Reflections of an Intern: My Cybersecurity Career Path

By Tim WellesCybersecurity career path

Every year at the end of Christmas break, I sit down and make a list of places where I would like to intern the upcoming summer. A summer internship at Sword & Shield Enterprise Security has been at the top of that list for the last 3 years.

My first internship was focused in the IT/network operations area. While it was interesting, I quickly learned it was not something I wanted to do for the rest of my life. From there, I moved towards programming and landed an internship as a software engineering intern. That internship proved to be much better than the last and taught me skills I would not have learned in an academic setting; but from that internship I knew I wanted to move towards a cybersecurity career path.

The moment my new boss said I got the job at Sword & Shield Enterprise Security, I was “all in”. Now that I have completed my internship, I thought I would share my reflections of my time at Sword & Shield and my cybersecurity career path.

Coming in to the position, I knew I wanted to do “cybersecurity” but I really didn’t know much past that. My goal for this internship was to come in and get a good lay of the cybersecurity landscape. I wanted to really get a good grasp on what was out there and exactly what the security analysts at Sword & Shield do.

The internship itself was unlike any other internship I have ever had. The main reason, in my opinion, it exceeded all my expectations is that it was much more structured than other internship “programs”. Russell Van Tuyl, the managing consultant who oversaw my activities, has a plan for his intern besides to just “sit there and soak up knowledge”.

Russel structured my internship in such a way that it accomplished the two main goals of any internship very well: Goal number one is for the intern to further his or her knowledge and to work towards a specific goal or end. The second goal is for the intern to provide real value to the company.

Russell spent an allotted amount of his precious hours helping me learn in mentoring sessions which were just amazing. He didn’t just tell me to follow his employees around to learn what they know. He had them teach me certain skills from time to time, but he also took his personal time to help me learn and grow my cybersecurity knowledge. In addition, I was able to go ask him questions at any time during the day or night.

I also liked his hands-off approach regarding working on a project. It took me a bit to get used to but I really liked it once I became accustomed to it. He gave me an assignment and then I had to research it until I could go no further. At that point, I asked for help. This helped me get my hands dirty and actually learn all different aspects of the skill versus just being spoon fed the answer every time. If spoon feeding me the answer to every problem I had was the way the internship had been structured, it is very unlikely that I would have learned anything.

There was never a dull day at Sword & Shield. The first day of my internship was the day Wannacry ransomware hit the world and there was a lot of energy at Sword & Shield. There were even camera crews that came and put us on the news to explain how Wannacry worked and how to stay safe.

Over the course of the summer I worked on my project as well. This was to set up a web front-end and wrapper for hashcat installation in the office.

The hashcat wrapper for distributed hashcracking project was a perfect pick for an intern such as myself. It gave me something to do that I feel will add value back to this company well beyond my time there, and accomplish work they needed to be done. At the same time, it taught me a lot about password cracking and Linux in general, as well as some general networking skills.

The best part of the project was when I finished and the team actually started using it in their penetration testing services. This made me feel like I was making an impact on the company vs. working on a side project that would not be utilized very much.

My other day-to-day duties also helped tremendously to advance my knowledge about the process of penetration testing.

As I mentioned earlier, before coming to Sword & Shield I had little knowledge of cybersecurity. I captained a team in high school to compete in the Air Force Association’s CyberPatriot competition, and during my freshman year of college I regularly attended the cybersecurity club “hackUTK”. In addition, I participated in multiple cybersecurity capture the flag (CTF) competitions. Though these are all information security related activities, I had never actually done a penetration test.

I wrongfully assumed it would be something like a CTF, maybe scanning through code for hours to find and exploit flaws that would immediately take down the entire organization. On the flip side, I thought if I wasn’t going to be scanning code for hours, I would be lock picking my way into office spaces and physically compromising the servers. While neither of these assumptions are completely wrong, it turned out to be much more complex than this. Towards the end of my internship, I even started actually doing what the professional pen testers were doing in addition to shadowing them and learning from them. I started to run scans, check vulnerabilities and generate reports. It was truly an eye-opening experience.

In addition to my summer project and regular daily activities, I had a chance to take part in the general weekly office education. Russell is very interactive with his team and is always pushing them to learn more and gain more ninja-like penetration skills.

He does this in two ways, both of which I had the chance to participate in:

  • The first way is the Friday Tech Talks. These gave me a real taste of what pen testers in the industry are paying attention to and learning about.
  • The second way is a monthly leadership board. Points can be earned by completing challenges like, a CTF or writing an article about a tool. The whole environment here seems to be academic and moving forward, as opposed to just knowing something and doing it. I really like that.

It wasn’t all work at Sword & Shield. My team knew when to take much-needed breaks. We played foosball, smashed each other in Injustice 2 on the Xbox, and watched each other exploit systems through the power of screen share on Microsoft Teams.

As the end of my internship drew near, I couldn’t help but feel as if I got what I came here for and more. Sword & Shield was an amazing environment to take my first step into cybersecurity. I had plenty of opportunities to learn from all of the pen testers here, not only in a professional setting but also in a social setting such as lunches. I even got to meet some of the other pen testers in Knoxville at the “Knox area pen tester lunches”.

This internship has shown me what directions I want to explore and head in for the rest of my career. I think I have finally found a home in cybersecurity, but now I want to take what I have learned and really see if I can specialize in red team assessments, attack scenarios in which “everything is game” in testing an organization’s security posture.

I have returned to school with a solidified path and look forward to graduating and pursuing my cybersecurity career path.

If you are interested in an internship with Sword & Shield Enterprise Security, visit our Careers page to learn how to submit your résumé.


Tim Welles 150x150 - Reflections of an Intern:  My Cybersecurity Career PathTim Welles is a student at the University of Tennessee. He is majoring in computer science with a focus in cybersecurity. He plans to pursue a career in cybersecurity after graduation.

Sword & Shield specializes in security, risk and compliance assessment, managed security services, enterprise security consulting, security incident response and forensics, and technical solutions.


edge security conferenceEDGE Security Conference is an annual event presented by Sword & Shield Enterprise Security, Inc. EDGE2017 is focused on exploring real-world solutions to today’s toughest cybersecurity challenges. To learn more about EDGE2017, visit www.edgesecurityconference.com/.

 


Comments are closed.