Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/1/2019
10:00 AM
Kathryn Kun
Kathryn Kun
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Building the Future Through Security Internships

Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.

The search for stellar cybersecurity job candidates is always an adventure — but much less so since we opened the doors at Akamai University, our 12-week summer student internship program.

We're looking for candidates who can demonstrate several different skills, proficiencies, and talents both on and off their resume. In addition, we look for traits that lead to long term success in the department and industry in general. For example, one important trait is a sense of urgency: people who know when to take action when action is the most important thing to take. This skill counteracts the "impostor syndrome" that plagues our industry. By that I mean the situation that arises when you need someone to do something, and that someone is the only choice, and thus becomes the best choice.

The next trait we seek in a candidate is demonstrated ability and understanding of responsibility and independence. In the security industry, job duties often require sending relatively junior staff in to fix problems involving people many years their senior. We need staff who can take responsibility and act on their own under those circumstances.

Individuals who make it through screening get offers to join the program as an intern to a specific infosec manager. They work with their manager to select an appropriate project, which can range from creating a new process for security review, to analyzing key management processes using formal methods, or studying how to destroy data on solid state drives or writing security policy.

Sometimes, interns will build tools or new functionality that is used by the security team, or a proof of concept for a larger project. Interns work with their manager before they start their internship to pick a project with the goal of putting them in the spotlight so that by the end of the 12 weeks, they have a glowing list of achievement on their resume.

Intro into the Real World of Security
Outside of specific project work, managers will also make a list of activities that interns need to be exposed to, such as sitting in on an incident or product launch review, a severe vulnerabilities discussion, a compliance assessment, and/or a customer audit. Each activity starts with a discussion with the intern that offers context for what they're about to experience or witness. It's followed by a post-project question-and-answer period which provides insight into the operations of the department and frequently spawns deeper work or side projects, as well as broadening an intern's understanding of the professional world.

Students will leave the program with an understanding of the security industry and with a solid set of relationships. While the intern is doing professional work, it's important to us that we show her the breadth of the security industry, including parts they may not have been aware of. The goal is to have a fleshed-out, planned project work, but also give the interns broad exposure to the operations and interests of the security department.

This secondary goal around relationship building exposes senior staff to the interns, so management can get to know them, their work, and how they approach their work. Working next to someone every day, watching how they integrate with the team and the company gives us a very clear view of how someone would work out as full-time staff. Consequently, the intern program is our best pipeline for new talent. Likewise, this process allows the intern to get a better view of Akamai, and what it's like to take on a career here.

Solving the Cyber Talent Shortage
Successful interns who graduate from Akamai University leave the program with a job offer, and those who haven't finished school yet leave with an offer to return the following summer, or get a job offer when they graduate. In a similar vein, my Architect Studio team, which develops security researchers (and others) into security architects, came out of a concept to support one of my first interns and turn him into full-time staff. That student became a security architect at Akamai. More recently, we've hired interns into researcher, data science, and compliance positions.

The summer isn't all grinding work. We also make sure to include interns in fun activities of their team and the wider department: weekly game nights and team lunches, usually some fun local activity like a boat trip in Fort Lauderdale or an escape room in Cambridge.

Most interns enjoy their work and time with Akamai and appreciate the knowledge they gain from their projects and the security industry in general. For those who don't end up coming to Akamai full time, an internship here can be a solid launching point into a professional or academic career.

This summer, we're looking forward to hosting interns working on projects including improving DNS, botnet tracking, writing policy on vulnerability management, or defining risk. We typically start hiring for the following year in September and October; interested candidates can apply through job postings on the Akamai.com careers page.

Related Content:

Kathryn T. Kun directs the Adversarial Resilience group at Akamai, where one of the main aspects of her work is aligning with human realities in order to get to better security practices. Kathryn draws upon her industrial background in chemical engineering and automated ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lydialaseur
50%
50%
lydialaseur,
User Rank: Apprentice
7/25/2019 | 1:39:21 PM
Great intern experience
As a former intern and current employee at Akamai, I have nothing but praise for the intern program.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/1/2019 | 10:59:23 AM
Is this a sales pitch or a valid article about CyberSecurity Training
I do think this is a good subject to discuss but it sounds more like a sales pitch as opposed to how we can gain leverage in the Cyber-security arena.

Shouldn't there be other companies listed who provide similar training?

Todd
Commentary
Ransomware Is Not the Problem
Adam Shostack, Consultant, Entrepreneur, Technologist, Game Designer,  6/9/2021
Edge-DRsplash-11-edge-ask-the-experts
How Can I Test the Security of My Home-Office Employees' Routers?
John Bock, Senior Research Scientist,  6/7/2021
News
New Ransomware Group Claiming Connection to REvil Gang Surfaces
Jai Vijayan, Contributing Writer,  6/10/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: Zero Trust doesn't have to break your budget!
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-36388
PUBLISHED: 2021-06-17
In CiviCRM before 5.21.3 and 5.22.x through 5.24.x before 5.24.3, users may be able to upload and execute a crafted PHAR archive.
CVE-2020-36389
PUBLISHED: 2021-06-17
In CiviCRM before 5.28.1 and CiviCRM ESR before 5.27.5 ESR, the CKEditor configuration form allows CSRF.
CVE-2021-32575
PUBLISHED: 2021-06-17
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
CVE-2021-33557
PUBLISHED: 2021-06-17
An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field.
CVE-2021-23396
PUBLISHED: 2021-06-17
All versions of package lutils are vulnerable to Prototype Pollution via the main (merge) function.