42 F
Washington D.C.
Thursday, December 12, 2024

CISA’s Internship Program Delivers Outstanding Results in Vulnerability Management

The Cybersecurity and Infrastructure Security Agency (CISA) continues to set the standard for federal government innovation with its 2024 summer internship program, particularly within its Vulnerability Management subdivision. The program achieved groundbreaking results, driven by a talented group of interns from diverse institutions and backgrounds. These accomplishments not only highlight CISA’s commitment to strengthening the nation’s cybersecurity but also demonstrate the significant impact young professionals can have when integrated into meaningful government missions.

Building a Stronger Cybersecurity Workforce

CISA’s Vulnerability Management subdivision is tasked with an essential and broad mission: proactively discovering and mitigating vulnerabilities, conducting technical and cybersecurity maturity assessments, and enhancing operational technology (OT) and software security. Recognizing the need for fresh perspectives and additional resources to address this complex mission, CISA leaned on collaborations with industry partners, Federally Funded Research and Development Centers (FFRDCs), and academic institutions.

This year, 17 interns from the Scholarship for Service (SFS) program, Pathways, and the CISA Neurodiverse Federal Workforce (NFW) Initiative joined the team. These students tackled real-world cybersecurity challenges, with projects ranging from ransomware mitigation and vulnerability disclosure to automation tools and market research.

Intern Contributions and Innovations

The interns’ work spanned the entire spectrum of vulnerability management, resulting in notable advancements. Here are some highlights of their contributions:

  • Elisabeth S., a Cadet at The Citadel, Military College of South Carolina, developed ransomware vulnerability guidance for K-12 stakeholders, enhancing awareness of critical vulnerabilities and reducing the time to mitigate vulnerabilities prior to ransomware encryption.
  • Karen E., from Old Dominion University, developed a strategy that reduced the time to process vulnerability disclosure information by 30%, with research that analyzed 7,100 vulnerabilities, and 2,546 published advisories.
  • Aston P., from Michigan Technological University, developed automations for the Risk and Vulnerability Assessment Reporting Engine reducing the need for manual reporting activities and saving a significant amount of time on assessments.
  • Fanta D., from University of Massachusetts, analyzed assessment surveys evaluate how often the customers implemented CISA’s risk reduction recommendations.
  • Gregory W., from Old Dominion University, designed a Search Center that allows employees to search the VM Information Hub and related sites, which increases efficiency across the subdivision when looking for workforce and mission-related information.
  • Sophia H., from Kansas State University, performed market research, capability, and legal analysis to enhance VM operations through the integration of open-source information and tools.
  • Laura S., from Fordham University, developed an automated tool using Python to parse scanning data, directly update vulnerability findings and optimizing assessment completion times.
  • Lucas S., from Oregon State University, developed automated scripts to monitor the data quality and completeness trends for CVEs. Through his analysis of security.txt file adoption, he identified thousands of sites and leveraged this critical technology, to uncover security.txt information used to analyze cybersecurity maturity.
  • Nia P., from Rochester Institute of Technology and Anthony Bartuch, from Marymount University teamed up and enhanced the Micro Evaluation Security Assessment (MESA) tool. This is a new tool being developed that enables assessment execution scaling. These efforts enhanced the tool’s usability and automation, improving our success criteria for regional transition.
  • Elijah G., from Old Dominion University, used Packer, Ansible, and Terraform to automate the creation of virtual machines. His development efforts reduced the time required to patch the old infrastructure and automate the creation of new, and fully secured infrastructure used to support technical assessments.
  • Hannah B., from Old Dominion University, enhanced vulnerability open-source information gathering and security researcher partnership efforts. Her analysis enabled VM to implement an operationally dynamic communication method with valuable security researchers.
  • Anamaria Alvarez C., from Polytechnic University of Puerto Rico, created training materials on various platforms for vulnerability hunting. She also developed Python scripts to search scan data files and enhance vulnerability prevalence analysis.
  • Paul B. focused on developing user experience testing to enhance VM’s Information Hub usability. He also supported VM’s annual records inventory data exercise.
  • Robert B., from the New Jersey Institute of Technology designed a tool to monitor changes in externally facing web applications for federal agencies. This tool helped the Federal Attack Surface Testing (FAST) service prioritize operational testing.
  • George B., from Louisiana State University automated the RustPacker and PythonLoader family of phishing payloads. His tools significantly simplified the assessment teams’ work, saving hours of manual effort for each assessment.
  • Makiyah D., from the Georgia Institute of Technology played a key role in the VM Assessment Modernization Team. She contributed to developing a proof of concept that aimed to modernize High Value Asset (HVA) and Risk & Vulnerability Assessments (RVA).

These examples underscore the transformative potential of early-career professionals in critical government missions. Whether enhancing operational efficiency, developing automated tools, or addressing complex policy challenges, the interns delivered exceptional results.

A Commitment to Future Cyber Leaders

CISA’s engagement with students and early-career professionals extends well beyond this program. In fiscal year 2024, over 78 interns from institutions such as the United States Military Academy, U.S. Coast Guard Academy, and Stanford University contributed to CISA’s initiatives. Recognizing the growing interest in cybersecurity policy, CISA has also forged partnerships with universities like Harvard, which will allow students to participate in internships starting in 2025.

A Model for Federal Agencies

The success of CISA’s summer internship program demonstrates the value of integrating fresh perspectives into federal cybersecurity missions. By addressing real-world problems with innovative solutions, the interns significantly advanced the agency’s objectives and highlighted the potential of programs like these to shape the next generation of cybersecurity leaders.

The original announcement from CISA can be found here.

Matt Seldon
Matt Seldon
Matt Seldon, BSc., is an Editorial Associate with HSToday. He has over 20 years of experience in writing, social media, and analytics. Matt has a degree in Computer Studies from the University of South Wales in the UK. His diverse work experience includes positions at the Department for Work and Pensions and various responsibilities for a wide variety of companies in the private sector. He has been writing and editing various blogs and online content for promotional and educational purposes in his job roles since first entering the workplace. Matt has run various social media campaigns over his career on platforms including Google, Microsoft, Facebook and LinkedIn on topics surrounding promotion and education. His educational campaigns have been on topics including charity volunteering in the public sector and personal finance goals.

Related Articles

Latest Articles