Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/1/2019
10:00 AM
Kathryn Kun
Kathryn Kun
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Building the Future Through Security Internships

Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.

The search for stellar cybersecurity job candidates is always an adventure — but much less so since we opened the doors at Akamai University, our 12-week summer student internship program.

We're looking for candidates who can demonstrate several different skills, proficiencies, and talents both on and off their resume. In addition, we look for traits that lead to long term success in the department and industry in general. For example, one important trait is a sense of urgency: people who know when to take action when action is the most important thing to take. This skill counteracts the "impostor syndrome" that plagues our industry. By that I mean the situation that arises when you need someone to do something, and that someone is the only choice, and thus becomes the best choice.

The next trait we seek in a candidate is demonstrated ability and understanding of responsibility and independence. In the security industry, job duties often require sending relatively junior staff in to fix problems involving people many years their senior. We need staff who can take responsibility and act on their own under those circumstances.

Individuals who make it through screening get offers to join the program as an intern to a specific infosec manager. They work with their manager to select an appropriate project, which can range from creating a new process for security review, to analyzing key management processes using formal methods, or studying how to destroy data on solid state drives or writing security policy.

Sometimes, interns will build tools or new functionality that is used by the security team, or a proof of concept for a larger project. Interns work with their manager before they start their internship to pick a project with the goal of putting them in the spotlight so that by the end of the 12 weeks, they have a glowing list of achievement on their resume.

Intro into the Real World of Security
Outside of specific project work, managers will also make a list of activities that interns need to be exposed to, such as sitting in on an incident or product launch review, a severe vulnerabilities discussion, a compliance assessment, and/or a customer audit. Each activity starts with a discussion with the intern that offers context for what they're about to experience or witness. It's followed by a post-project question-and-answer period which provides insight into the operations of the department and frequently spawns deeper work or side projects, as well as broadening an intern's understanding of the professional world.

Students will leave the program with an understanding of the security industry and with a solid set of relationships. While the intern is doing professional work, it's important to us that we show her the breadth of the security industry, including parts they may not have been aware of. The goal is to have a fleshed-out, planned project work, but also give the interns broad exposure to the operations and interests of the security department.

This secondary goal around relationship building exposes senior staff to the interns, so management can get to know them, their work, and how they approach their work. Working next to someone every day, watching how they integrate with the team and the company gives us a very clear view of how someone would work out as full-time staff. Consequently, the intern program is our best pipeline for new talent. Likewise, this process allows the intern to get a better view of Akamai, and what it's like to take on a career here.

Solving the Cyber Talent Shortage
Successful interns who graduate from Akamai University leave the program with a job offer, and those who haven't finished school yet leave with an offer to return the following summer, or get a job offer when they graduate. In a similar vein, my Architect Studio team, which develops security researchers (and others) into security architects, came out of a concept to support one of my first interns and turn him into full-time staff. That student became a security architect at Akamai. More recently, we've hired interns into researcher, data science, and compliance positions.

The summer isn't all grinding work. We also make sure to include interns in fun activities of their team and the wider department: weekly game nights and team lunches, usually some fun local activity like a boat trip in Fort Lauderdale or an escape room in Cambridge.

Most interns enjoy their work and time with Akamai and appreciate the knowledge they gain from their projects and the security industry in general. For those who don't end up coming to Akamai full time, an internship here can be a solid launching point into a professional or academic career.

This summer, we're looking forward to hosting interns working on projects including improving DNS, botnet tracking, writing policy on vulnerability management, or defining risk. We typically start hiring for the following year in September and October; interested candidates can apply through job postings on the Akamai.com careers page.

Related Content:

Kathryn T. Kun directs the Adversarial Resilience group at Akamai, where one of the main aspects of her work is aligning with human realities in order to get to better security practices. Kathryn draws upon her industrial background in chemical engineering and automated ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lydialaseur
50%
50%
lydialaseur,
User Rank: Apprentice
7/25/2019 | 1:39:21 PM
Great intern experience
As a former intern and current employee at Akamai, I have nothing but praise for the intern program.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/1/2019 | 10:59:23 AM
Is this a sales pitch or a valid article about CyberSecurity Training
I do think this is a good subject to discuss but it sounds more like a sales pitch as opposed to how we can gain leverage in the Cyber-security arena.

Shouldn't there be other companies listed who provide similar training?

Todd
For Cybersecurity to Be Proactive, Terrains Must Be Mapped
Craig Harber, Chief Technology Officer at Fidelis Cybersecurity,  10/8/2019
A Realistic Threat Model for the Masses
Lysa Myers, Security Researcher, ESET,  10/9/2019
USB Drive Security Still Lags
Dark Reading Staff 10/9/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
2019 Online Malware and Threats
2019 Online Malware and Threats
As cyberattacks become more frequent and more sophisticated, enterprise security teams are under unprecedented pressure to respond. Is your organization ready?
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-17545
PUBLISHED: 2019-10-14
GDAL through 3.0.1 has a poolDestroy double free in OGRExpatRealloc in ogr/ogr_expat.cpp when the 10MB threshold is exceeded.
CVE-2019-17546
PUBLISHED: 2019-10-14
tif_getimage.c in LibTIFF through 4.0.10, as used in GDAL through 3.0.1 and other products, has an integer overflow that potentially causes a heap-based buffer overflow via a crafted RGBA image, related to a "Negative-size-param" condition.
CVE-2019-17547
PUBLISHED: 2019-10-14
In ImageMagick before 7.0.8-62, TraceBezier in MagickCore/draw.c has a use-after-free.
CVE-2019-17501
PUBLISHED: 2019-10-14
Centreon 19.04 allows attackers to execute arbitrary OS commands via the Command Line field of main.php?p=60807&type=4 (aka the Configuration > Commands > Discovery screen).
CVE-2019-17539
PUBLISHED: 2019-10-14
In FFmpeg before 4.2, avcodec_open2 in libavcodec/utils.c allows a NULL pointer dereference and possibly unspecified other impact when there is no valid close function pointer.