Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/1/2019
10:00 AM
Kathryn Kun
Kathryn Kun
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Building the Future Through Security Internships

Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.

The search for stellar cybersecurity job candidates is always an adventure — but much less so since we opened the doors at Akamai University, our 12-week summer student internship program.

We're looking for candidates who can demonstrate several different skills, proficiencies, and talents both on and off their resume. In addition, we look for traits that lead to long term success in the department and industry in general. For example, one important trait is a sense of urgency: people who know when to take action when action is the most important thing to take. This skill counteracts the "impostor syndrome" that plagues our industry. By that I mean the situation that arises when you need someone to do something, and that someone is the only choice, and thus becomes the best choice.

The next trait we seek in a candidate is demonstrated ability and understanding of responsibility and independence. In the security industry, job duties often require sending relatively junior staff in to fix problems involving people many years their senior. We need staff who can take responsibility and act on their own under those circumstances.

Individuals who make it through screening get offers to join the program as an intern to a specific infosec manager. They work with their manager to select an appropriate project, which can range from creating a new process for security review, to analyzing key management processes using formal methods, or studying how to destroy data on solid state drives or writing security policy.

Sometimes, interns will build tools or new functionality that is used by the security team, or a proof of concept for a larger project. Interns work with their manager before they start their internship to pick a project with the goal of putting them in the spotlight so that by the end of the 12 weeks, they have a glowing list of achievement on their resume.

Intro into the Real World of Security
Outside of specific project work, managers will also make a list of activities that interns need to be exposed to, such as sitting in on an incident or product launch review, a severe vulnerabilities discussion, a compliance assessment, and/or a customer audit. Each activity starts with a discussion with the intern that offers context for what they're about to experience or witness. It's followed by a post-project question-and-answer period which provides insight into the operations of the department and frequently spawns deeper work or side projects, as well as broadening an intern's understanding of the professional world.

Students will leave the program with an understanding of the security industry and with a solid set of relationships. While the intern is doing professional work, it's important to us that we show her the breadth of the security industry, including parts they may not have been aware of. The goal is to have a fleshed-out, planned project work, but also give the interns broad exposure to the operations and interests of the security department.

This secondary goal around relationship building exposes senior staff to the interns, so management can get to know them, their work, and how they approach their work. Working next to someone every day, watching how they integrate with the team and the company gives us a very clear view of how someone would work out as full-time staff. Consequently, the intern program is our best pipeline for new talent. Likewise, this process allows the intern to get a better view of Akamai, and what it's like to take on a career here.

Solving the Cyber Talent Shortage
Successful interns who graduate from Akamai University leave the program with a job offer, and those who haven't finished school yet leave with an offer to return the following summer, or get a job offer when they graduate. In a similar vein, my Architect Studio team, which develops security researchers (and others) into security architects, came out of a concept to support one of my first interns and turn him into full-time staff. That student became a security architect at Akamai. More recently, we've hired interns into researcher, data science, and compliance positions.

The summer isn't all grinding work. We also make sure to include interns in fun activities of their team and the wider department: weekly game nights and team lunches, usually some fun local activity like a boat trip in Fort Lauderdale or an escape room in Cambridge.

Most interns enjoy their work and time with Akamai and appreciate the knowledge they gain from their projects and the security industry in general. For those who don't end up coming to Akamai full time, an internship here can be a solid launching point into a professional or academic career.

This summer, we're looking forward to hosting interns working on projects including improving DNS, botnet tracking, writing policy on vulnerability management, or defining risk. We typically start hiring for the following year in September and October; interested candidates can apply through job postings on the Akamai.com careers page.

Related Content:

Kathryn T. Kun directs the Adversarial Resilience group at Akamai, where one of the main aspects of her work is aligning with human realities in order to get to better security practices. Kathryn draws upon her industrial background in chemical engineering and automated ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lydialaseur
50%
50%
lydialaseur,
User Rank: Apprentice
7/25/2019 | 1:39:21 PM
Great intern experience
As a former intern and current employee at Akamai, I have nothing but praise for the intern program.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/1/2019 | 10:59:23 AM
Is this a sales pitch or a valid article about CyberSecurity Training
I do think this is a good subject to discuss but it sounds more like a sales pitch as opposed to how we can gain leverage in the Cyber-security arena.

Shouldn't there be other companies listed who provide similar training?

Todd
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
Preventing PTSD and Burnout for Cybersecurity Professionals
Craig Hinkley, CEO, WhiteHat Security,  9/16/2019
NetCAT Vulnerability Is Out of the Bag
Dark Reading Staff 9/12/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16413
PUBLISHED: 2019-09-19
An issue was discovered in the Linux kernel before 5.0.4. The 9p filesystem did not protect i_size_write() properly, which causes an i_size_read() infinite loop and denial of service on SMP systems.
CVE-2019-3738
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Improper Verification of Cryptographic Signature vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two parties into computing the same predictable shared key.
CVE-2019-3739
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to Information Exposure Through Timing Discrepancy vulnerabilities during ECDSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover ECDSA keys.
CVE-2019-3740
PUBLISHED: 2019-09-18
RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to an Information Exposure Through Timing Discrepancy vulnerabilities during DSA key generation. A malicious remote attacker could potentially exploit those vulnerabilities to recover DSA keys.
CVE-2019-3756
PUBLISHED: 2019-09-18
RSA Archer, versions prior to 6.6 P3 (6.6.0.3), contain an information disclosure vulnerability. Information relating to the backend database gets disclosed to low-privileged RSA Archer users' UI under certain error conditions.