Internships are often thought as one of the first steps when collecting “real-world” experience, encounters, and environments. An internship can be a great portfolio enhancer, provide learning lessons for students, and allow for the “application” process of academic studies to be utilized. At ECA Internships, our goal is to assist students looking to transition from academic studies to corporate settings.
“Cybersecurity” internships are not the most common types of positions offered in the corporate industry due to its requirement of skill specialties, a risk of breaching company confidentiality, and the specific requirements needed when being a security intern.
In addition to the scarcity of internships offered overall, the competition is intense with individuals competing against talented, skilled, and advanced students all around the nation/world.
Types of Cybersecurity Internships
There are five main types of cybersecurity internships offered to students. These five types of internships can be broken down into multiple sub-internship positions. Keep this idea in mind when applying for a security intern position and building your resume.
- Cybersecurity Analyst: As an analyst you will support a team of people to identify and assess the capabilities, activities, and logs of an adversary. You will be expected to collect, analyze, process, and disseminate cyber alerts or threats while assessing the network for any potential alerts. In addition to monitoring the network, an analyst intern is responsible for incorporating security policies, implementing security awareness, and establishing a plan to combat potential threats.
- Security Assurance: Perform gap analysis of existing controls/regulations. As an intern you will compile and record controls for compliance while working with additional business units to catch and quickly mitigate potential security risks. An intern could also assist in publishing risk reports, conducting a risk assessment, creating/collecting required documentation, and configure reports/user account management.
- Application Security: Assist and perform in activities such as penetration testing to review internal applications of an enterprise. Highlight any vulnerabilities to remediate efforts or develop new automations to harden system applications. Gain an understanding and participate in the secure software development lifecycle. Provide viable feedback and input for an organization to improve the overall security of a system. Follow and demonstrate an understanding of the penetration testing methodologies laid out through specific standards. Probe and scan for vulnerabilities in client and standard applications.
- Security Management: Assist in the creation and review of policy documentation, develop additional security awareness training materials while supporting any additional problems with the training. Help the security management team in activities associated with security awareness and risk compliance. Create news articles, communication emails, and deployment of security products. Develop and procure business continuity and recovery procedures. Research and recommend overall security upgrades to an enterprise’s network.
- Network Management: Participate in the development/deployment of computer networks with a overall “security” in mind. Integrate and administer a network regarding switches, routers, firewalls, and network security appliance management. Respond and remediate security alerts regarding the network. Identify, implement, review, create, and define requirements for information security. Notify and alert other teams when system alerts have appeared. Reduce and remediate the efforts in false positives.
Building your resume
The ideal cybersecurity candidate has a mixture of technical and soft skills.
On the technical side, most employers want proof that you are:
- Grounded in IT fundamentals: e.g. networking, systems administration, database management, web applications, etc.
- Versed in day-to-day operations: e.g. physical security, networks, server equipment, enterprise storage, users, applications, etc.
For soft skills, they’re looking for candidates who:
- Know how to communicate with non-IT colleagues and work in a team
- Understand business procedures & processes
- Love to solve complex puzzles and unpick problems
How to Gain Practical Cybersecurity Experience
- Teach yourself to code. (Experts recommend this again and again.)
- Build your own computer and security lab using old PCs, your own wireless router with firewall, network switch, etc. Practice securing the computer and network, then try hacking it.
- Create an open-source project.
- Participate in cybersecurity contests and training games. e.g. Wargames, Capture the Flag competitions (CTFs), etc.
- Look for vulnerabilities on open-source projects and sites with bug bounties. Document your work and findings.
- Pair your cybersecurity certification exams with side projects that utilize the same skills.
- Offer to help your professor or employer with security-related tasks.
- Take free online cybersecurity Programs and Pre-assessment tests.
- Invest in training courses over and above your degree.
Networking and Volunteering
- Join LinkedIn groups, professional networks and security organizations.
- Attend local security group meetings and events.
- Collaborate with a team (at work or in school) on a cybersecurity project.
- Volunteer at IT and cybersecurity conferences.
- Volunteer to do IT security work for a non-profit or charity.
- Read IT and security magazines/news sites and blogs.
- Bookmark useful cybersecurity websites.
- Keep tabs on cybersecurity message boards like Information Security Stack Exchange.
- Run a background check on yourself to see if there are any existing red flags, then determine what you can do to address them. Security is a sensitive field and employers are looking for ethical candidates.
- Connect with ECA Internship experts who can guide you step-by-step and match you to the right internship program. Check out all internships available at ECA now.