Introduction

            Beginning an internship in cybersecurity at Tower Federal Credit Union has opened my eyes to the real-world aspects of protecting digital environments. The purpose of this paper is to provide an overview of the dynamic field of information security by sharing the worthwhile experiences, difficulties, and lessons I encountered during my internship. Through this internship, I’ve gained personal knowledge of the daily operations of the cybersecurity field, from analyzing threat landscapes to working together on security standards.

            As technology continues to advance, the demand for cybersecurity professionals is on the rise. Selecting a career in cybersecurity appeals to me for several reasons. It offers a variety of career pathways within the broad field of information security in addition to employment security. The field offers possibilities for lifelong learning, keeping experts knowledgeable of emerging technologies and security risks. The industry’s competitive pay is another factor that adds to its appeal. Therefore, I made the right decision by selecting a cybersecurity internship at Tower Federal Credit Union, which precisely matched my future objectives and desires.

            Moreover, there were three specific objectives I hoped to achieve during this internship. The first objective was to gain practical experience. Take what I have learned in my courses and apply it to real-world situations, cybersecurity technicalities but also being able to communicate on a professional level about a topic of concern. The second objective was to begin building a strong professional network because an internship provides an excellent environment for creating professional relationships. The third objective of mine was to make a valuable contribution to my organization. In doing so I hoped to achieve positive references and potential job offers in the future.

            Tower Federal Credit Union was formed in 1953. Since, Tower has grown to be one of the largest federal credit unions in Maryland. As a financial institution, Tower Federal Credit Union offers many services including checking and savings accounts, credit cards, auto loans, and mortgages. Tower has many major customers but one in particular that stands out is the National Security Agency (NSA). Tower efficiently secures thousands of NSA employees’ sensitive information.

Internship Experience

During the initial weeks of my internship, I dove headfirst into a steep learning curve, encountering numerous unfamiliar topics, procedures, and methods. I proactively seized the opportunity to familiarize myself with my colleagues, explore various departments within the headquarters, and acclimate to my workspace. This immersive week not only facilitated personal connections with colleagues, who generously shared life experiences and valuable career advice, but also provided a high-level overview of the department’s regular use of various programs, software, and systems.

At Tower, the atmosphere is nothing short of exceptional, encouraging a culture of warmth, understanding, and mutual respect. A great environment for a young professional learning the nuances of information security. At the helm of this positive environment is our boss, Phil Mellinger (Vice President & Information Security Officer), who demonstrates extraordinary leadership qualities with profound experience. His approach is marked by genuine understanding, offering a supportive hand rather than a critical one. Mistakes are not met with reprimands, but rather viewed as opportunities for growth and learning. This attitude permeates through the entire team, creating a space where individuals feel empowered to take risks and express their creativity without fear of judgment. The sense of togetherness is substantial, and everyone, from colleagues to superiors, contributes to the familial atmosphere that defines Tower’s workplace Conversations with my parents and coworkers have taught me that this is a unique setting where every team member is not just an associate but a valued member of the entire company.

For my major assigned projects, I created four operational playbooks to support the department’s upcoming project to implement a Security Orchestration Automation and Response (SOAR) system (Tines).  The playbooks targeted designing automation of two services and backup processes. I subsequently presented the completed templates to the entire Information Security team.  I also composed an Incident Response Summary Report of a third-party vender compromise plus drafting an API Security Standard. My information security department provided my synopsis of the vendor compromise to Tower’s President/CEO Richard Stafford, and the Board of Directors. 

I was responsible for directly supporting Information Security’s, Security Operation Center (SOC) daily processes for investigating, triaging, documenting, and reporting suspicious activities.  To support the SOC processes, I conducted remediation activities such as regulating the enforcement level of servers to allow file executables to run and support software installations or upgrades, granted temporary approval access requests of employees to support necessary business operations, and validated servers were both operating under the correct version and communicating/connected to the requisite consoles. In addition, I participated in daily Information Security team updates and weekly meetings. I also attended weekly triage meetings to identify, prioritize and resolve cybersecurity threats and vulnerabilities across Tower’s infrastructure along with participating in the Information Security Governance Committee.

The specific use of skills or knowledge of mine that were utilized during my internship with Tower were primarily my writing and problem-solving skills. Prior to my internship I had familiarity with several cybersecurity areas including Linux shell scripts, network system security, and a fundamental foundation of cybersecurity principles. Furthermore, during my internship I gained insightful knowledge in many categories such as Splunk, SOAR, incident response and PowerShell.

How ODU Prepared Me

Therefore, Old Dominion University’s curriculum accelerated my ability to learn on the job. With a foundational understanding of cybersecurity and its methods I applied all I learned from my courses to my day-to-day duties at Tower. Courses taken at Old Dominion that prepared me most for my internship with Tower were Introduction to Cybersecurity, Networked Systems Security, and Windows System Management and Security. The primary lesson learned from my courses that resonated the most was the C.I.A. Triad. Tower’s information security department emphasized the importance of the C.I.A. Triad daily, informing me that everything performed in the department refers to the Confidentiality, Integrity, and Availability of systems and information.

            Prior to my internship with Tower there were three objectives that I sought from my internship: gain practical experience, begin building a strong professional network, and make a valuable contribution to my organization. I am proud to have achieved all three of my objectives. During my internship with Tower, I gained practical experience specifically within incident response, and our Security Operations Center (SOC). I also managed to build great relationships with not only the people in my department but with our CEO/President, Senior Vice President/Chief Experienced Officer, Alvin Smith, and Vice President Sandra Covington. Moreover, I actively engaged in various projects and tasks, consistently demonstrating a strong work ethic. My ability to grasp new concepts and technologies allowed me to make significant contributions to ongoing projects. Additionally, I effectively communicated ideas and collaborated with colleagues. Whether it was handling challenging assignments or offering support to team members, I approached each task with enthusiasm to deliver high-quality results. Overall, I truly believe my contributions played a valuable role for Tower’s information security department.

Aspects of Internship

            The most motivating and exciting aspect of my internship with Tower was the opportunity to hear the experiences of my colleagues. Their experiences acted as genuine sources of motivation, encouraging me to actively seek a job in this field. Furthermore, working alongside individuals who held fascinating positions with top security clearances for the government was particularly impactful. Listening to the success achieved in their careers only fueled my aspirations for personal growth. Additionally, the intelligence displayed by my peers was truly motivating because their ability to work effectively and productively was a clear indication of the great deal of knowledge they had accumulated through their careers and experiences. The total knowledge of the team served as a constant reminder of the high standards I aspire to achieve in my own professional journey.

            Conversely, I would not categorize any aspect of my internship with Tower as discouraging. I have nothing but appreciation for Tower for giving me the opportunity to begin my young professional career but if I had to choose, I would say it was quite humbling to realize that my colleagues possessed significantly more knowledge than I did, a circumstance I had anticipated. In the initial days, it felt like I was thrown into the deep end, but I am very grateful that my department was very patient and understanding during this learning curve.

            The most challenging aspect of my internship was during my last week when I was assigned to compose a draft of an Application Programming Interface (API) Security Standard. Tower is transitioning to API/Apps’ and aimed to assess my understanding of the subject matter while also establishing a foundation for their future API security standard. In preparation for my final assignment, I aimed to submit quality work. To achieve this, I dedicated a week to learning about API and its security from scratch before initiating my writing process. Once I had brainstormed and developed a clear approach, the actual writing became more straightforward. I submitted my draft of the API security standard just two days later and received positive feedback.

Conclusion/Recommendations

            I advise future Tower interns to maximize their time wisely by absorbing as much knowledge as they can. The environment is not one of criticism but of encouragement and guidance. Throughout my internship, my focus was on demonstrating my commitment to my peers and superiors. Whenever guidance or knowledge was offered, I eagerly embraced the opportunity to learn and apply new skills. For instance, my curiosity about cybersecurity certifications led me to seek advice from my boss, Craig. He recommended starting my certification journey by pursuing the Certified in Cybersecurity certification offered by ISC2. Rather than merely discussing the idea, I took tangible steps each day. I utilized both my work hours at Tower and my spare time at home to prepare for the certification. In just a month, successfully passed the exam on my first attempt. The genuine care and congratulations from my peers emphasized a supportive culture that I deeply respected and appreciated.

My time with Tower has had a profound impact on the trajectory of my college journey, shaping my understanding of what I truly aspire to achieve in the future. I’ve taken proactive steps to extend my learning beyond the limits of my Old Dominion University curriculum. During my free hours, I’ve committed to studying for a new certification, the Security+ by CompTIA. This serves as a dual purpose of enhancing my resume to be more appealing to potential employers and deepening my knowledge in the field of cybersecurity. The internship experience has provided invaluable clarity regarding my career aspirations. While I initially aimed for a career in cybersecurity, this experience has solidified my commitment, driving me to seek every possible advantage that can propel me closer to my goals.

            In summary, during my internship with Tower, I set three specific objectives for myself: gain practical experience, build a strong professional network, and make a valuable contribution to the organization. Throughout my internship, I played a pivotal role in major projects, a total of three that had a positive impact on Tower’s organization. I also supported our SOC conducting remediation activities, regulating servers, participating in daily team updates, weekly meetings, triage meetings, and our Information Security Governance Committee. The supportive culture at Tower, combined with challenging tasks, motivated me to excel and further solidified my commitment to a career in cybersecurity which enabled me to achieve the objectives I initially set, allowing me to gain practical experience, forge professional connections, and make meaningful contributions. In all, I had a great internship experience that was full of learning, networking, and future opportunities. On my last day I left and made sure I showed my appreciation for everyone that helped me along this journey. I am proud to be a part of the Tower family and will forever be grateful for the opportunity.