On graduating from Rochester Institute of Technology with a double major in Information Security and Forensics and Criminal Justice, my goal was to work at a computer forensics firm. Throughout college, I had completed internships as a Network Support Technician, a Cyber Intelligence Analyst, and had an ongoing job with campus IT support. These were all great introductions to working in the security industry. Now I was looking for a more varied and motivating role that would present me with new challenging problems to solve.
During college I took part in the US Cyber Challenge Summer Camp, where I joined a network of Cyber Security Professionals. This network introduced me to Stroz Friedberg, and I heard about the Cyber Associate Program. I was excited to find a full-time job that gave me the opportunity to do the type of work I wanted and also provided valuable training. The Cyber Associate Program was unique in allowing me to work in the areas I had studied – Information Security and Digital Forensics – and gain a completely new skill set in “Security Science” (i.e., working with organizations to proactively enhance their security posture).
My rotation in this new area exposed me to projects I had never encountered before. From the beginning, I was immersed in experienced Stroz Friedberg teams, working directly with client CIOs, CISOs, and network support technicians at a variety of organizations. Our goal was to figure out what their current security situation looked like, identify vulnerabilities that could be exploited, and develop strategies to close these gaps.
My favorite project in Security Science involved simulating a phishing campaign for a company that wanted to understand how its employees interacted with suspicious e-mails. We developed phishing emails in various formats, sending them into the organization and analyzing how employees reacted. I was responsible for setting up the system that we used for the project, which involved a lot of problem-solving and discussion with colleagues – it was really exciting to see the system in action. In the end our team was able to present the client with some unexpected results about the nature of the risk, and how to mitigate it.
When I wasn’t traveling or doing client work, I spent time on other projects. During my Incident Response rotation, I created a reference for finding important information from antivirus solutions, such as log location and retention policies, and where the antivirus puts malware in quarantine. The reference included information for many different operating systems and software versions.
Throughout the Program I loved how I could be working with three different people with specialized skill sets to solve an issue, and learning from all of them. I could ask my mentor who sat next to me, or catch up with people at lunch. My advice to future Cyber Associates: don’t worry about a lack of practical experience in the field – people are very willing to teach you, and we are constantly learning from each other.