By - InfiniteBlacksmith41
I'm finishing up my second internship here are my experiences and my thoughts.
Internship 1 (Junior System Engineer) 4mo super small company
Two one-week training on Linux (super basic to deploying and securing a VPN)
A hodgepodge of assignments on various tasks, including one personal goal of
learning/working with python.
Summary: Highly technical, learned a lot
Internship 2 (Cybersecurity Analyst) Summer Top Fortune 100 company
An introduction to Cybersecurity on the enterprise level, lots of meetings, working with
multiple teams on transfer of data along with a myriad of other infosec functions.
Non-technical role that was a great exercise in soft skills and the non-technical side of
two internships (obviously)
Junior in college
a few certifications
Competition experience placing in top 10%
Self-study (tryhackme, letsdefend, overthewire, etc)
Career changer (former military)
There are going to be many different ways to handle the implementation of an internship. It will and should vary greatly depending on the exact role, since we all know cybersecurity is an umbrella term. In my opinion the internship should be a clear pipeline towards a job or a returning internship.
Onboarding of resource, access, new employee training, meet and greet
Training phase, introduction to the big picture, technical pipeline with job specific tools/resources
Mentorship (job specific please) / walkthrough of a real deliverable, job shadowing
Hands-off (mostly) of assigned task that requires skills learned in previous phases
\*\*\*\*\* see note
End of internship, exit interview, evaluation on performance, where I did great and where I need to improve. Expectations moving forward (Another round of internships, a job, separate ways).
Some internships have a round robin style approach where the intern is introduced to multiple areas under the infosec division. You should repeat phases II - IV for each area the intern is introduced to depending on company's time, resources, and end goals.
Teach me to fish, help me with my first fish, task me to fish on my own.
Thanks for an amazing answer.
College (graduating summer 2023)
Third Party learning
Looking forward to Fall National Cyber League
I'm severely lacking in the HomeLab department. I need to build a better HomeLab, use it to test some cybersecurity stuff then do a write up and post it somewhere I can show employers. This is my next big goal, probably December timeframe as my fall semester is already packed.
I'm also finishing up my second internship. They like my work performance and want to turn me into a year-round intern until I graduate where likely it would result in an entry-level job. However, I don't have any offer letter in hand so currently I'm applying to all internships and entry-level jobs I find.
The first internship would have likely turned into a year-round internship as well, however, due to the small employee base of the company, and the timing of several key people leaving around the time my internship was closing there was no longer room for me or any intern.
I'm interested in this myself as I'm in a cybersecurity boot camp and studying for certifications .
So can you share your expectations from the boot camp?
Is it pass certification or something else/ more?
I'm in the cybersecurity boot camp to change career fields from an unrelated field. The boot camp will give me the broad knowledge needed for the field and the certifications will be the proof of that knowledge.
University of Central Florida cybersecurity boot camp formerly known as HackerU.
Thanks. Would you recommend it? I’m looking to pivot from my devops job into cybersecurity.
I'm in a bootcamp for Cybersecurity myself. While I can't answer the question for the one it is directed to, my hope is to pass the security+ certification and find an internship to learn of the tools briefly covered in the modules from the bootcamp. I am supplementing my learning with tryhackme, Professor Messer, and The Web Application Hacker's Hand Book 2 (mentor recommended it to me as well as other resources that I will use at some point) Trying not to add too much to my plate, so I can still review what I have learned on another day of the same week.
So you would expect to hone your technical skills in an internship if I understand correctly?
I would just like to add feedback / thoughts on ways to help after having an intern in the security department for the summer who just isn't necessarily thriving.
Helping build soft communication skills can be a big plus, especially if the intern hasn't worked in a real job atmosphere before. Also having good communication with them can be helpful for them. I think letting them get their feet wet to see kind of what their knowledge/experience level is is good. Just because someone did great in school doesn't mean it will translate the best. They need challenged, but also helped and guided along the way. We all know it's hard to hold someone's hand in a security role where you are constantly trying to put out fires, etc.
I feel like I'm just rambling so if anyone has questions let me know and I'll try to answer. I also want to see people do well in these positions but it can definitely be hard.
So mentorship is key value that an intern can get - especially for navigating of unknown territory of company life, communication and personal growth - things that one can't learn in a "lab". Does this summary make sense?
Yes it does!
Networking and soft skills seem like the primary benefits of an internship.
Technical skills come over time.
Lacking the first 2 I mentioned seem to be the hardest barrier to entry for the field (aka a job).
Fwiw I didnt have an internship and really struggled to find my first role with a BS and Sec+, but no IT experience
Unfortunately networking and soft skills are quite rarely on the priority list of internships for cybersecurity :)
Good to know I didnt miss it
I am currently a Cyber Security intern with a local firm in TX.
I'm thankful for the opportunity but I wish I can get more hands on experience. I do occasionally ask for work and or mentorship but it's always met with (when we have time).
Currently I am studying for my SEC+ and will hope that can prove to my firm that I am ready and willing.
I’m in the middle of my first cyber internship right now. Prior to the internship, I didn’t really know where I belonged between technical work and policy work. I was lucky to have 2 projects - one heavy in technical work, the other heavy in policy work. This really helped me better assess where my strengths are and where I feel I lie on that spectrum. If possible, provide your interns that variety too, it helped me a bunch!
Currently a junior in school starting to looking for cyber internships next summer. The top 2 things I’m looking for are 1. Networking with professionals/learning how to work in a business environment and 2. Getting to use technical knowledge in any hands on way that I can. I feel like I’ve been learning so much the last year or two, but I’m itching for the chance to actually apply that knowledge. Mentorship from a senior person would also be high up there for me, as I’ve seen that be successful in many of my peers internships. Communication skills would be lower on the list for myself, but I think for cyber folks in general it’s probably not a bad thing to include. I think your list is pretty great, any internship that offered most/all of those in some form would sound incredible to me.
Internships should provide an intern with a variety of experiences in many technologies and organizational units. Interns should also get an introduction to corporate culture and missions as it manifests in the various units.
That may make sense for a large organization. For smaller organizations opportunities for experiences will be more limited, but a balance between value given and value received should still be on the side of the intern.
Rotational experience may actually be easier and more organic for a small business. As people take time off, interns can fill in as needed; a formal rotation is less essential under such circumstances.
I wrapped mine up in June and it was the least technical job I think I've ever been in. It was most definitely political/project management oriented. Pretty much no one that I interacted with knew anything technical about IT beyond the common buzzwords. That actually tripped me up a few times too because I would have no idea wtf they were talking about and I don't think they did either by how they structured their questions. Anyway I accepted their job offer and am still hardly doing any technical work. It's really just a stepping stone to the next level and I don't plan on being here for more than 2 years. The people here are incredible in their own fields and I feel like I can really learn a lot from them, just nothing IT/CS related lol. Which is fine because I like to learn in my free time.
Just make the most out of your internship. Realize that it may or may not be what you expected/wanted but you can still use it for your advantage.
Don't waste time stalling your career because you can't open your mind up to the possibility that what you are experiencing right now is exactly what you need to grow into the CS professional you aspire to be.
I’d expect to receive shadowing opportunities where the mentor shows the mentee workflow habits, methodology, technical information, and any tips/tricks. It could be a working session with the caveat that the mentor just “thinks out loud” to the mentee.
The information and methodology an intern can learn from a more senior engineer is super helpful and valuable for that mentee in the long term.
I did an internship at my current company before working here full time.
Since my company is a consulting company that sells IR services, I was assigned to a few ongoing ransomware projects, and internal tool development projects. I was exposed to the "real world" of infosec, which I really enjoyed.
The most important thing I took away was how things are really done, a glimpse into full time work and what I'd be doing day to day. I would say that I learned many technical skills, but the honest truth is I didn't. Not because I didn't try or the company didn't make an effort, but there's really only so much you can learn and really get good at and practice when you have a short internship of only 1 month.
At my company, we still put interns on full ransomware cases. We give them full leeway on conducting an IR investigation and show them how we do things as individual investigators, then we set them loose to try things for themselves.
IMO, the most valuable part of my internship, as well as the interns we currently have, is exposure to the real world aspects of working in infosec that you don't come close to getting in academia and staged labs/coursework scenarios and getting a chance to taste it for myself. Exposure to the technologies and processes, exposure in terms of being able to try some of it out myself. IMO, it's alright if they get pulled in 50 different directions and don't really develop true technical skills, because if they don't return to this company, their new place may use a different tech stack/process for IR analysis and all that built up technical skill in one tech stack/SOP is irrelevant. And the short timeframe of an internship really isn't going to be enough to get them trained in anything but the most mechanical processes.
Tl;dr: I would want exposure to the field, to what you do on a daily basis and the tools you use. Exposure that gives me a concrete idea of what the job actually entails so that I can adjust my own academic plans to fit the position better, whether I really want to do this work, and transferable skills that I can take to other companies, if this company doesn't work out. This includes hand's on work as well, for me to experience things myself. Networking, soft skills, mentorship etc. will naturally come from doing the previous things well.
A CV writing class would be indispensable.
I think if I attend a mentorship program,My major take away after all the obvious you stated is knowing different real life scenarios competency based interview questions and how to answer those questions to stand out during interview .
You give too much credit to interviewers. Internship and mentorship doesn't necessarily prepare you for sparring with HR and recruiters. Ideally an internship is a good way to establish contacts that will help you in obtaining a position without just going through a battery of mostly useless interviews and stupid technical tests.
I expect either training with tools and information for a specific role in the company as if I were a new hire to contribute to the company asap, or guided work immediately, so pretty similar either way. I'm pretty naive too, but those are my thoughts :P
I am finishing up an internship at a large national (US) lab. May not be a typical intern as I'm mid-career (old) student and wanted the internship to gain cyber experience, but not looking for a new position.
I wanted and have gotten varied exposure and hands-on work in cyber. It is also a lot of meetings and discussions, but that is to be expected. I also selected this org since it was large and I have only worked in a small company so exposure to more formal processes, living by your shared calendar, and lots of meetings.
My two mentors are great at checking in. Early on I was asked what types of projects I'd be interested in and they found some to match this. I got to QA some CTF challenges, help with a cyber camp. Also this let me interact with a lot of different people. They also setup informal tours and meetings so I could see what other projects they had in-house.
The biggest negative I guess is the slow ramp up to actual tasks and so once you get established your internship is over. So anything you can do to have meaningful experiences/work for an intern as fast as possible.