In January the Information Security Office (ISO), in conjunction with the School of Information Technology (IT), began a cooperative internship program to provide students with the educational opportunity to gain real world experience in the area of information security operations and blend that knowledge with theoretical learning.
Interns were involved in a variety of projects and assisted the ISO with developing a more cyber aware and prepared University. They assisted with creating awareness training programs, conducting research and writing reports on information security topics, information gathering and security audits, conducting awareness training with student groups, working with University personnel to conduct vulnerability assessments (including conducting approved and guided vulnerability tests), and developing an information security threat intelligence system.
The project employed four interns who worked 16 hours a week for two semesters (fall and spring) and received six credit hours of internship once they completed their requirements. On certain occasions, the interns conducted their work from the IT computer laboratory, but most of the time students worked from the Administrative Technologies offices in Julian Hall.
Student Seth Pheasant was part of the inaugural intern program in fall 2014.
“I was able to work directly with multiple areas on campus both inside and outside of AT generating referential literature, training modules and the like,” said Pheasant. “However, much of my time was dedicated to information security research and the documentation of the necessary steps to implement the methods discovered from my research.
“The interesting part of this research was that it was not just ‘empty research.’ By this I mean that the topics I was researching were currently being deployed into our environment; allowing me to see my work and research being of use and the methods I discovered being implemented. As an intern this is a very rewarding feeling.”
The overall goal of this project is to enhance the educational mission of the University by providing students with an out-of-class learning experience to improve their information security knowledge, as well as develop skills and credentials to enhance career, professional, and graduate school success in a controlled and structured environment.
“We want to maximize the resources we have between the faculty and staff. It’s a win-win,” said Kevin Crouse, the co-project coordinator/founder of the ISO internship program.
In addition to the normal work conducted by the students, these individuals will have the opportunity to participate in research projects conducted at the University in the area of information assurance and security. Since research opportunities could range from conducting research in relation to student learning to research on security matters that impact the University, the partnership between AT and IT will lead to wonderful opportunities to develop a model University ISO program that includes providing faculty, staff, and students research opportunities that have not been available in the past. Students will also gain robust and real-life experience in the operations of a functioning Information Security Office, as well as practical and hands-on experience in the rapidly evolving field of information security research.
Students will also gain valuable insight from their interactions with the information security officer, chief information security officer/associate vice president and chief technology officer, certified information systems security professionals, and other Administrative Technologies professional.
Pheasant was able to gain valuable outside the classroom experience with his work on the Payment Card Industry (PCI) version 3.0 security compliance standards.
“Going into this project I had only a broad understanding of the idea of PCI compliance,” said Pheasant. “Throughout the developmental and implementation stages my knowledge grew to include the low level details that are crucial to passing a PCI 3.0 audit. Throughout the project I was also included in the research, development and implementation of product solutions that would allow for the proper implementation of a PCI 3.0 compliant network.”
Moving forward, this program will maintain at least two positions for internships each year. This will allow new students to be cycled through the program and ensure that the knowledge acquired by the students is not lost through a total replacement each year.
In addition, interns who are staying at ISU over the summer will be allowed to continue in their positions during that term based on the business needs of Administrative Technologies.
