriters has supported numerous federal agencies through various programs and projects. For example, in 2016, the company undertook several rulemaking and regulatory projects for the U.S. Coast Guard. In 2017, FedWriters helped the U.S. Army War College publish dozens of manuscripts, reports, and articles on national security issues.

In 2019, the company began supporting the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) with operational services to assist in combating money laundering, terrorist financing, and other financial crimes. That same year, FedWriters began managing NASA’s public inquiries program, responding to approximately 20,000 public inquiries per month. The company also opened its corporate headquarters in Fairfax City and was awarded more than 20 contracts with a combined total contract value exceeding $50 million.

The company continued to grow in the following years. In 2020, FedWriters was recognized as the 146th fastest-growing company in America on the Inc. 500 list and the 3rd fastest-growing company in Virginia by the Virginia Chamber of Commerce. The company was also awarded a $100 million contract with the Library of Congress to provide reference services, library management, and ontology and taxonomy support. In 2021, FedWriters received a $50 million program supporting the NOAA Office of Oceanic and Atmospheric Research and began managing social media and public affairs communications for the U.S. Army III Corps at Fort Hood.

Today, FedWriters supports more than 70 federal agencies across more than 100 programs, ranging from scientific research support for NOAA to intelligence analysis for the Defense Intelligence Agency and library services for the Department of Transportation. Because of this broad range of government support services, cybersecurity and IT infrastructure play a critical role in ensuring that operations remain secure and efficient. 

My internship began with a very positive orientation experience. Everyone I met was professional, polite, and willing to help. At the beginning of the internship, we met the team and introduced ourselves. We discussed what we would learn and work on throughout the internship and were given research topics to explore before beginning our assignments. As part of the onboarding process, we wrote short papers explaining our research and the approach we believed would best achieve both our learning objectives and the company’s goals. From the start, it was clear that this internship would provide a strong opportunity for professional growth and hands-on learning.

2. Management Environment

The management environment during my internship was both supportive and professional. The staff and leadership made it clear that the internship program was designed to help interns develop real-world skills while contributing to meaningful projects. Throughout the internship, the management team focused on guiding interns while still encouraging independent learning and problem-solving.

Additionally, the team’s communication was efficient and constant, which made it simpler to adhere to deadlines and expectations. Frequent gatherings provide chances to talk about developments, pose queries, and get helpful criticism. This feedback was particularly helpful because it emphasized understanding the rationale behind each step in addition to task completion. Interns were able to make errors and learn from them without feeling discouraged because the setting promoted learning via experience.

The harmony between structure and flexibility was another crucial component of the managerial environment. Interns were allowed to tackle problems in their own ways and consider alternative answers, even if there were clear expectations and deadlines. This strengthened critical thinking abilities and boosted confidence. Overall, the management approach produced a setting that stressed professional development, learning, and growth, making the internship fruitful and fulfilling.

Steven Reece, the IT manager who oversaw the internship program, played a major role in supervising our work and helping us develop technical skills. He assigned tasks, monitored progress, and held meetings with us every Monday, Wednesday, and Friday. During these meetings, we discussed the progress of our projects, reviewed challenges we were facing, and received guidance on how to approach technical problems. One aspect of his supervision that stood out was his commitment to teaching rather than simply giving answers. If we encountered an issue, he would guide us through the thought process required to solve it instead of immediately providing the solution.

In addition to the internal management at FedWriters, the internship was also supported by representatives from the Department of Education in Northern Virginia, which funded the internship program. The representative we worked with regularly checked in with us each week to review what we had learned and discuss what we planned to accomplish in the upcoming week. This added level of oversight and support ensured that interns were staying on track and gaining valuable experience.

Overall, the structure of the internship was extremely well organized. Each unit of work was designed to build upon the previous one, allowing interns to gradually develop more advanced skills as the internship progressed. Whether we worked individually or collaborated with other interns, each assignment contributed to a larger set of goals. This structured approach made the internship highly effective as a learning experience while also allowing us to contribute meaningful work to the organization.

3. Duties, Assignments, and Projects

I was in charge of a number of technical duties during my internship at FedWriters, which gave me practical experience with enterprise-level IT administration and cybersecurity procedures inside the Microsoft ecosystem. I gained a better understanding of how businesses handle infrastructure, security, and operational effectiveness in a work setting thanks to these tasks. Setting up and managing Azure Virtual Desktop (AVD) environments was one of my main duties. This involved setting up systems such that, when necessary, device groups would immediately install IT interns as local administrators. Working with Azure Active Directory group assignments, role-based access control (RBAC), and testing privilege escalation to make sure permissions were set up correctly were all necessary to finish this task.

 Maintaining the virtual desktop infrastructure’s dependability and security while making sure users had the appropriate degree of access required this work. Making dynamic device and user groups was another project. These categories were established to classify people and devices based on specific characteristics automatically. I reduced the likelihood of human mistakes and the necessity for manual administrative tasks by creating membership rules for these groups. As more users and devices were added to the system, this procedure also made it possible for the business to grow more efficiently.

Additionally, I used Microsoft Forms and Power Automate to develop an automated IT support desk workflow. Through a form, users may submit help requests to this system, which would then automatically forward tickets to the relevant staff members. By cutting down on delays, better arranging assistance requests, and enhancing responsibility within the support system, automating this procedure increased operational efficiency.

Another important component of my employment was security and compliance. In order to onboard devices for endpoint security and enforce compliance requirements, I set up Microsoft Intune to interface with Microsoft Defender. These guidelines made sure that devices adhered to internal standards and the organization’s security requirements.

I also worked on deploying uniform configurations across platforms to standardize virtual machine environments. In order to show centralized control and establish uniform user interfaces, this involved promoting standardized desktop backdrops.

In order to gather system logs from virtual machines, another task required setting up a Log Analytics workspace and creating a storage account. This made it possible for administrators to keep an eye on system activities, solve issues, and carry out security investigations when necessary. All things considered, these initiatives made a direct contribution to enhancing operational effectiveness, fortifying the company’s security posture, and guaranteeing efficient administration of corporate IT resources.

4. Cybersecurity Skills and Knowledge Applied

My cybersecurity knowledge before starting my internship was mainly theoretical and predicated on a broad comprehension of networking and security subjects. I gained expertise in topics including networking principles, security concepts, risk management, and core threat mitigation techniques after obtaining my Network+ N10-009 certification. Despite having this basis, I didn’t have any practical experience using these ideas in a real-world setting. The majority of my previous experience came from coursework, which placed more emphasis on comprehension than on actively applying principles in a work environment.

I was able to apply this fundamental understanding to actual cybersecurity activities during the internship, which called for both practical problem-solving and critical thinking. I worked on keeping an eye on network traffic, spotting possible weaknesses, and putting security measures in place to safeguard private company information. Through these duties, I was able to observe how cybersecurity is not just conceptually understood but actively maintained within a company. Additionally, I became familiar with compliance frameworks like CMMC and CMMI, where I discovered how businesses employ established standards to uphold security, guarantee responsibility, and comply with legal obligations.

Many of the abilities I acquired came from practical experience gained on the job. I became more knowledgeable about cybersecurity platforms and technologies for incident response, threat detection, and access control management. Additionally, I worked with cloud-based systems and discovered how important identity and access management is to the security of contemporary settings. Additionally, I improved my ability to comprehend firewall configurations, analyze logs, and take part in compliance and auditing procedures. I now have a better understanding of how businesses identify, address, and stop possible security risks because of these experiences.

Understanding how cybersecurity interacts with general business operations was another crucial component of my education. I started to understand that security is about more than just stopping attacks; it’s also about guaranteeing dependability, upholding confidence, and advancing the objectives of the company. Every duty I completed, whether it was setting up monitoring systems or access controls, helped to preserve the organization’s overall security and effectiveness.

My knowledge of cybersecurity has greatly changed as a result of this internship. I now see that, despite its importance, theoretical knowledge is insufficient on its own. To fully comprehend how to safeguard systems and address real-world issues, practical experience is crucial. Because new technologies and risks are always evolving, I also developed a deeper understanding of the significance of ongoing education in the subject of cybersecurity. All things considered, this experience changed my viewpoint from seeing cybersecurity as a collection of abstract ideas to seeing it as a dynamic, practical field that needs both technical expertise and critical thought to be successful.

5. Connection to ODU Curriculum

My internship’s real-world needs were not entirely met by the ODU curriculum. Even though I took classes like Cybersecurity Foundations, CyberLaw, and programming to acquire basic knowledge, a large portion of what I learned was theoretical and had no bearing on the real-world duties I completed during the internship. Many classroom subjects, such as network protocols and HTTPS, were covered in several courses, which occasionally felt repetitive and unrelated to practical applications. As a result, it was challenging for me to make clear links between my coursework and the technical tasks I was required to do. Many assignments’ formats, especially multiple-choice tests and simple labs, did not accurately replicate the intricacy or unpredictable nature of actual cybersecurity jobs.

Furthermore, the depth and speed of classroom education usually fell short of what was expected in a professional setting. Concepts are usually taught separately and practised in controlled environments in the classroom. But throughout the internship, I had to apply several ideas simultaneously while taking efficiency, security, and commercial impact into account. This demonstrated that although the curriculum gave me a good place to start, it did not adequately prepare me for the degree of integration and critical thought needed in the profession.

More significantly, the internship exposed me to new ideas, resources, and methods that I had not learned in school. Setting up access controls, keeping an eye on network traffic, utilising cloud security measures, and implementing compliance frameworks like CMMC and CMMI were all completely new tasks. Additionally, I was exposed to business platforms and technologies, especially in cloud settings, which are commonly utilised in the industry but are not given much attention in the curriculum. The degree of problem-solving and flexibility needed for these practical exercises was significantly higher than what I had encountered in my courses.

The level of accountability and responsibility associated with a real-world job was another major difference. Errors can affect systems, users, and organizational operations in a professional setting, but they usually only affect grades in the classroom. This made precision and attention to detail, which aren’t typically stressed in academic settings, even more important.

All things considered, the internship showed a substantial disconnect between academic training and practical experience. But it also gave me the chance to start closing that gap by learning useful skills and being exposed to real-world cybersecurity settings. My internship at Fedwriters showed that practical experience is crucial for fully comprehending and applying cybersecurity principles in a meaningful way, even though the ODU curriculum offered the necessary basis.

6. Internship Learning Objectives

I set a few important learning goals at the start of my internship that I wanted to accomplish by the end. These included learning more about the CMMC and CMMI compliance frameworks and getting real-world, hands-on experience with cloud security and infrastructure. Even though I already knew a little bit about these subjects, my objective was to go beyond theory and learn how they are used in an actual professional setting.

These goals were mostly achieved during the internship through practical assignments and firsthand experience with actual systems and procedures. Observing how compliance frameworks like CMMC and CMMI are actually implemented within a business was one of the most influential parts of the trip. I was able to see how these frameworks affect corporate policies, documentation processes, and security procedures rather than just studying definitions or requirements. This made it clearer to me that compliance involves more than just adhering to legal requirements; it also entails developing organised, repeatable processes that enhance security, effectiveness, and responsibility throughout the company.

I also learned a lot about how businesses sustain compliance over time. I saw that to keep systems safe and compliant with industry standards, regulations must be continuously enforced, updated, and monitored. Before the internship, I did not completely understand that compliance is a continuous effort; I knew it was constantly changing, but I was not aware of the frequency of some of the changes or that businesses had their own certification that they needed to meet.

Gaining a deeper comprehension of cloud infrastructure was another important goal, which was, luckily, a main focus of my internship. I learnt how many elements, including virtual machines, storage accounts, identity management systems, and networking setups, interact to produce scalable and effective environments while working with cloud-based technologies during the internship. I obtained hands-on expertise in resource provisioning, access control, and comprehending the structure of cloud services in an enterprise environment. I was able to go beyond fundamental ideas and observe how cloud infrastructure is created and managed in an actual company, thanks to this practical experience.

My goal to learn more about cloud security was closely tied to this. Throughout the internship, I learned about several techniques used by businesses to safeguard cloud environments, such as monitoring, endpoint protection, identity and access management, and compliance enforcement. I discovered how important the correct setting is for avoiding vulnerabilities and how even minor errors can result in serious security threats. This made it easier for me to comprehend cloud computing’s shared responsibility and the significance of protecting its infrastructure and data. All things considered, the internship helped me accomplish the goals I had initially set. In addition to developing a greater comprehension of cloud infrastructure, cloud security, CMMC, and CMMI, I also learned how to use this information in real-world scenarios. My comprehension of these subjects changed from fundamental theoretical ideas to practical applications that are crucial for preserving safe and effective IT infrastructures as a result of the experience.

7. Motivating Aspects of the Internship

The chance to work on actual cybersecurity projects and obtain practical experience in a professional setting was the most inspiring and exciting part of my internship. The work I did during the internship directly affected the organization’s operations and security, in contrast to classroom assignments, which are, as I say again, theoretical or simulated. Because I was aware that the job I was doing had an impact on the company’s actual systems and procedures, the experience felt more significant and gave me a greater feeling of purpose.

Being entrusted with tasks that are normally performed by IT specialists was another significant source of inspiration. Working on projects like cloud infrastructure configuration, network monitoring, and security-related procedures boosted my self-confidence and made me feel like an important team member. This degree of trust motivated me to take responsibility for my job, focus more intently on details, and aim for excellent outcomes. I was able to envision myself doing similar work in the future, which further strengthened my desire to pursue a career in cybersecurity.

The internship also gave me ongoing chances to broaden my knowledge and pick up new abilities. Every project exposed me to new concepts, systems, or technologies that I had never seen before. I was constantly pushed and encouraged to improve, whether I was working with compliance frameworks like CMMC and CMMI, setting up access controls, or studying cloud security procedures. The encounter remained interesting and avoided becoming monotonous or repetitive because of this continuous learning process. 

Another factor that contributed to the internship’s motivation was the collaborative atmosphere. The learning process was made more efficient and enjoyable by the opportunity to engage with other motivated and helpful students, ask questions, and get advice. Steven’s readiness to help interns and clarify ideas created a supportive environment where learning was welcomed rather than forced.

So, in the end, I thought the internship was very inspiring since it blended actual responsibilities, ongoing education, and real-world experience. It gave me the chance to witness how cybersecurity principles are directly applied, boost my self-confidence, and get a better idea of what it’s like to work in the industry. My interest in cybersecurity has grown as a result of this experience, which has also inspired me to keep improving my abilities and look for new opportunities in the industry.

8. Discouraging Aspects of the Internship

Realizing how much the abilities needed in a real professional setting differed from what I learned in school was one of the most discouraging parts of the internship. Although I had a strong theoretical foundation in cybersecurity principles from my studies, I was absolutely unfamiliar with many of the actual duties I experienced during the internship. I had to immediately adapt to a higher level of technical expectations and apply concepts in ways I had never done before, which made the shift difficult at first. 

When using cloud-based systems and enterprise solutions, this gap became much more apparent. My training did not address many of the platforms needed to manage access control, monitor systems, and configure security rules. Because of this, I frequently had to learn these skills from scratch while finishing duties that were given to me, which occasionally left me feeling unprepared. None of this was Fedwriters fault; however, it’s just the way the Education system seems to teach, which is inadequate for a real-life setting.

The high learning curve connected to some assignments was another discouraging feature. Certain duties necessitated a more in-depth technical comprehension of how permissions are organised, how systems interact, and how security parameters impact overall performance. It could be annoying not to grasp how things fit together right away when overcoming these obstacles, which periodically hindered my progress.

The stress of working in a real-world setting also made things more challenging. Errors in a professional setting can harm systems and even pose security problems, in contrast to school, where mistakes mainly affect grades. Particularly in the beginning, this increasing level of responsibility made some activities more stressful and demanded more attention to detail.

Nevertheless, in the end, these difficulties helped me grow. I started to feel more at ease asking questions, looking for answers, and adjusting to new circumstances. What at first seemed depressing eventually turned into a chance to gain self-assurance and useful abilities. Even though they were challenging at times, these experiences were crucial in preparing me for a career in cybersecurity.

9. Challenging Aspects of the Internship

Learning a variety of new technical skills while adjusting to a professional work atmosphere was one of the most difficult parts of the internship. The internship required me to start using concepts in real-world situations right away, in contrast to a classroom setting where topics are introduced gradually and rehearsed in controlled circumstances. There was a steep learning curve at first because I was unfamiliar with many of the tools, systems, and platforms I worked with. I had to swiftly familiarize myself with the workings of specific systems and comprehend how they were integrated into a broader company infrastructure.

Finding a realistic and integrated way to apply cybersecurity concepts was a major difficulty. Topics like networking, security principles, and cloud concepts are frequently covered separately in my coursework. But I had to integrate several different fields of expertise at once throughout the internship. For instance, setting up access control systems required a combined knowledge of cloud infrastructure, security rules, identity management, and permissions. At first, this level of adjustment was challenging since it needed me to think more critically and go beyond memorization into real problem-solving and decision-making.

Troubleshooting technical problems without prior experience was another major challenge. When something didn’t function properly, there was frequently no obvious or quick fix. In order to find a solution, I had to rely on investigating documentation, examining system behavior, and trying out various strategies rather than following detailed instructions like in a lab in the classroom. When working with unfamiliar systems or error messages, this process may be time-consuming and occasionally irritating. But it made me more self-reliant and developed a methodical approach to problem-solving, which is a crucial ability in IT and cybersecurity positions.

Throughout the internship, time management was another slight challenge, but not as bad as I had thought it would be. Careful preparation was necessary to balance the requirement to master new tools and technologies with the completion of given projects. Due to the learning curve, some activities took longer than anticipated, so I had to modify my workflow and set priorities wisely. I learned from this experience how important it is to maintain organization, manage deadlines, and make steady progress even when things appear difficult or overwhelming.

Another challenge was added while working with cloud-based applications. Understanding virtual machines, storage accounts, identity systems, and network configurations, all of which needed to be appropriately secured and maintained, was essential to managing cloud environments. The degree of responsibility associated with each activity has increased since even minor misconfigurations could result in security threats or system problems. This pretty much made it required to have meticulous preparation and close attention to detail while making adjustments.

Despite all of these challenges, they were really important to my growth. Every challenge forced me to strengthen my technical abilities, develop my critical thinking skills, and become more self-reliant in my studies. With time, I gained confidence in my problem-solving skills and grew more at ease working with complex systems. By the end of the internship, obstacles that had previously appeared overwhelming had become doable, indicating how much I had changed over the course of the program.

10. Recommendations for Future Interns

For future interns entering this internship, I would strongly recommend preparing by developing a solid foundation in networking and cybersecurity concepts before starting. Understanding how networks operate, how devices communicate, and how basic security protocols function will make it much easier to adapt to the tasks assigned during the internship. Having familiarity with concepts such as IP addressing, access control, authentication, and general security principles will provide a strong starting point and reduce the initial learning curve.

In addition to foundational knowledge, it would be extremely beneficial for future interns to gain some exposure to cloud platforms and enterprise tools before beginning the internship. Since school doesn’t seem to teach you, look it up on YouTube; that’s what helped me start. Technologies such as Microsoft Azure, Entra ID, Intune, and Defender were heavily used throughout my experience. Even a basic understanding of how these platforms function, including concepts like virtual machines, identity management, and cloud storage, can make a significant difference. Similarly, having some familiarity with automation tools such as Power Automate can help interns better understand how workflows are built and managed within an organization.

Future interns should concentrate on developing their research and problem-solving abilities in addition to their technical training. There aren’t many quick fixes for the problems that arise during the internship. It is essential to be able to read material, conduct independent research, and troubleshoot issues. Additionally, since learning on the job is a big part of the experience, interns should get used to not knowing everything at first.

Organization and time management are also essential for success. Interns will frequently be learning new skills and concepts while working on several projects or tasks at once. Maintaining organization, managing deadlines, and setting priorities can help to promote consistent progress and lower stress. Complex jobs can seem more doable when they are divided into smaller, more manageable phases.

Above all, prospective interns should approach the experience with an open mind. New tools, ideas, and duties that may initially seem overwhelming will probably be introduced during the internship. But keeping a positive outlook, being receptive to criticism, and remaining driven will have a big impact. It’s critical to see setbacks as chances for development rather than as roadblocks.

Lastly, I want to emphasize how important it is to ask questions. Steven was very willing to assist interns in navigating this internship, which is intended to be a learning experience. Making use of that support network will increase the experience’s worth and guarantee a greater comprehension of the subject. All things considered, future interns will be able to make the most of this opportunity and effectively acquire practical skills in cybersecurity and IT operations with preparation, flexibility, and a proactive approach.

11. Conclusion

Considering everything considered, my internship was a really worthwhile educational experience that helped me better grasp what it’s like to work in the IT and cybersecurity industries. The fact that real-world cybersecurity work is significantly more dynamic and hands-on than what is usually encountered in the classroom is one of my key conclusions. My internship demonstrated how such ideas are used in actual organizational settings, even if my schooling only gave me basic information. I was able to gain a deeper understanding of how cybersecurity helps day-to-day business operations by working with real systems, security protocols, compliance frameworks, and automation tools. Additionally, I developed a deeper understanding of the value of flexibility, ongoing education, and real-world problem-solving in a work environment.

My approach to the rest of my time at ODU will be greatly impacted by this event. I intend to focus more on obtaining practical experience in addition to my studies after realizing the disconnect between theoretical knowledge and real-world application. This entails getting more certifications, experimenting with tools and technology outside of the classroom, and looking for chances to put what I learn into practice. Additionally, even if the link is not immediately apparent, I intend to focus more on how the ideas I teach in my seminars apply to actual cybersecurity procedures.

My future career planning has also been impacted by the internship since it has helped me better understand the kinds of cybersecurity jobs I want to pursue. It made it easier for me to comprehend the significance of topics like automation, cloud infrastructure, and security compliance in contemporary IT organizations. I intend to keep honing my abilities in network security, cloud security, and automation technologies going forward so that I can make a valuable contribution in roles that are comparable. All things considered, the internship validated my interest in cybersecurity and gave me real-world experience that will direct my academic development and long-term career objectives.