ISO Graduates First Staff Security Intern

November 11, 2019

The Information Security Office is proud to graduate Ryan Tran, our first Staff Information Security Intern!

We wanted to mark the occasion by talking with him about what he learned while at ISO. 

Oski thumbs up

Casey: Ryan, I can't believe it's been six months since you started with us! I feel like it was yesterday that we met to onboard you. Can you tell us a little bit about the work you do in your "normal" job at Berkeley?

Ryan: Sure. My main role as a helpdesk analysis at Boalt Law is to assist end-users in resolving any hardware and software issues. Also, during any downtime, I support both the end-users and the department heads in researching ways to improve IT infrastructure and business processes. 

CH: It sounds like you have some influence on where the department is heading. I suspect that was something you considered when you applied for this position? When you applied, what types of skills were you looking to develop in this program?

RT: One of the most critical skills I was looking to develop was how to understand and decipher the cryptic format of logs. Along with how to configure network devices for best practice using CIS benchmarks.

As a quick aside, the Center for Internet Security (CIS) is a community of organizations and individuals creating best practices for the secure configuration of a target system. You can learn more about Berkeley's involvement on our CIS page

CH: It’s great that you had some items in mind. We leave the structure of the program open enough to encompass people’s interests when they get here. What skills did you develop in your time with ISO? 

RT: The security internship program has dramatically improved my detective-like troubleshooting skills by expanding my experience using the 3-Step Security Event Triage Process. This additional knowledge helps me ask the right questions and gather the available data to narrow down the root cause and/or preemptively respond to the incident. 

CH: Troubleshooting is a considerable skill in information security! Let's face it, a cybersecurity course of study is almost guaranteed to be out-of-date by the time you complete it. It’s best to develop a skill set of "how to learn". This isn't an area where you can stop learning or keeping up with new information. That being said, do you think the information you gained will help you in your regular role?

RT: Absolutely, one of the most recent examples is a unit at the Law school is gearing up for a new study, and they have concerns about properly securing the data. Through this internship, I have learned the backend processes of how information security operates along with techniques and tools to help end-users secure their devices. This is one of the most important skills I developed while working here - especially for my next project at the Law School. I will be helping our team create a policy, guidelines, and manage the research group on how to secure and access sensitive data.  

CH: It's so fulfilling to learn something new that you can put into action, isn't it?

RT: Definitely. 

CH: What's the coolest thing you learned or did while you were here?

RT: Of all the projects I'm involved in, the one that stands out for me is the ArcSight log analysis. I was able to see how threat detection functions, how to analyze the cryptic format of the Syslog, and how the backend of the intrusion detection system operates. Also, assisting the workgroup on updating the minimum security standards for network devices (MSSND) policy and guidelines.

CH: Your participation and input into the policy work was a huge benefit to our unit as well; we learned a ton from your contributions. Would you recommend others to apply for this internship?

RT: I would recommend everyone in IT, particularly helpdesk, service desk, and programmers to apply. Especially since security is integrated into every IT field. 

CH: Indeed and with the new IS-3 policy rollout everyone will have a role in cybersecurity. Ryan, thank you so much for being our first intern, you've been instrumental in helping the team and we are sad to see your time with ISO end. Still, we couldn't be happier with the work you have done and the contributions you have made here. Good luck with the project you described and thank you for your insights in helping us design a better program moving forward.

RT: Of course.