Cyber Clinic Internship Reflection
Micah Elmore
School of Cybersecurity, Old Dominion University
CYSE 368: Cyber Clinic Internship
Dr. Teresa Duvall
December 8th, 2024
Reflection:
It felt like everything went right in this internship. I couldn’t ask for a better internship. Everything that I wanted to gain in a professional setting/internship I did gain. An important lesson I learned was to believe in myself. When we first selected the companies we would be interested in working with I almost didn’t pick Suffolk. I had questioned my abilities and skill set level telling myself I wasn’t ready for an organization like them. I decided in the end that it was what I wanted and I was willing to learn whatever skill I needed. Now that I’ve done the work I feel confident in applying to multiple jobs now. I’m more open to my abilities and willingness to learn. If I could do this internship over I would choose a different company. While I did enjoy my time with Suffolk and feel anybody would have gotten the most with them. While we were listening to presentations I got to see what my classmates were working with and how much different their experiences were. I would go back and experience what they had to do and see if I could do it differently and add more to the table. If I could redo my project I would petition that we take on more SQL databases to assess. We had the opportunity to do 3 SQL databases. But we had never worked in a SQL database and we weren’t very familiar with it. So we opted to only do one and this one happened to be a test server with no real data. It would have been fun to work in a real SQL database and gain that experience.
Memorandum of Agreement:
The first objective I wanted to learn was gaining real-world experience of what it was like to consult for companies. I was able to fulfill this objective in multiple ways through this internship. The design thinking module with Dr. Baki opened my eyes to a new way of thinking. Specifically how to go about the design process when it comes to consulting. Not everything is clear cut and dry in providing solutions. There are a lot of issues that can arise and it’s important to stay connected and empathetic with your clients. Although Wilmor, Texas wasn’t a real-world activity for us to consult, the idea behind it helped me gain an understanding of consulting. The next part that helped me fulfill it was the Valor experience. This was my first real-world experience in going out to consult real companies. This opportunity allowed me to assess real businesses, identify their weak points, and consult on the proper procedures they need in place. It ultimately prepared me for my real internship with The City of Suffolk. Working with the city was a little different because I wouldn’t say it was consulting. I actually got to go and perform day-to-day job functions which I will talk about later. The only consulting I did for them was providing remediation for their vulnerabilities. Nonetheless, it was still a great experience and helped me gain real-world experience.
The second objective I had was to improve my public speaking skills. I’ve learned that I wasn’t as bad at public speaking as I thought. I felt like in a serious moment of speaking I would crumble, mix my words, stutter, or flat-out freeze up. My nervousness wasn’t the problem. My antisocial personality was the real problem. During the first half of the internship when we did our social exercises with Dr. Baki I avoided those at all costs. Not because I didn’t like them but because I’m antisocial and I’m just not comfortable putting myself out there. The Valor experience ended this completely because I had no choice but to put myself out there and carry a real conversation with people who know nothing too little about cybersecurity. I was worried about the risk assessments overall because I just didn’t know how it would turn out. When Greg talked to us he mentioned to us that when he first did it he got nobody. He assured us that it was okay to not succeed your first time. That wasn’t good enough for me because that’s not who I am. I am an overachiever, a conqueror, I’m someone who wants to go out and do the impossible. Thankfully I had two amazing teammates who shared the same mentality as me, and that’s exactly what we did. The first time we went out we were able to complete 3 risk assessments. This is when we first learned about everybody’s strengths and weaknesses. They weren’t that strong in “sales talking” while I was. As a group we just let me take the lead and perform the risk assessments. On our next outing though we completed three more and it was a team effort this time. So while I wasn’t as bad at public speaking as I thought. I can say this internship experience helped me with my social anxiety. When I presented our project I had no butterflies, no shakes, no urges. I was strictly focused on myself and presenting our PowerPoint.
The third objective was learning how to build a professional report. While this isn’t something I learned in the class setting. It did get fulfilled through my visit with Suffolk. I had the opportunity to talk with Joshua Cox and he showed us his 200-page draft of cybersecurity guidelines and procedures he made himself. It gave me the opportunity to learn how one would be made and structured if I were to come into a senior position within Cybersecurity. On top of that, he gave us a template for writing our report when it comes to our findings. In a regular position like security analyst which is what I want, I now have experience and knowledge of how to go about that for my future employer.
The fourth objective I had for myself was to make the most out of this internship of what I could learn. I was hoping to learn several technical skills and be able to play around with security tools. Thankfully my internship with The City of Suffolk allowed me to do just that. There are so many fields in cybersecurity and I just wasn’t sure if “security analyst” work is what I wanted to do. However, after being able to perform identity assessments, vulnerability scans, compliance, and several more. I thoroughly enjoyed it and can see myself doing this.
The last objective I had was to gain an experience factor. I wanted to be able to network with my peers because we’re all going into cybersecurity but with different career paths. I wanted to be able to connect with them and learn more from them. On top of that, I wanted to be able to gain internship experience overall to help with future internships or jobs.
Highlights of Internship:
The most exciting part of this internship was definitely our trip to Suffolk. Being able to go to their place of business and just see how everything works is a feat within itself. We got to work with a cloud vulnerability software called Tenable.io. Joshua Cox gave us a detailed walkthrough of what it is and how everything in it works. He let us play around in it and create our scans, view live servers, and create audit configurations along with a plethora of other things. He had talked to us about what we wanted to gain from this experience and we said we just wanted technical experience of “everyday operations” He took our request seriously and gave us the best experience he could offer. Truly was a fun experience to be able to go there and do the things that we did. Outside of the trip to Suffolk, the risk assessments in the local community were another fun highlight of this internship. Going out and assessing these small businesses felt good because we found some businesses that truly needed our services. Being able to help them better their organization brings a relief factor to me.
Challenges:
My team and I didn’t face that many challenges. Rebecca was a great team leader that kept us on track and motivated. The only real issue we had was learning how Tenable.io worked since none of us had experience with it before. After Joshua gave us a walkthrough on how to use it we were fine. That was until we performed scans that didn’t work. We were able to perform scans and get them to show as complete. However, when we would go in to generate the report for the scans it would be empty. For like a week and a half we were all stuck trying to figure out what was wrong. We didn’t know what was wrong and The City didn’t either. It wasn’t until our on-site trip we discovered you had to be directly within the network “on-site” to perform scans. Any scan outside of the network wouldn’t be validated.
Recommendations:
My advice to future interns would be to be more open in the decision-making process. I didn’t agree with everything me and my team did. However, that’s the beauty of it, how we all have different thinking processes and that’s what you need. Instead of focusing on yourself, I would tell them to adapt to the team and figure out a way they can bring it all together. Next, I would tell them they need to get together and evaluate each other on their qualities. They need to find out early what their strengths and weaknesses are so they can start working on them. This will help them out when they are performing their risk assessments and final projects. When it comes to the risk assessments the best advice I can give them is to know their audience. Since class is only from 1:30-2:45. Depending on where they go it will take some time off the clock. It’s important they understand their demographic so they don’t end up wasting their time. I’ve learned the older generation “seniors” just flat out didn’t care or want to hear us out. As advice on the projects goes they should start as early as possible and add on as they go. This is something I wish we did. Create a set schedule outline of the different goals and project iterations you want to reach. In the end, this will allow them to have more time to reflect, edit, and practice for their presentation. It’s really about staying ahead of the curve because everything moves so fast after the risk assessments.
Conclusion:
My internship experience was nothing short of transformative, exceeding all my expectations and equipping me with both technical and personal growth. One of the most significant takeaways was learning to believe in myself and my abilities. This experience has instilled in me the confidence to pursue opportunities that might initially seem out of reach, a mindset that will undoubtedly influence my future.
As I approach my final semester at Old Dominion University, this internship has given me a clearer sense of direction and purpose. I now feel more prepared to tackle upcoming projects. Completing this internship has given me a new drive where I just want to complete everything. I want to complete my network+ and security+. I want to jump into my next classes and finish them. I want to jump right into another internship or job. I feel this void that needs to be filled with success.
Looking ahead to my professional career, this internship has solidified my interest in cybersecurity, particularly in roles like a security analyst. The hands-on exposure to identity assessments, vulnerability scans, and compliance work has shown me that I not only enjoy it, but I excel in these areas. Additionally, the challenges and successes I faced working with a team have prepared me to navigate the collaborative nature of the workplace. My internship has laid a strong foundation for my career path, and I am eager to build upon it as I transition into the workforce. Ultimately, this experience has been a milestone in my academic and professional journey, affirming my ability to rise to challenges and grow through them.
I feel this is already a well-structured course with each part having its own benefits. My only change would be to see if you can get more city governments involved. Far as The City of Norfolk, Hampton, Portsmouth, and even Virginia Beach. I feel that would broaden the experience gap that is lacking within some groups. If this is something you would consider then The Valor experience would have to be shortened maybe just for the fall semester. There is a lot more time to follow the course schedule in the spring than it is in the fall. The fall semester has too many breaks that interrupt the internship experience. Other than that I would keep everything the same.