Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Careers & People

7/1/2019
10:00 AM
Kathryn Kun
Kathryn Kun
Commentary
Connect Directly
Twitter
RSS
E-Mail vvv
50%
50%

Building the Future Through Security Internships

Akamai University, a 12-week internship program, was built from the ground up with the goal of promoting the student not the company.

The search for stellar cybersecurity job candidates is always an adventure — but much less so since we opened the doors at Akamai University, our 12-week summer student internship program.

We're looking for candidates who can demonstrate several different skills, proficiencies, and talents both on and off their resume. In addition, we look for traits that lead to long term success in the department and industry in general. For example, one important trait is a sense of urgency: people who know when to take action when action is the most important thing to take. This skill counteracts the "impostor syndrome" that plagues our industry. By that I mean the situation that arises when you need someone to do something, and that someone is the only choice, and thus becomes the best choice.

The next trait we seek in a candidate is demonstrated ability and understanding of responsibility and independence. In the security industry, job duties often require sending relatively junior staff in to fix problems involving people many years their senior. We need staff who can take responsibility and act on their own under those circumstances.

Individuals who make it through screening get offers to join the program as an intern to a specific infosec manager. They work with their manager to select an appropriate project, which can range from creating a new process for security review, to analyzing key management processes using formal methods, or studying how to destroy data on solid state drives or writing security policy.

Sometimes, interns will build tools or new functionality that is used by the security team, or a proof of concept for a larger project. Interns work with their manager before they start their internship to pick a project with the goal of putting them in the spotlight so that by the end of the 12 weeks, they have a glowing list of achievement on their resume.

Intro into the Real World of Security
Outside of specific project work, managers will also make a list of activities that interns need to be exposed to, such as sitting in on an incident or product launch review, a severe vulnerabilities discussion, a compliance assessment, and/or a customer audit. Each activity starts with a discussion with the intern that offers context for what they're about to experience or witness. It's followed by a post-project question-and-answer period which provides insight into the operations of the department and frequently spawns deeper work or side projects, as well as broadening an intern's understanding of the professional world.

Students will leave the program with an understanding of the security industry and with a solid set of relationships. While the intern is doing professional work, it's important to us that we show her the breadth of the security industry, including parts they may not have been aware of. The goal is to have a fleshed-out, planned project work, but also give the interns broad exposure to the operations and interests of the security department.

This secondary goal around relationship building exposes senior staff to the interns, so management can get to know them, their work, and how they approach their work. Working next to someone every day, watching how they integrate with the team and the company gives us a very clear view of how someone would work out as full-time staff. Consequently, the intern program is our best pipeline for new talent. Likewise, this process allows the intern to get a better view of Akamai, and what it's like to take on a career here.

Solving the Cyber Talent Shortage
Successful interns who graduate from Akamai University leave the program with a job offer, and those who haven't finished school yet leave with an offer to return the following summer, or get a job offer when they graduate. In a similar vein, my Architect Studio team, which develops security researchers (and others) into security architects, came out of a concept to support one of my first interns and turn him into full-time staff. That student became a security architect at Akamai. More recently, we've hired interns into researcher, data science, and compliance positions.

The summer isn't all grinding work. We also make sure to include interns in fun activities of their team and the wider department: weekly game nights and team lunches, usually some fun local activity like a boat trip in Fort Lauderdale or an escape room in Cambridge.

Most interns enjoy their work and time with Akamai and appreciate the knowledge they gain from their projects and the security industry in general. For those who don't end up coming to Akamai full time, an internship here can be a solid launching point into a professional or academic career.

This summer, we're looking forward to hosting interns working on projects including improving DNS, botnet tracking, writing policy on vulnerability management, or defining risk. We typically start hiring for the following year in September and October; interested candidates can apply through job postings on the Akamai.com careers page.

Related Content:

Kathryn T. Kun directs the Adversarial Resilience group at Akamai, where one of the main aspects of her work is aligning with human realities in order to get to better security practices. Kathryn draws upon her industrial background in chemical engineering and automated ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
lydialaseur
50%
50%
lydialaseur,
User Rank: Apprentice
7/25/2019 | 1:39:21 PM
Great intern experience
As a former intern and current employee at Akamai, I have nothing but praise for the intern program.
tdsan
100%
0%
tdsan,
User Rank: Ninja
7/1/2019 | 10:59:23 AM
Is this a sales pitch or a valid article about CyberSecurity Training
I do think this is a good subject to discuss but it sounds more like a sales pitch as opposed to how we can gain leverage in the Cyber-security arena.

Shouldn't there be other companies listed who provide similar training?

Todd
US Turning Up the Heat on North Korea's Cyber Threat Operations
Jai Vijayan, Contributing Writer,  9/16/2019
MITRE Releases 2019 List of Top 25 Software Weaknesses
Kelly Sheridan, Staff Editor, Dark Reading,  9/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "He's too shy to invite me out face to face!"
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15138
PUBLISHED: 2019-09-20
The html-pdf package 2.2.0 for Node.js has an arbitrary file read vulnerability via an HTML file that uses XMLHttpRequest to access a file:/// URL.
CVE-2019-6145
PUBLISHED: 2019-09-20
Forcepoint VPN Client for Windows versions lower than 6.6.1 have an unquoted search path vulnerability. This enables local privilege escalation to SYSTEM user. By default, only local administrators can write executables to the vulnerable directories. Forcepoint thanks Peleg Hadar of SafeBreach Labs ...
CVE-2019-6649
PUBLISHED: 2019-09-20
F5 BIG-IP 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 and Enterprise Manager 3.1.1 may expose sensitive information and allow the system configuration to be modified when using non-default ConfigSync settings.
CVE-2019-6650
PUBLISHED: 2019-09-20
F5 BIG-IP ASM 15.0.0, 14.1.0-14.1.0.6, 14.0.0-14.0.0.5, 13.0.0-13.1.1.5, 12.1.0-12.1.4.1, 11.6.0-11.6.4, and 11.5.1-11.5.9 may expose sensitive information and allow the system configuration to be modified when using non-default settings.
CVE-2014-10396
PUBLISHED: 2019-09-20
The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php.