The last 50 hours of my internship as a cybersecurity analyst at GFT have been very productive. In the last 50 hours I reviewed Governance documents for a client, engaged in finishing a proposal, and take another trip to a SCADA system to review the way they organize their documents and what security protocols are used in their systems.
The process of finalizing a proposal mainly involved me going through the documents and looking for better ways to clarify anything that could be confusing to the potential client. But reviewing the document gave me insight into the scope of the project, what all is needed for the client to be in compliance, and how we can help and what the cost is in a breakdown. Although I have mainly worked with and seen the documents typically associated with the projects, I have never really seen the administration insight into the cost and how much the client needs to provide in terms of funding for us to be able to make it happen. The costs were also broken down by our travel expenses, time with the client, and amount of man power required for each document. So even though it was not necessarily the most fun task, it gave me some valuable insight into the administration process pre-project.
We have been working to make governance documents for a large-scale client for about the past year. I have not been incredibly involved in the project since it had been going full scale since I got there. But now that all the documents are created and formatted, they wanted me and a few other analysts to go through each one and do a final revision. In going through these documents, I have gotten to see multiple examples of governance reports and what a well-done professional job looks like. And I also have been able to see various cybersecurity processes such as encrypting, securing data, and day to day networking explained on how it should be properly executed in an OT environment. The best part was that while going through it I was able to catch multiple mistakes and help add the the revision of these documents.
I had the opportunity to go on another trip to interview I&C operators at a water plant in Virginia as well as touring another SCADA system and being able to go through the process of how they store documents in person. My supervisor and I were also able to go over and explain to the person interviewed the threat America’s OT systems are facing in today’s world and what we can do to mitigate the threats as much as possible. Unfortunately there were a lot of threats him and his staff are completely unaware of such as foreign attackers, internal threats, and human error that could lead to detrimental cybersecurity problems. But during the trip we were able to get the information needed to be able to put together a secure document handling plan, incident response plan, and other governance documents that will help them become more compliant with government standards.
The fifth set of 50 hours were successful for me and I have been able to contribute much more than when I first started the internship. Now that I am affiliated with everybody and comfortable with the work environment I am able to really enjoy being a part of the team and communicate much more effectively. Here in the next upcoming weeks we are starting our project kick off and I will be going out to California to tour multiple cites for an electric water utility. The data we collect will be able to be used to get me enough work to finish out the internship and be an incredible experience for me.