Internship Program-IU

Cybersecurity Internship Program

Summer 2023 Session: June 17–July 26, 2024
In-person (Bloomington, IN): June 17–July 2, 2024

Campus Time: Monday - Friday 9:00AM- 4:00PM

Location: Indiana University Campus – Cyber Infrastructure Building
Hourly rate: $27.50/hr (maximum 29 hours a week) pending IU approval
Program contacts: Leslee Bohland ([email protected]) & Todd Stone ([email protected])
Communication: Email and Slack

Introduction
OmniSOC is a shared cybersecurity operations center for higher education that was founded by
Northwestern University, Purdue University, Rutgers University, the University of
Nebraska-Lincoln, and Indiana University. This pioneering initiative strives to help higher
education institutions reduce the time from first awareness of a cybersecurity threat anywhere to
mitigation everywhere for members.

Program Description
The face-to-face internship program offers student interns an opportunity to gain professional
experience at a security operations center (SOC). This program will give students opportunities
to explore a variety of real-life applications of cybersecurity and gain hands-on experience of the
foundations for cybersecurity. The immersive six-week program will provide students with
mentoring and guidance by subject matter experts in three components of a security operations
center: platform engineering, security engineering, and basic SOC operations. Students will
receive formal and informal shadowing opportunities. The discussions and explorations during
the program will include issues related to cybersecurity activities within a professional SOC
environment.

The six-week long internship is for students currently enrolled in the OmniSOC founding
member campuses. The program is conducted in two sections: (a) the first three-week section,
interns will be housed at Indiana University in Bloomington, IN, and (b) the final three-week
section, interns will return to their home campus where they will work with their local security
staff to complete a final cybersecurity project. Intern’s local security office may elect to conduct
the final three weeks remotely (interns should verify with the program coordinator or security
office). After successful completion of the summer internship program, students will earn a
cybersecurity program certificate for their professional portfolio.

To provide student interns a view into a large scale SOC in the higher education space, students
will:
● Receive mentoring and guidance by subject matter experts in three areas of a SOC,
including platform engineering, security engineering, and basic SOC operations,
● Attend formal training sessions and informal shadowing sessions with OmniSOC staff in
addition to attending formal discussions on information security topics,
● Learn state-of-the-art security methods and devices, and
● Interact with other cybersecurity professionals in various sectors.

Program Objectives
At the completion of the program, students will be able to:
● Understand threats to cybersecurity and mitigation measures
● Use log analysis strategies to detect malicious activity and offer solutions to isolate and
mitigate malware
● Design and develop a final project. Partner CISOs will help identify a SOC manager to
pitch ideas for a final project. Some possible projects might be
○ Build a sandbox environment to safely run malware analysis;
○ Design a rudimentary environment to monitor daily SOC operations;
○ Test malware in a detonation chamber; etc.
● Explore careers in cybersecurity while completing their education.

Programmatic Outcomes/ Goals:

The design intention of this program is to help interns become more aware of the many areas of
interest within cybersecurity, determine where their interests are, and what areas of study they
should pursue in the future. Interns will have high levels of direct interaction with diverse groups
with diverse skill sets. Please note that this internship focuses on blue team components of
security, rather than red team components.

Prerequisites/ Expectations
One of the outcomes for this program is learning to communicate effectively with professional
audiences of various types. This requires interns to take pride in their work, and be held
accountable for their active participation. To this end, this program established the following
prerequisites and expectations for student interns:
● Ability to apply knowledge of mathematics, science, and engineering
● Understanding of professional and ethical responsibility of the cybersecurity profession
● Recognition of the need for, and an ability to engage in, cybersecurity activities
● Knowledge of contemporary cybersecurity issues

1
 ● Ability to use the techniques, skills, and modern threat-hunting tools necessary to pursue
a career in cybersecurity.

Learning Environment:
This course is delivered primarily through face to face interaction with OmniSOC instructors and
affiliates, but also has a virtual component. All student interns should ensure their availability for
all program activities for the duration of this program. In addition, interns should make sure that
their computer device includes functional video and audio (with a microphone) capabilities for
optimum participation in synchronous sessions. Lurking is forbidden because it is rude and
uncomfortable for most learners to be watched while in discussion or other learning activities.
Engaging in activities that are unprofessional, disrespectful to others, or disruptive, will not be
tolerated and will result in expulsion from the program.

Required Resources/Materials:
● Be a currently enrolled student at a founding OmniSOC university
● Bring your own device (BYOD); Program coordinator will provide specifics on
minimum requirements before the program begins.
● Complete tasks as assigned.

Internship Activities (please see the detailed schedule below for specific task dates)
1. Platform Engineering. Security information and event management (SIEM)
environment, including monitoring, tracing, and logging events for compliance or
auditing purposes with the goal of understanding how to mitigate against modern-day
security breaches.
a. Tasks: how to deploy and maintain software in an environment over time (capable
of handling large traffic): Linux overview; walkthrough different components of
the software stack
b. Components: Elastic search (backend database); collect and process data (beats
and log stash); Kibana (web front end). Learn how to get a SIEM running with
data flowing into it, as well as how to handle data.
2. Security Engineering. Network primer on the key concepts to understand a modern
network security architecture, including mapping the range of security requirements.
a. Tasks: how to look at data and identify malicious activity; introduction to
command line and parsing through logs; bootstrapping (SSH Keys)
b. Components: Capture the flag (CTF), complete exercises to reinforce Linux
knowledge/skills, packet carving, and log analysis; SIEM, visualization, and
dashboard creation; event analysis (hunting foundation)
3. Basic SOC Operations. Basic help desk resolution and service desk delivery, including
solving usage problems, fulfilling service desk requests that need IT involvement, and
determining when to escalate incidents to a higher tier.
a. Tasks: how to review data on service desk; engage in examples of help desk
practices and functionality
b. Components: Review onsite incident response (IR) planning and communications

2
 to IT team; triage incidents (tiered), monitor alarms and escalate incidents; move
to automation to contact engineering team to resolve or mitigate incidents;
document progress and conclusion
4. Participation & discussion activities (Individual). Meet project meeting expectations
as outlined in the syllabus and from meeting sessions, attend and be active during our
synchronous meetings, and participate as requested in asynchronous discussions as
assigned.
5. Final Project
a. Task: work closely with SOC professional(s) on a collaborative project to begin
building a strong foundation toward career readiness at a professional SOC.
b. Components: receive expert guidance through hands-on experience; apply new
knowledge and skills learned during the internship.
c. Mentor: your home institution representative will help to keep students on task.

Weekly Participation
Students are expected to participate in discussions and actively participate in-group projects.
- All communication that is not in-person should take place in the OmniSOC Slack
channel.
o Note: Interns are invited to this channel closer to the program date. Interns should
use email for all prior communications.
- The first day will ground conceptual understanding, and the remaining weeks will
include participating in internship activities and working on your final project.

Grading Policy
There are no grades for participation. Student interns receive feedback on the strengths and areas
for improvement during their participation and on the final project. All interns accepted into the
OmniSOC internship program are expected to commit wholly to all internship activities and the
final project. Showing up on time and participating respectfully are required.
Mutual Expectations
Everyone will contribute ideas, participate in internship activities and will take an equitable
distribution of tasks at the start of group work and through check-in periods. For the final three
weeks of the internship (the group project), interns will receive a detailed timeline for expected
work. Successful outcomes require that interns keep realistic expectations for others and
themselves. Prior to meeting sessions, interns should conduct a final check-in meeting and a “last
call” for any help needs. Each intern is responsible to inform the group of unforeseen
circumstances that will alter the timeline of expected work.

All interns will attend all group meetings and if they are unable to attend on time, interns must
determine a plan to make-up their work within a predetermined time frame. Everyone will
respect other members, their opinions, work personalities, and their time. Each intern will enter
into the OmniSOC internship program with an understanding that all projects are collaborative

3
and no one vision may be realized. As tasks are assigned, interns should advocate for themselves
what they do best in order to fulfill a team vision.

Interns are expected to respond to all correspondence within an established timeframe for both
business hours. The communication will occur through determined means of communication
(Slack, email, Google Docs, phone, etc.). While preferred communication will be through Slack,
group texts, messages, and other means should be regulated by the expectations of the whole
group.

Fostering a successful and collaborative internship is one of the hallmarks of this program, and
OmniSOC representatives will defer to the policies here to make a judgment call as to whether
dismissing an intern is justified.

Please be aware you are technically a temporary employee of Indiana University (IU), and you
are required to met the expectations as an IU employee and the following expectations in this
program:

● Be prepared by having prepared assigned materials before session meetings begin.

● Keep a record of your goals and progress
● Check email and the Internship program Slack channel for announcements.
● Enthusiastically participate in your group discussions and projects.
● You will engage in a lot of small group work, so let the instructors know in advance
about any irregularities in your participation.
● Commit to regular attendance throughout the summer program. There are no excused
absences, late arrivals, or early departures; however, if circumstances arise causing you to
miss a session, please let the program coordinator, instructor, and another intern partner
know what we can expect from you.
● Be aware of any tendencies to multitask during our sessions. Instructors ask a lot of
questions and interns who multitask usually experience embarrassment.

2024 Summer Schedule (subject to change)

Week Topic/Tasks

Wk1 | 6/17 ● Program Orientation (HR Processing, icebreaker)

● IU Data Center tour
● Here to Career with the Executive Director
● Intro to Elastic
● Platform Engineering and Infrastructure
○ What is a SIEM?
○ Intro to Linux and SSH (lab)
○ Build Elastic Search cluster
○ Rule execution
○ Kibana overview
○ Logstash Lab
● (Off for Juneteenth)

4
 Note: Juneteenth is June 19 and is a campus holiday. Interns will not report to work
this day. Recommended readings/activities will be provided.

Wk2 | 6/24 ● Elevance Health Field Trip to Indianapolis (SOC Tour)

● Security Engineering
○ Introduction to TCP/IP Networking
○ Network Data Collection and Analysis
○ Wireshark Overview
○ SOC Operations/Functions/Capabilities Overview
○ Monitoring and Defense
○ MITRE ATT&CK Framework
○ SIEM Overview
○ Backdoors and Breaches TTX activity
○ The KGB, the Computer and Me

Wk3 | 7/1 ● In-depth Elastic Training, provided by Elastic staff

○ Zeek overview
○ Data sources and types
○ Linux Threat Hunting
○ Kibana for operators
● Elastic Capture the Flag exercises
● Shadow Hunt with OmniSOC staff
● In person program conclusion, group photos, expectations for final project
(final three weeks)

Note: The in-person portion of the internship will conclude by mid-afternoon of

July 2nd. Interns should not plan to depart IU Bloomington before 3:00 PM.

Wk4 | July 8 ● Virtually work from home campus in small groups on final research project.
● Mentor will be available from the intern's home institution.

Wk5 | July 15 ● Virtually work from home campus in small groups on final research project.
● Mentor will be available from the intern's home institution.

Wk6 | July 22 ● Virtually work from home campus in small groups on final research project.
● Mentor will be available from the intern's home institution.
● July 26—Final presentation (via Zoom) with each group of interns.
OmniSOC staff and university mentors and CISOs present for feedback.