Your first day at a new internship can seem intimidating. For most of us, it’s our first look into the professional world. Although you learn important concepts in school, the experience you gain in a professional setting is much more valuable; especially in the cybersecurity industry. 60 days into my cybersecurity internship at ProCircular, the team has taught me much more than I’ve learned on my own. Before my time on ProCircular’s red team, I was only able to learn about cybersecurity concepts through internet resources, such as TryHackMe, and different books I found online. The opportunity to be an intern has enabled me to grow my skills and knowledge through hands-on experience with real companies around the country. Practicing vulnerability assessments and social engineering in an environment where it is legal is, by far, a great improvement compared to assessing my own home network. It’s exciting to see the different services that real companies have and the different ways those real companies try to secure them. It’s a much more engaging and volatile environment than what you get in online learning.
The most exciting aspect of the internship is all the different vulnerabilities and exploits I’ve learned about. One of the interesting yet obvious exploits that I never really considered is how the Windows operating system stores your password. Windows stores your password in memory and eventually on the local hard disk drive if there are multiple users on a machine. While these passwords stored in memory are encrypted, there are attacks that allow you to dump the memory and extract the passwords along with the secret key used to decrypt them. Of course, like most exploits, there are protections against this kind of attack, but it’s interesting to learn about these weak spots that the general public doesn’t see!
The most challenging thing about having an internship at a cybersecurity company is learning all these different vulnerabilities and operating system nuances. ProCircular provides us with premium tools and resources that are common in the cybersecurity world, but the important part is knowing how the tool works. It’s important to know that a tool such as Bloodhound works on port 389 and that Responder exploits LLMNR when Windows can’t resolve a hostname using DNS. While you can be successful in the cybersecurity field by simply knowing what these tools do, the most effective security engineers know exactly how these tools work. Watching the red team at ProCircular has taught to me think about nuances, as they could contribute to the success of a pen test.
If you’re thinking about an internship in cybersecurity, I encourage you to apply to one (or more!). They provide tons of insight into what it is like working in a professional cybersecurity position. While my internship seemed daunting at first, I quickly started to enjoy clocking in to start working on the next thing. You’ll meet lots of great, talented people who will motivate you to grow, and before you know it, you’ll find yourself deep into the exciting world of cybersecurity.