Five Questions for Five Enterprise Security Interns

 Victor Cuarton, Adam Creech, Wesley Brown, Rebecca Hu and John Sparks.

2016 Enterprise Security Interns (left to right): Victor Cuarton, Adam Creech, Wesley Brown, Rebecca Hu and John Sparks.

Winter is coming! IT Security professionals at every organization know that at some point they could be under some kind of cybersecurity attack.

If you’ve ever watched the television series "Game of Thrones" or read the original George R.R. Martin books, you’ll recognize "winter is coming" as a phrase used to express that good or lighter times (summer) are eventually followed by darker (wintry) periods, for which we must be prepared.

It’s the need for such preparedness that drives the information security industry and the demand for professionals to work in that field. At Ohio State, we have an Enterprise Security internship program to help us develop up-and-coming security professionals for our community and our institution, to aid in thwarting such attacks.

"Enterprise Security worked with the College of Arts and Sciences and the College of Engineering’s Computer Science program to develop internships that meet a very specific need in the community," says Chief Information Security Officer Helen Patton.

"Central Ohio has a shortage of qualified, experienced information security professionals. Ohio State’s classrooms are already turning out professionals who have the right knowledge and qualifications, but this internship program takes the next step. Interns are getting real-world experience as they help ensure the university is appropriately managing threats and resources to provide the best defense possible while supporting the mission of the university."

The best way to gain insight into the effectiveness of the program is to hear it from the students themselves. We posed five questions to the five members of the current internship team which includes Wesley Brown, Adam Creech, Victor Cuarton, Rebecca Hu and John Sparks. In the expanding sections below, each student’s answer to one question is shown, offering a glimpse into their personal internship experience. Be sure to check out this link to read each student’s answers to all five questions and see all their candid feedback.

  • (1) Describe the specialization aspect of the Enterprise Security internship.
    • From Adam Creech
      "During the first five weeks of the program, the five of us moved between five different departments within information security and then we were each assigned to a different group. I originally went into this internship expecting to get some good experience, but I honestly did not expect to enjoy what I’ve been doing as much as I have."
  • (2) Is there anything in particular that you would like to share about your experience so far has been helpful to your future security-related career?
    • From Victor Cuarton
      "Working with all the Enterprise Security groups and meeting each team member was very helpful and provided an overview for each team member’s contribution. Andrew McCabe was very helpful by teaching me different ways of protecting my personal computer. Dan Struble taught me about vulnerability management, Brett Cosma taught me about Dell Data Protection Encryption (DDPE) and Robbie Gordon taught me a loy about mobile device management. Ryan Treptow gave a closing presentation on InfoSec that was also very enjoyable. In addition, I was also able to sit with vendors from Tenable to go over Security Center and its features, which was pretty interesting. Gary Clark and his team helped me realize the importance of security. For example, every time I use a vending machine or anything requiring a card swipe, I give a quick tug on the machine to see if anyone put a skimmer on it. I also learned about the policies and procedures as well as how phishing plays a big part in day to day email traffic. Steve Romig and his team showed me their server room, demonstrated Splunk and explained ways someone can attack another person or organization. Jason Miller and team taught me a lot about virtual machines and Geoff Shoupp showed me how he uses Python and his programming skills to save time when analyzing and organizing data. The firewall team showed me the process to access or deny requests, the virtual machine team showed me that there is a lot more to creating a virtual machine on your own PC than you might realize. Rich Nagle and his crew taught me about the approval processes, two-factor authentication and Duo multi-factor authentication and the importance of identity management."
  • (3) Have you learned anything that surprised you or changed a misconception you had?
    • From John Sparks
      "Throughout my short time in this program I have become more aware of some misconceptions I had on certain topics. This learning process has been very surprising in many ways! For example, at the beginning of the internship program I was confident in my ability to define information security. Throughout my rotation, I asked someone from each group to give a definition for information security. This question produced a lot of different responses. It seemed that everyone defines information security in their own way. So I have come to the conclusion that information security is comprised of multiple parts, and cannot be effective unless all areas are working correctly."
  • (4) How do you think the Enterprise Security internship will help you after graduation?
    • From Rebecca Hu
      "The experience is definitely going to help after graduation if I pursue the route of a security career. As we’ve discussed, Columbus has the "happy problem" of having more open security jobs than people who are qualified to fill them. Another great way that this internship is shaping me is through the opportunity to deal with so much data. Not many people can say that they have had the opportunity to deal with many clients that are the size of Ohio State."
  • (5) Do you have any advice for the next wave of Enterprise Security interns or to students who are considering careers in the information technology and security field?
    • From Wesley Brown
      "I would suggest that anyone looking to get into both the Enterprise Security internship program or the information technology and security fields in general, should go out and start teaching themselves. Learn as much as you can and aim to learn something new or improve upon something every day. Let your curiosity about technology guide you to what to learn. Knowing even a little bit about a lot of things will go a long way and being a life-long learner will help immensely as the technology field never stops changing."

Many thanks to our Information Security interns Wesley Brown, Adam Creech, Victor Cuarton, Rebecca Hu and John Sparks for taking the time to share their experiences, energy and enthusiasm.

Do you want to know more? Here is how the Enterprise Security internship works:

  • Begin the three-year program in the summer between first and second year of coursework
  • Work with the Enterprise Security team full-time during the summer and 20 hours per week during autumn and spring semesters
  • Rotate through different security functional areas during the first year
  • Choose a concentration in the area of the student’s choice (based on availability) for the remaining two years
  • Participate in supplemental security training opportunities throughout the year (conferences, lunch-and-learns, etc.) from ES staff or guest instructors
  • Participate in local security networking groups
  • Work on assignments that are short-term (6 to 12 week defined efforts) or long term, participating in ongoing operational functions
  • Get paid for your skills and knowledge, while working a flexible schedule
  • Finish the program and be matched with external employers during the summer before graduating

Do you know a student who might be interested in applying?