During my fourth 50 hours as an intern at GFT I have had the opportunity to help with organization on projects, collaborate to make questions for clients, and learn about FERC governance.
My supervisor went over project organization and what it looks like when working with large scale clients with me. She showed me a bunch of different standards and strategies to make sure that there is a process of drafts, quality checks, and final reviews before the client receives the documents. I then got to put it into practice by creating multiple Excel spreadsheets to help track and review the documents and what is being done to them. The best part of this was that it also gave me a way to be able to review the documents already made so I could review them and then see what needed to be done. That gave me the chance to start creating some documents for the client of my own. The main focus for me was the OT incident response plan. By taking the notes from the meeting I had with the client I was able to make the plan and send it over to the group who are going to review it and schedule a meeting to go over it with me.
We recently secured a huge electric water utility as a client for a project that will take about a year and a half. Right now, we are in the initial stages of getting information gathered so we know where we are when starting the project. A large number of the questions I am responsible for coming up with stems from the software applications research that I have been doing. The main goal of these questions is to be able to engage with a client on a level that they would understand while still gaining the information needed to do a proper cybersecurity assessment. This is helpful for my growth because it will be good practice to learn how to talk about cybersecurity and effectively communicate with others who are not experts in the cybersecurity field.
FERC is a big deal at GFT since the majority of our clients have to constantly do assessments to make sure they stay in compliance. FERC is the Federal Energy Regulatory Commission. They have strong standards to make sure that energy utilities are properly conducting themselves to avoid widescale problems that could result in vulnerabilities from within the utility. A specialist who works for GFT named Alicia did a workshop for the entire safety and security division of GFT. During the workshop, I got to learn more about what FERC’s compliance standards are, how we assess clients FERC status, and how we can help them achieve compliance with FERC. She then went over multiple real-life examples of our past clients and what we did to make them FERC compliant. I took notes and then had the opportunity to ask questions at the end. This will be greatly beneficial for me in the upcoming projects we have since one of the most important aspects of the projects are about making them FERC compliant.
Overall, the fourth 50 hours of my internship as a cybersecurity analyst have been incredibly helpful for my learning. The more the internship has gone on, the more of a routine I have gotten in. I have had the chance to build connections with experts in the field while also learning a lot of practical skills in cybersecurity. In the upcoming weeks, I will have the opportunity to get involved in some more hands-on work. We have several trips plan including flying out to California to go through an electric water utility’s facility and gain a detailed inventory. These experiences are incredibly exciting and will further my knowledge in practical understanding of cybersecurity.