The college year is rapidly coming to a close, and for many students who are in their early college years, an internship is usually part of the summer plans. With the growing interest in cyber security and infosec, as well as the increased availability of cyber security programs in many higher education establishments, some students are entering the workforce as cyber security interns.
In most organizations, the cyber security roles are rather sensitive positions where sensitive and sometimes confidential information flows. This presents not only a problem but an equally unique opportunity when bringing an intern into the security practice. On the one hand, how much information can you allow an intern to see? On the other hand, if cyber security is the chosen path of the intern, what better time is there to learn the ethical obligations of the job?
Many of our young cyber security folks are drawn to the profession because of the “cool hacking” aspects, so how can you make the internship interesting, ethically sound, and productive? Here is a roadmap that you can use to make the internship one that keeps the cool factor at a maximum:
Weeks 1 and 2 – a tour of some of the tools of the trade.
Your intern will need more than one machine to work with. Their corporate workstation is where they can access any network resources they need. This is also where they can take notes and prepare any progress reports that you require. The second workstation is the one that they can use as their playground.
The first week of the internship should be used to build the machines that will be used during the internship. If your intern is not already familiar with Kali Linux, this is the perfect time for learning the installation process (on that playground machine) from the simple live installation and then moving on to creating a bootable USB (which also makes a nice parting gift for the successful intern). Once installed, familiarizing oneself with incredibly endless amount of tools available in that distro will occupy the remainder of the second week.
Week 3 – learning some of the monitoring tools in the organization and how auditing works
This is the time where the intern should be given view-only access to the SIEM, IDS/IPS, and malware prevention consoles that you use in your practice. Be prepared for many questions, all of which you may not be able to answer! This is also the time that you want to introduce your intern to the auditing process in the organization.
Weeks 4 and 5 – living at the packet level, encryption, and backups
If your intern has not already started using Wireshark to examine some of the traffic flowing across the network, this is a good time for that. During these critical weeks, you should also take some time to review some information security history, such as the history of encryption, malware, and how it has progressed. Some experiments with these technologies will also provide valuable insight to the young infosec professional. Of course, before embarking on any experiments, the value of backups must also be explored!
Week 6 – time with the sysadmins and policies
Anyone who works in information security knows that the job cannot be effectively done without close collaboration with the system administrators. Make sure your intern knows how to work with them. This is also a good time for the intern to become familiar with the policies of the organization. A review of patching policies, mobile device policies, and all other asset-based policies will give your intern a true sense of the breadth of the infosec profession. Perhaps you can task the intern with writing a mock policy so that the language of policy can be distinguished from guidelines, directives, and procedures.
Weeks 7 and 8 – Social engineering and Forensics
As the internship winds down, the intern should be exposed to the concepts of social engineering and the forensic practices in your organization. Many young folks are unfamiliar with some of the basics of where information can hide as well as how to gather information from the humans.
Weeks 9 and 10 – tying it all together
The final weeks of the internship are a time to reflect on everything that was accomplished and to further discuss many topics that were overlooked (with an eye towards the intern’s return next summer).
Creating a fun and rewarding experience
Engaging an intern is both a rewarding and a learning experience for everyone involved. There is simply not enough time in the short span of an internship to teach everything to a visiting student; however, I hope that this short roadmap can spark some ideas about how to make the infosec internship a fun and valuable learning experience.
To read about one student’s experience interning at Tripwire over the summer of 2016, click here.
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.